How to Avoid a Crypto Scam

You need to take care to avoid becoming the victim of crypto cons, and a new alert has been issued about visiting popular websites.

The Washington Post has warned that slightly misspelled versions of the URL, or website address, of popular cryptocurrency exchanges are being snapped up and could be used by scammers. The aim, it seems, is to take advantage of people who want to access a genuine site, but type too quickly and make a mistake.

Misspelt URLs- Watch Out

It points to a Brazilian man who paid more than $200,000 for a handful of domains which looked like misspelt URLs of well-known crypto sites.

The article, by Jeremy B. Merrill, adds: ‘The high price paid for the web addresses, sometimes called domains, indicates someone thinks they’ll make a substantial profit. Domains ending in dot-com cost around $10 per year and scammers often rely on ones that are even cheaper.’

It quotes Stony Brook University computer science professor Nick Nikiforakis as saying: ‘There’s a very real monetisation opportunity. If someone steals your credentials, they can immediately start transferring your money out of your account.’

Merrill’s article continues: ‘And, if they do, users have no recourse, Nikiforakis said, especially because they’ve lost cryptocurrency, rather than regular money. Cryptocurrency, a form of digital money that has lately soared in price, relies on cryptography to make sure that only the owner of a “wallet” can spend the money it contains. But, once that wallet is stolen, that security works to protect the thief, meaning it’s nearly impossible to get it back — even with a court order.’

The Real McCoy

The Washington Post admits that it is unclear whether cryptocurrency owners have lost money to the typo websites. However, some of the websites hosted on URLs which appear to be typos of genuine crypto companies do mirror the look of the real McCoy.

The article observes that companies often buy up mistyped versions of their real web addresses to protect users against potential attacks.

Nikiforakis evaluated one of the typo URLs at The Washington Post’s request and said it ‘showed tell-tale signs of a “phishing tool kit” that provides a ready-made way to spoof common websites’.

The article adds: ‘Nikiforakis believes that such expensive domain names could be using spearphishing — a phishing campaign aimed at a small number of handpicked people. “You’re not going after me and you with a few hundred bucks in your accounts, but people with millions of dollars in their crypto accounts,” he said.

‘That contrasts with the typical business model for phishing attacks, which tend to use large numbers of cheap domains, to minimize the costs of detection. “If I buy a .xyz [domain] for one dollar and I can make two dollars by the time someone blocks me, I’m ahead,” he said.’