Tinder user \u2018John\u2019 shared his Tinder experience with \u201cZhang Yu\u201d with Brave New Coin. Although scams like this are often referred to as ‘Chinese crypto scams’, the reality is they can be launched from anywhere. \u201cShe claimed to be from Qingdao China,\u201d John says, \u201cbut her number was recognized as being in Bangkok. Her WhatsApp number was supposedly Chinese, but I know that WhatsApp doesn’t work in China. She poses as the daughter of a rich vineyard owner and sends pictures of her flashy lifestyle.\u201d<\/p>\n
John says the conversation quickly turned to crypto. \u201cShe gave this website – ghvcoin.com – and persistently asks to register and start trading. She\u2019s adamant that she earns easy 10K, 20K, 40K, every day from trading GHVcoin.\u201d John says he did his homework. \u201cThe GHV website does not provide any company registration details – no team behind the project – no physical address – I\u2019m sure it\u2019s just built to receive BTC and ETH deposits.\u201d<\/p>\n
An even more sinister version of this scam involves real women targeting crypto holders on Tinder by drugging them and then attempting to drain their crypto accounts. Jameson Lopp, CTO at Casa tweeted<\/a> that a high net worth Casa client was recently targeted in this way.<\/p>\n On YouTube unfortunately, seeing is not necessarily believing, as the world\u2019s most popular video-sharing platform remains unable to stop fake ads targeting users with an interest in genuine crypto-related video content (BNC\u2019s own channel<\/a> is often targeted). What makes these scams more convincing is that they include video of trusted crypto notables like ex-Binance CEO Changpeng Zhao and Vitalik Buterin in their scam ads.<\/p>\n Typically the ads will promote some type of Bitcoin or Ethereum \u2018giveaway\u2019 with users being asked to send in their BTC and ETH and receive double that back as some type of exchange \u2018goodwill\u2019 airdrop. Regrettably, because they appear on a trusted platform like YouTube, people do fall for these scams. In one recent example, Blockchair<\/a> found that the Bitcoin wallet address shown in a \u201c5000 BTC Giveaway\u201d scam made US$5000 in a matter of days.<\/p>\n Another similar scam featuring Bitmex recently pulled in $20,000 in BTC in three weeks. Google asks that users report any scam YouTube ads using this form<\/a>.<\/p>\n Also on YouTube in the comments section of legitimate crypto videos are the ever-present helpful traders who share their success stories and links to the trading gurus who showed them how to do it. They use an easily spotted technique of one initial poster – and then 5 – 10 replies, from others, usually thanking them for their kindness or sharing their own story of millions earned with Guru Bill\u2019s help. The posts are made by bots and all the \u2018people\u2019 are fake. Indeed, if Guru Bill does exist he will definitely make more money from you than you will from him.<\/p>\n SIM swapping, also known as SIM jacking, refers to hackers activating your mobile phone number on a device they own to gain access to your email accounts to then access your cryptocurrency exchange accounts and online wallets. Unfortunately for crypto investors, it is still way too easy for hackers to bypass mobile carrier operator\u2019s security protocols to gain access to your mobile number and a SIM card they control.<\/p>\n Unfortunately, telco phone support staff are underpaid and overworked and are not well-trained against sophisticated social engineering attacks. All of the information an attacker needs to know to begin a social engineering attack can be purchased on the dark web. Haseeb Awan, CEO of efani – America’s most secure and private cellphone service, was a recent guest on\u00a0Brave New Coin’s Crypto Conversation podcast<\/a>. Listen to the podcast to hear Awan’s advice for crypto holders wanting to mitigate against SIM swap attacks.<\/p>\n Digital asset investor, Michael Terpin, reportedly<\/a> lost 1,500 BTC in January 2018 after falling victim to SIM swapping. His phone was compromised and the hacker made off with around $24 million worth of cryptocurrency at the time. Even former Twitter CEO Jack Dorsey was not safe from SIM swapping. He reportedly <\/a>fell victim to this type of hack in August 2019.<\/p>\n While it is difficult to prevent these attacks once someone gets their hands on your mobile phone number – as the point of failure lies with the mobile carrier – you can make use of other two-factor authorization methods to better protect your exchange accounts. Your long-term crypto asset holdings should always be kept in cold storage, in which they are safe from SIM swap attacks.<\/p>\n Yes, fake giveaways on lookalike crypto Twitter accounts remain a thing. Twitter has struggled to effectively tackle this issue but has made some progress. Twitter’s algorithms appear to be much more effective at blocking the majority of crypto scammers, however, some are still succeeding.<\/p>\n One typical tactic is that scammers will impersonate a high-profile account such as Elon Musk, using verified Twitter accounts. To do this, scammers gain control of another verified account and then change the profile to impersonate Elon Musk. They then place replies under legitimate Musk tweets and direct users to fraudulent scam websites. As the images below show, many of these attempts appear obvious, even amateurish to most Twitter users, but they are designed to fool non-native English speakers, which they often do.<\/p>\n Unauthorized web-based cryptocurrency mining, commonly referred to as cryptojacking<\/a>, boomed in late 2017 after the launch of the first web-based (and now defunct) Monero miner, CoinHive. Crypto mining malware infects a website and uses its computing power to secretly mine Monero.<\/p>\n The crypto mining malware boom may be over but cybercriminals are still utilizing low-risk, revenue-generating malware, according to Webroot\u2019s Nastiest Malware 2020 report.<\/a><\/p>\n Webroot has previously identified two nasty crypto mining malware variants as HiddenBee and Retadup. Hidden Bee uses images and video files to infiltrate computers and use their CPU power to mine cryptocurrency. Retadup was a malicious worm that infiltrated over 850,000 machines with crypto mining software.<\/p>\n While cryptojacking is relatively easy to spot on a computer (as the PC will slow down and heat up), it is not so easy to spot on mobile phones. If your phone is overheating, or your battery is emptying faster than usual, you may have been hit with crypto-mining malware.<\/p>\n Ransomware attacks are continuing to grow in frequency and ransom size. Attackers in this instance will almost always ask for payment in crypto. A high profile attack in the United States targeted hospitals – hampering their efforts to care for patients during the Covid-19 pandemic by threatening to shut down the computer systems that operate a range of medical apparatus. The destructive payload delivered by a \u2018TrickBot\u2019 infection is wide-ranging, described by US cyber security experts as \u201ca full suite of tools to conduct a myriad of illegal cyber activities.\u201d These activities include crypto mining, credential harvesting, mail exfiltration, point-of-sale data exfiltration, and the deployment of Ryuk and Conti ransomware.<\/p>\n FINCEN has released guidance<\/a> warning that ransomware victims themselves may be breaking the law if they pay the ransom. This US Cyber Security<\/a> alert has full technical details of the latest attack by Conti, TrickBot, and BazarLoader along with recommended prevention and mitigation tactics.<\/p>\n With ransomware attacks growing in scope and severity, the Biden administration is considering a range of options to stem the growing threat reports Politico<\/a>. Cloud mining is another very common crypto scam. In fact, we wrote a dedicated feature<\/a> on how to spot these scams, but really the easiest approach is to consider ALL cloud mining to be a scam until you have reputable evidence they’re not.<\/p>\n Corporate identity scams have been around for years but they are easier than ever to pull off when business is conducted via email or some other platform, and convincing looking copycat websites are easy to build. One corporate identity scam doing the rounds in the crypto space at the moment is an advertising offer purportedly coming from CoinMarketCap and advertising aggregator Coinzilla. The scam promises advertisers will receive a huge bonus campaign for booking advertising with CoinMarketCap, stating \u201cLaunch a campaign with a budget of 500-50000 USD and receive boost traffic worth the same amount to your Coinzilla account for spending!”<\/p>\n Coinzilla has advised that the promo is scam – and warns that the fake offer may not be the actual point of the scam, but instead the attack is designed to get users to take an action that may infect their computers. \u201cDo not respond to these emails and do not provide the sender with any personal or financial information. Avoid clicking on links included in the email or on attachments, as doing so may result in malware or a virus being loaded on your computer.\u201d<\/p>\n Be careful out there.<\/p>\n Further Reading<\/strong><\/p>\n How to spot a crypto pump and dump scheme<\/a><\/strong><\/p>\nYouTube Crypto Scams<\/h2>\n
![\"Fake](\"https:\/\/bravenewcoin.com\/wp-content\/uploads\/2023\/11\/Fake_ad_pic-1.jpg\")
![\"Fake](\"https:\/\/bravenewcoin.com\/wp-content\/uploads\/2023\/11\/Scam_comments.jpg\")
SIM Swapping<\/h2>\n
Fake X (Twitter) giveaways<\/h2>\n
![\"104180956](\"https:\/\/bravenewcoin.com\/wp-content\/uploads\/2023\/11\/104180956_scam5pixelated.jpg\"){kind=tracking}
![\"elon](\"https:\/\/bravenewcoin.com\/wp-content\/uploads\/2023\/11\/elon_fake_bitcoin_scam.jpg\")
Crypto Mining Malware & Ransomware<\/h2>\n
Corporate identity scams<\/h2>\n