Simple in practice: Crypto education is key to curbing phishing scams

Published at: Nov. 11, 2020

As the global crypto economy continues to prosper, with Bitcoin (BTC) currently occupying the $15,500 region, questions regarding the overall safety and security of digital assets continue to persist, especially in the wake of a new scam whereby hackers made use of a phishing email to direct users to a fake Ledger website. According to various reports, victims were scammed to the tune of 1,150,000 XRP, worth approximately $290,000.

Dave Jevans, CEO of blockchain intelligence firm CipherTrace and chairman of Anti-Phishing Working Group, told Cointelegraph, “Ledger should clearly have a more aggressive defensive domain acquisition strategy, as look-alike domains were used by phishers in an attempt to trick Ledger users.” He explained further that an illegal money-making scheme employed the use of a homoglyph in the company’s official URL — in this case, a letter that looked like the letter “e.” He added:

“The phishing scams were likely a result of emails released from an e-commerce/marketing data breach. An unauthorized third party had access to a portion of Ledger’s e-commerce and marketing database through an API Key.”

Earlier this year in July, the Ledger team revealed that it had been on the receiving end of a data breach, as a result of which nearly a million email addresses were compromised, along with the personal details of a subset of 9,500 customers. Furthermore, back in 2018, scammers were able to devise a copy of the Binance website (complete with an SSL certificate), which remained active for some time before being taken down.

Lastly, some miscreants were able to rake in a sizable 1.4 million XRP tokens in March by making use of a scammy Google Chrome extension that replicated Ledger’s likeness. In fact, the extension was live on the Google app store for nearly a month. Speaking on the various security protocols that the company employs, a spokesperson for Ledger told Cointelegraph:

“Ledger has its own attack lab, Ledger Donjon, where the security experts try to hack and stress test our own solutions, the solutions of our partners, and our competitors’ solutions. Furthermore, Ledger regularly conducts penetration tests.”

Customers bear responsibility as well?

It goes without saying that wallet operators need to be on top of their security game when it comes to protecting the assets of their customers. However, phishing attacks are a common occurrence, not only within the crypto space, but with any online service that involves a means of payment.

Speaking on the issue, Pavol Rusnák, co-founder and chief technology officer of SatoshiLabs, the firm behind the Trezor wallet, told Cointelegraph that it’s of prime importance that crypto owners are careful and double-check every piece of information they receive in relation to their digital assets, be it from their wallet providers or the internet in general:

“If an email claims you need to do something, you can always confirm this via vendor’s support or with other users on Reddit or Twitter. As for what vendors can (and should) do is to decrease the possibility of the leak by not sharing their customers’ data with third parties and decrease the impact of such leaks by deleting their customers’ data after a certain period of time.”

A similar outlook was shared by Jevans who believes that matters related to customer security and privacy need to be viewed with a lens of “shared responsibility,” such that hardware wallet operators as well as crypto owners work in sync with one another to ensure the optimal safety of their assets from third-party threats.

Jevans encouraged users to take reasonable safeguards to protect their value and take responsibility for their actions by using practices that are steeped in individual data safety, adding: “Deploy two-factor authentication as well as never click on a ledger link unless they specifically requested their password reset. Users should always type the URL themselves when visiting the Ledger site directly.”

Crypto education remains crucial

Despite being revolutionary in design and technological potential, crypto continues to remain a foreign concept for most. However, by providing people with monetary self-sovereignty, the technology has also burdened them with a lot of personal responsibility, especially in terms of individual financial security. As a result, it stands to reason that companies in the blockchain and crypto space need to educate their users about the security implications of their actions.

Rusnák believes that the industry still has some ground to tread regarding security. He pointed out that a number of companies operating within this domain today tend to make gross oversimplifications, such as, “Your coins are safe because your wallet has a secure element,” or, “Your coins are safe because our exchange is insured.” To this, he added, “This is not helping with the matter, making people believe something which is not true, rendering them defenseless.”

Statistically speaking, around 85% to 90% of crypto owners seem to fall prey to very common crypto theft schemes, typically fake investment scams rather than phishing traps, according to data provided to Cointelegraph by CipherTrace. As a result, Jevans believes that it would be in the best interests of major hardware wallet operators to use their platforms to educate their users about what to look for when it comes to phishing attempts, particularly when these scams invoke the wallet provider’s name:

“Based on hundreds of crypto theft and fraud cases, crypto users need to become much more sophisticated regarding their personal security operations (SecOps) when they choose to custody their private keys. Many crypto crime victims do not know what to do when they discover they have experienced theft.”

Wallet operators should become industry trendsetters

While companies like Ledger and Trezor do have dedicated information related to phishing and other similar, scammy tactics on their websites, these pages are not easily accessible and are usually buried deep within troubleshooting FAQ sections. Therefore, it seems reasonable to expect that e stablished wallet providers do more in terms of providing customers with streamlined access to high-quality education that centers around security.

On the issue, Rusnák is adamant that transparency and education are the keys when it comes to maximizing the security of one’s funds. He opined that users can’t really be safe unless they actually take time to sit down and understand the nitty gritty of crypto security and personal wallet safety.

On a more technical note, he explained that the core operational design of Trezor’s various wallet options are fully open-source and that the company is completely transparent about all of its various operational agreements with its customers, to avoid all legal monetary issues encountered later down the line: “It will take some time until every company in the cryptocurrency space understands this, but it’s also our job to demand transparency and openness from service providers we use.”

Tags
Related Posts
Hardware crypto wallet sales increase as centralized exchanges scramble
Blockchain analysis firm Glassnode recently characterized the 2022 bear market as the worst on record. This seems to be the case due to events such as the war in Ukraine and rising inflation, coupled with serious problems among centralized crypto exchanges. Yet, the bear market hasn’t negatively impacted all players in the crypto ecosystem. Hardware wallet providers seem to be benefiting from the massive amount of crypto withdrawals from centralized exchanges. Pascal Gauthier, CEO of hardware wallet crypto firm Ledger, told Cointelegraph that the company’s revenue dropped about 90% during the 2018 crypto winter, but this hasn’t been the case …
Decentralization / July 6, 2022
Secure Bitcoin self-custody: Balancing safety and ease of use
Bitcoin’s supply is capped at 21 million, but a significant proportion of that total sum is likely lost forever. This situation is due to a variety of reasons such as lost private keys and discarded storage devices containing substantial amounts of Bitcoin (BTC). When Bitcoin owners are not being careless with their wallet passwords, they can sometimes be targeted by hackers looking to steal their precious crypto. Those who utilize third-party custodial solutions place their Bitcoin fortune at the mercy of the security protocols adopted by such services. Indeed, several attack vectors are constantly being utilized to try and gain …
Technology / Jan. 17, 2021
With its own public offering, wallet maker focuses on easy-to-use stock sales
JP Richardson’s favorite phrase is “easy to use.” Well, maybe not, but the Exodus CEO certainly used it enough during a live ask-me-anything session that the cryptocurrency wallet maker held on Cointelegraph’s YouTube page. While the focus of the livestream was the $75 million public offering of stock that Exodus Movement has hosted — and nearly completed — inside its own Exodus Wallet, Richardson reinforced this idea regularly throughout the broadcast. “I think what a lot of people, first of all, really love about Exodus is the ease of use and how beautiful it is,” Richardson said when asked what …
Technology / May 5, 2021
Bitcoin in the Palm of Your Hand — Crypto Hardware Wallets Review
A hardware wallet may just be the safest way to store cryptocurrency for average users. Nowadays, many different devices are trying to tackle the challenges of secure crypto asset storage. In this article, Cointelegraph will review some of the most well-known hardware wallets and compare their features. The cryptocurrency wallets that will be covered in this article are Ledger’s Nano X and Nano S, SatoshiLabs’s Trezor One and Trezor Model T, ShapeShift’s KeepKey, and Coinkite’s Coldcard and Opendime. It is also important to point out that all the wallets tested in this article, other than the Ledger Nano S (which …
Bitcoin / March 26, 2020
What happens if you lose or break your hardware crypto wallet?
Hardware cryptocurrency wallets are known for granting users full control of their crypto and providing more security, but such wallets are prone to risks such as theft, destruction or loss. Does that mean that all your Bitcoin (BTC) is lost forever if your hardware wallet is lost, burned or stolen? Not at all. There are a number of options to restore cryptocurrency for someone who has lost access to their hardware wallet. The only requirement to recover crypto assets, in that case, would be maintaining access to the private keys. A private key is a cryptographic string of letters and …
Blockchain / June 14, 2022