The Kraken security playbook: how to avoid holiday crypto scams


Financial fraud has been a part of transactional business since the dawn of transactional business. If you were unfortunate enough to have been on the other side of an insurance deal with Hegestratos, he would have had you insure the corn cargo on his ship – then removed the corn, sold the corn, sank the ship, and collected his payout. The year was 300 B.C.

Hegestratos then drowned after he was caught in the act and pursued by angry victims. This represented a limitation of the times: Hegestratos had to conduct his fraud in person. In the digital age, fraud is far more anonymous: a confident voice on the phone claiming to be from your bank, a forcefully worded email demanding urgent action or your account will be closed.

Skilled con artists act with no remorse for the pain and suffering inflicted on their victims and their families. They are experts at instilling gut-level fear and a false sense of urgency; the need to act now before you take time to think things over and reach out to your financial institution to verify anything.

Everyone has an important role to play in preventing these frauds from happening. The good news is that the most powerful weapon against getting scammed is universally available, free and easy: do nothing. Ignore any high-pressure, unusual request. Hang up the phone, do not reply to the text or email.

Then contact the financial institution the scammer claimed to represent (making sure to use the customer service number provided on the company’s official website). Their customer service representatives will provide your accurate account status, and very likely confirm that all is well and no action is required of you.

By Nick Percoco, Kraken Chief Security Officer

Crypto scams are just a recent addition to the kinds of financial scams that have existed for millennia. If an asset has value, scammers will try to get you to transfer that value to them by lying to you.

Social engineering plays a significant role. Social engineering involves a scammer gaining the confidence of their victim – often over a lengthy period of time spanning dozens of back–and-forth communications – eventually persuading the victim to willingly send assets to the scammer.

This particular approach, the gaining of trust of time, is called pig butchering. The scammer, often through flattery and apparent intense interest in the victim’s hobbies and activities, “fattens” the victim over time. Only once the scammer feels they are in a position to extract a large sum of money does the “butchering” part come into play. Days, weeks, months, even years: if the potential, eventual theft is large enough, scammers will spend all the time it takes to earn your trust.

Most crypto scams involve a scammer convincing their victim to share their seed phrase (effectively their password) so that the fraudster can access their crypto. Anytime anyone, under any circumstances, asks for your seed phrase, they are asking for unrestricted access to your crypto. Stop. Hang up. Do not reply to the email or text. Do nothing.

Scammers know that if you do nothing, they lose. Sowing fear is an effective tactic to trigger immediate action on the victim’s part. Scammers will pose as a frightened family member that urgently needs money to get home. Even though a simple direct text or call from the would-be victim to this family member would foil this fraud instantly, scammers are expert at keeping victims on the phone and in a state of panic. Hang up, remain calm, contact the family member independently.

Crypto fraud losses attract a disproportionate amount of attention despite accounting for a fraction of fraud losses in government-issued currency. Sending any monetary unit of value to another party is a largely similar process, regardless of the technology used to complete the transaction. 

Another common scam angle is the unsolicited “opportunity.” High-pressure cold calls from “stockbrokers” in so-called boiler rooms have been around for decades. Same deal: for no reason that makes any common sense, they are calling you, a perfect stranger, to enrich you with an extraordinary opportunity to make enormous amounts of money in a short period of time. Similar crypto scams exist.

Hang up, block the number, don’t reply. If you had a legitimate opportunity to double a sum of money in days or weeks, you would not pick up the phone and start trying to find total strangers to tell about it.

So here’s my advice to help you avoid scams: 

  1. Trust your instincts – Be inherently skeptical of any offers, deals or opportunities which sound too good to be true. It’s also a major red flag when someone is telling you that you’re “guaranteed” to be successful.    
  1. Move slowly and be deliberate Doing nothing is a powerful weapon. Most victims act out of the fear, panic or greed that can override rational decision-making. There are almost no legitimate financial situation in which immediate action is required right now. Note the institution the caller claims to represent, call the customer service number listed on their legitimate website, and ask customer service if there is a problem.
  1. Verify before trusting – Just because someone tells you they work for a company, don’t immediately assume it to be true. Most software providers will not proactively call you to help fix your technology over the phone. If someone has arrived at your house unsolicited, even if dressed in a uniform, ask for their personal identification, make note of their employee number, and follow up with the company involved using their official lines of communication. It might sound especially paranoid, but scammers can purchase uniforms and fake IDs easily to win the trust of their targets. 
  1. Understand your emotions Scammers prey on human emotions that cloud the judgment of their target. If you feel pressure from an external party to quickly carry out a transaction that is causing you excitement, worry or stress, end the transaction or correspondence. Do your due diligence as described above.
  1. Remember scammers build trust – Confidence scammers will ask personal questions, such as whether you are married and for how long, and whether you have kids. The answer will almost invariably be designed to form a bond: “Oh, that’s great, married 12 years here. Little Jessica is 12 and Pete just turned 5, isn’t that a great age?” These lies are solely designed to make you feel like you’re talking to a friend, someone just like you.
  1. Passwords, pins and logins aren’t for sharing – Whether it’s seed phrases to a digital wallet, or passwords to a bank account, your login details should always remain confidential. No legitimate company or service will ever ask you to share these details with them. The safest way to mitigate online risks is to have completely unique logins and passwords that are randomly generated by a password manager. This approach ensures your credentials are both strong and unidentifiable, while insulating other accounts if a vendor is ever involved in a data breach or hack. 
  1. Public profiles are available to scammers too – Carefully consider the personal information you showcase on public forums, including social media. Even though many of these sites are intended for different purposes, scammers do use them to identify targets and extract information that can manipulate a future victim. Use the same username across many different sites? Scammers probably know your username to the account they want to access already.
  1. Check website URLs extremely carefully – Online scammers can now create sophisticated copies of websites that appear near the top of search engines. These fake sites can appear identical to the originals, except the URL links will be slightly different. Know the site you want to visit? Forget Googling, just type the address into your browser address bar directly.
  1. Avoid the urge to reply – Replying to unsolicited emails and texts, even to indicate your intention to unsubscribe, tips off a scammer that an email address or phone number remains active. Ever receive a text from a number you don’t recognize that just says “hi”? Replying “Who’s this” is often the first step toward engaging with a scammer.
  1. Take everything you see with a grain of salt – With the rise of AI and deep fakes, it has never been harder to identify genuine information. As these technologies become more sophisticated, this will continue to be more difficult. It’s vital to not make financial decisions based on one source of information alone. Take the time to verify information with a second or third source, or even check a random selection of online reviews from other customers that have used a product or service, to ensure something is genuine.

Anytime you have any doubt about an incoming call, email or text — especially one that requests personal information or an asset transaction — remember your first, best course of action is no action at all: first, do nothing.

The holiday season is about sharing time with the people we love most. Follow our simple playbook and avoid sharing your crypto with the people who wish you the worst.

These materials are for general information purposes only and are not investment advice or a recommendation or solicitation to buy, sell, stake or hold any cryptoasset or to engage in any specific trading strategy. Kraken does not and will not work to increase or decrease the price of any particular cryptoasset it makes available. Some crypto products and markets are unregulated, and you may not be protected by government compensation and/or regulatory protection schemes. The unpredictable nature of the cryptoasset markets can lead to loss of funds. Tax may be payable on any return and/or on any increase in the value of your cryptoassets and you should seek independent advice on your taxation position. Geographic restrictions may apply.


Source link






Leave a Reply

Your email address will not be published. Required fields are marked *