Common Cryptocurrency Scams

Common Cryptocurrency Scams

With cryptocurrency becoming a more popular asset class, it has not only received more attention from the general public but from criminals and bad actors as well. Cryptocurrencies are highly liquid and anonymous, easy to transact and are transacted on immutable ledgers. This makes cryptocurrency transactions practically irreversible once it has been confirmed. As such, it is essential to verify the legitimacy of blockchain addresses you are transacting with and only send your cryptocurrency to trusted entities . As stated in the FBI’s 2021 Internet Crime Report, “In 2021, the IC3 received 34,202 complaints involving the use of some type of cryptocurrency” with losses of over $1.6B. Given this, it has become increasingly important to remain vigilant in safeguarding your crypto assets and your personal information

We have detailed some common cryptocurrency scams below.

Investment Scams

Investment scams might more commonly be known as Ponzi or Pyramid schemes. These schemes typically require you to invest your own money with the promise of guaranteed returns. It is worth noting that any individual offering an investment with guaranteed returns is likely attempting to scam you out of your funds. Once depositing your funds you'll likely never hear from your contact again or be pushed to bring more people into the scheme who then contribute their own money. Since all the cash flow into the scheme is from new recruits (they are scams because the products or business proposed are fraudulent and do not generate any returns by themselves), the scheme will eventually fall apart and you will never get your invested funds back. According to the FTC’s What you Should Know About Cryptocurrencies and Scams, the scammer will typically impersonate an investment manager, celebrity, or love interest when they contact you. Scams like this will typically begin on a social platform, or online dating site in which the scammer will first build a rapport with you, and then execute their scam. The FBI reports that such scams received more than 4,325 complaints, with losses over $429 million in 2021. [3]

“Before you buy something with cryptocurrency, know the seller’s reputation, by doing some research before you pay.”, says the FTC. According to their data, the top platforms for scams were Instagram (32%), Facebook (26%), WhatsApp (9%), and Telegram (7%). 

In the US, if you come across one of these scams, contact the Securities and Exchange Commission, the Federal Trade Commission, or your state's securities regulator to get help. In the UK, contact the Financial Conduct Authority.

Tips for avoiding investment scams:

• Be skeptical of websites or services promising guaranteed returns. If it sounds too good to be true, it usually is.
• Be wary of sending your cryptocurrency to a third party promising returns 
• Research the organization thoroughly. Check consumer-protection websites and make telephone calls and send emails to verify authenticity.
• Don’t trust links to “investment” firms from people you don’t know even if they report ‘success’ with them.

As an example, a controversial project like Bitconnect was a Ponzi scheme that went under and showed many of the above red flags.

Messaging Platform Scams 

Paxos/itBit has no official presence on any messaging platform such as Telegram. All varieties of scams can be found on this platform that target Paxos/itBit users, including fraudulent payment bots and giveaway scams. 

These scammers will join cryptocurrency groups and pretend to be official accounts, reaching out to the channel members privately. Never engage with such personnel over messaging platforms. According to the FTC’s data, the top platforms for scams were Instagram (32%), Facebook (26%), WhatsApp (9%), and Telegram (7%). 

Social Media Giveaway Scams

Using a fake social media handle that is very similar to official accounts, scammers will post giveaways with hyperlinks to fraudulent websites. These giveaways typically promise to reward you with a particular cryptocurrency after you have sent them the cryptocurrency to ‘verify’ your address. The FTC warns investors to “Never click on a link from an unexpected text, email, or social media message” as it is highly unlikely for legitimate giveaways to require you to send cryptocurrencies to their address first before you win a prize. Regardless of the engagement or number of likes on such posts, you must always be wary and perform your own due diligence by digging deeper into these accounts. 

• Never send cryptocurrency to giveaways under the guise of address verification. 
• Be skeptical of all giveaways and offers found on social media. Do not trust screenshots in reply messages as images can be forged and altered. 
• Use your favorite search engine to do research on any entity soliciting you on social media. If the offer sounds too good to be true, it probably is. 
• Check the giveaway URL to make sure it directs you to our official paxos.com website
• Report any phishing attempts or scams.

Paxos' legitimate social media profiles are listed in this help article. Any other profiles should be considered fraudulent. 

Customer Support Scams

Scammers also create fraudulent customer support emails or phone lines to disguise themselves as official Paxos/ItBit customer support contacts. These scammers will normally request for confidential information from you under the guise of verification purposes. Be very wary of such social engineering tactics and note that Paxos will never request for your login credentials or 2-Factor Authentication (2FA) code under any circumstances. Paxos will also never reach out to customers through phone calls.

• Paxos will never request for remote access to your machine. Anyone who makes such a request is hoping to gain full access to your desktop, online accounts and your digital fingerprint
• Be aware that scammers can spoof legitimate phone numbers when conducting outbound calls. 
• Only contact Paxos via our support center on https://help.paxos.com/hc/en-us/requests/new

Extortion Scams

With all our information stored online, data breaches are becoming more common which allows attackers access to some of our confidential information. Attackers can and will utilize this information to extort more relevant and personal information from you. For example, they might show you an old password you had to threaten you into releasing more information.

If you are victim of an extortion scam, please immediately take these actions:

• Report the email as spam to your email provider.
• Run a scan using a trusted antivirus software to ensure you have no malware within your device that is extracting your personal information
• If you recognize any passwords revealed by the attacker, change it immediately on all your accounts
• Contact your local authorities, file a police report, and report the crime to the FBI.

While these messages can be threatening, they are almost always fraudulent. For steps you can take to improve your account security, please see this help page. 

Load-up Scams 

Load-up scams are a form of payment fraud conducted by scammers who promise profits for victims who can provide an account with high trading limits. They will use stolen funds to deposit into your account but subsequently drain all the funds from your cryptocurrency account. 

Report any “loaders” to Paxos at https://help.paxos.com/hc/en-us/requests/new and also to the platform where the fraud was being advertised.

Job Employment Scams

Any employment opportunity that requires payment for you to begin training or to receive training materials is likely a scam. Scammers will post fraudulent job postings to first gain leads for them to pursue their scam. Eventually, these "job offers" often include official looking offer letters which might even be a form of phishing to obtain confidential information from you.

If you ever suspect fraudulent or suspicious activity, the FTC’s guide on Spotting Cryptocurrency Investment Scams encourages investors to “Search online for the company and cryptocurrency name, plus “review,” “scam,” or “complaint.””

• All legitimate job postings will be posted on https://www.paxos.com/careers/. Do not trust any other URL for job listings.
• All legitimate communications with Paxos recruiters will come from @paxos.com email addresses.
• Please report any impersonations or fake job recruitment scams to https://help.paxos.com/hc/en-us/requests/new.
  
  

Phishing

Phishing is a fraudulent practice that can happen through different means, including emails, SMS texts, social media posts, and fraudulent URLs. These attackers will brand themselves and pretend to be Paxos/itBit in order to obtain sensitive information, such as passwords and 2FA codes. 

One of the best ways to avoid phishing sites is to always make sure you're accessing https://www.paxos.com/ directly. Detailed information on phishing can be found in this help article. 

Links referenced above: 

[1] https://consumer.ftc.gov/articles/what-know-about-cryptocurrency-and-scams#scams

[2] https://consumer.ftc.gov/consumer-alerts/2021/05/spotting-cryptocurrency-investment-scams

[3] https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf

[4] https://www.fbi.gov/contact-us

[5]https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2022/06/reports-show-scammers-cashing-crypto-craze#crypto6