Fraudsters are always on the lookout for fresh ways to make money. They latch on to the latest trends and find ways to exploit them to their advantage.
With the current cryptocurrencies explosion, cybercriminals are predictably jumping on the bandwagon. Aside from emerging malware attacks such as cryptojacking and unauthorized cryptomining, fraudsters are also using some of the oldest tricks in the book.
Read on and I'll tell you about the latest tricky scams that cybercriminals are using to steal your Bitcoin and other cryptocurrencies.
Always check for HTTPS
One scam that's going around is the fake cryptocurrency exchange.
These sites are not legitimate exchanges but their authors are hoping that people will stumble into them via Google search, chat boards, social media shares and email promotions.
The most common way to check if a site is legitimate is by checking for the HTTPS prefix on its web address.
Sites using HTTPS use encryption to keep online users like you protected from cyberspies. HTTPS site identities are also verified by third-party certificate authorities.
Sites with legitimate certificates will show a green padlock with the words "Secure" and "https" on the address bar, also in green. This means a site's certificate has been properly verified and it can be trusted.
According to Reddit user chrysotileman, scammers are putting up scammy cryptocurrency exchange websites with names like "coinsmarkets.com."
But surprise, surprise, "coinsmarket.com" doesn't have a proper certificate nor the "Secure" and "HTTPS" prefixes. This is definitely a red flag for fraudulent sites.
Usually, scam sites like this don't last since they are called out immediately. (As of this writing, coinsmarkets.com is no longer accessible.) But you have to keep a close eye on similar sites that promote themselves as "new cryptocurrency exchanges."
Here's how a properly secured HTTPS site should look:
Here's one trickier scam that's floating around. Cybercriminals are now creating cryptocurrency websites intended to look like the real deal, complete with a certificate and the "https" prefix. It's a practice similar to typosquatting.
What scammers are doing is securing URLs that are similar to the real ones. In Reddit user evantbyrne's example, instead of binance.com, scammers created a site with a URL of biṇaṇce.com, adding subtle character changes to the original.
Notice the small dots on the small n's. In a web browser, these slight differences are not readily apparent.
Since the fake URL looks so similar to the original, unsuspecting victims might mistake it for the real deal and log in with their credentials.
If you fall for it, then it's game over. Cybercrooks can now take control of your account and steal your cryptocurrency stash.
How to prevent getting scammed
The good news is these scams are avoidable. Essentially typosquatting is a sneaky version of a phishing scam. The criminal waits for someone to land on the fake site to steal their login credentials.
That makes it extremely critical to double check a website's certificate and HTTPS status. Always look for the green padlock with the words "Secure" and "https" on the address bar, especially on sites that require you to log in.
Next, as described in this article, always double check the URL on a link before entering sensitive information. If you're positive that a site is legitimate, look at the URL in the address bar and make sure it's spelled correctly. For added safety, manually type an address then bookmark it.
In other news, this new clever website shows you what sites track about you when you visit
Do you know anyone who even reads privacy policies? Most of us don't really bother reading them since they’re hard to understand. This website is about to change that and it will reveal everything a site tracks about you.