PUSAT BANTUAN
Commonly Observed Crypto Scams and Security Reminders
Papar pada 2021-08-24
Once cryptocurrencies are withdrawn to the specific address of a recipient, the assets are transferred to the address and owned by the address holder. It is recommended to familiarize yourself with some of the most commonly observed crypto scams to help protect yourself and your investments.
I. Identity Scams
1. Scammers impersonate the officials of the platform or public security agents to defraud users.
Scam: You are contacted by by someone claiming to be a security or support center staff of a trading platform and are requested to cooperate with a security investigation, freezing your account on the grounds that they detected a money laundering risk from on your account (such as suspected of money or crypto laundering transactions). By taking advantage of your panic, scammers lure you into clicking fake URL links in an attempt to steal your log in details or make a deposit or transfer to a fraudulent account.
Methods:
1. Scammers will add you on social platforms such as Twitter and Telegram and request your E-mail address to send a link or QR code before enticing you into entering your account information, log in to your AscendEX or bank account, and steal your account information and assets.
2. They may ask you to download meeting software, Apps for screen sharing, or remote control of your phone. This attack provides them with access to your OTPs or Google authentication codes when verifying your identity, thus stealing your account information and assets.
3. They may lure you into depositing and withdrawing to a designated address they claim is a “Security Account”, or they may demand you transfer your assets to a specified bank card to “unfreeze” your account.
4. E-mail or SMS phishing: Scammers will attempt to convince you to withdraw your assets to a fake address by sending a clone SMS or Email that looks as if it came from a trading platform.
5. Scammers may replicate websites of crypto exchanges, setting up clone exchanges (they can look as real and professional as the legitimate website) to lure you into logging in and granting access to your passwords and assets.
[Security Reminders]
1. Under no circumstances will AscendEX, or its staff, contact you on the grounds that there is a risk of money-laundering on your account, nor will we ask for any security passwords, verification information, or request you to download a third-party screen sharing software. We will also never ask you to perform any asset transfer operations, such as: buying, selling or transferring crypto.
2. Never trust suspicious text messages, emails or customer service calls that claim to be from AscendEX. Please refer to AscendEX’s official website and App for legitimate contact information. If you have any questions, please contact Customer Support at [email protected] or ask for confirmation through the official channels. It is recommended that you set an anti-phishing code for your account.
3. Do not click on unknown links sent by any unofficial channels or log on to unsafe websites and fill in personal information. In addition, never disclose your OTPs to others.
4. Public security agents will not resort to phone calls or text messages to handle cases, nor will they transfer calls to each other.
5. Real public security agents do not create alleged “Security Accounts” to allow for the transfer or withdrawal of assets.
6. Scammers can change their numbers into legitimate landline numbers of public security agencies through number-changing software. If you have any questions, you can dial 110 directly for confirmation.
2. Impersonation Scam
Scam: Impersonate an acquaintance or a friend to “borrow” money/assets
Type: Scammers steal the social account information of their victims’ friends and acquaintances and impersonate them, asking to borrow money or crypto because of an “emergency”, an inquiry for an investment opportunity, or asking for a favor, scalping for winning a lucky draw, yet will refuse to confirm their identities using facial or voice authentication. This is an easy trick to fall for, especially if they appear to be a friend.
[Security Reminders]
For those who claim to be friends or acquaintances asking for an asset transfer or withdrawal, please be sure to verify their identities through voice and facial authentication before taking any action. Those who refuse to confirm their identities are likely scammers.
3. Social Media Phishing
Scam: Impersonate celebrities or public figures through fake giveaways
Type: Scammers set up accounts on social media and impersonate celebrities, big names, and authoritative experts in the crypto field, luring you into investing by sending fake giveaways through their social accounts or direct messages.
[Security Reminders]
1. Please view the site itself and make sure the social media website you log into is correct, not a clone social platform.
2. Please beware of the exclusive mark some social media use to identify their authenticated users. Don’t trust it if you are unsure, you should turn to official AscendEX channels for confirmation.
3. Do not fall for promises of profits, and do not click on unknown website links.
II. Investment Scams
1. Pig-butchering/Romance scam
Scam: Scammers adopt fake online identities to gain your attention and trust, and then uses the illusion of a romantic or close relationship to tempt you into crypto investing.
Type: Scammers usually build themselves a perfect image before going on a dating or social media site. They are experts at establishing a relationship and will seem genuine, caring, and believable. After gaining the trust of their victims, they will lure the victims into making crypto transactions with the promise of big profits. They often show some profits to the victims at first before seducing them into further investments. When they are unable to provide more funds, scammers will disappear, citing they failed to withdraw the crypto or suffered great loss on most of crypto investments. As a result, the victims will not only lose their assets, but may even face huge debts due to excessive investment.
[Security Reminders]
1. Please be conservative about online relationships and be sure to use identity verification methods before making an online crypto transaction.
2. Do not believe in the hype from "steady returns", "low costs and high profits"; steer away from gambling and high-yield investments, and keep in mind that money does not grow on trees.
3. Do not transfer to an unfamiliar account address.
2 . Ponzi /Pyramid Scheme
Scam: Pay existing investors with funds collected from new investors.
Type: Scammers focus all of their energy into attracting new clients to make investments with promise of large and quick profits with little to no risk. This new income is used to pay original investors their returns. Ponzi schemes rely on a constant flow of new investments to continue to provide returns to older investors. When this flow runs out, the scheme falls apart.
[Security Reminders]
1. Be aware of fake advertising and publicity and stay away from the “ultra-high-profit” investments.
2. Always do your own research of any project you intend to start investing and do not blindly follow the suit.
3. Pay attention to whether the value of a crypto asset is totally reliant on new funding, and if so, the project is most likely a Ponzi/pyramid scheme.
3. Giveaways Scam
Scam: Exchange crypto for crypto
Type: Scammers alleges they launched a new giveaway activity and their victims will be asked for some amount of a crypto deposit before they become eligible to win in the giveaway. For example, “deposit 0.1 BTC to a designated address to get a part of 0.5 BTC available rewards”. Once the victims transfer BTC, they will not receive any giveaways and be unable to recover their funds.
[Security Reminders]
1. Stay away from all giveaway activities that require pre-transfer.
2. Do not transfer to any unknown and suspicious address.
3. Legitimate giveaway activities never require participants to provide funds.
III. Trading Scam
1. Over-the-counter Trading Scam
Scam: Over-the-counter crypto trading based on a verbal agreement
Types:
1. Default on payment: The buyer defaults on payment in breach of the verbal agreement that stipulates payment should be made after receiving the crypto.
2. Default on sending crypto: the seller defaults on sending the crypto assets in breach of the verbal agreement that stipulates the crypto assets should be sent after receiving the payment.
[Security Reminders]
1. Do not perform private trading over the counter and execute secure and regulated crypto trades on the AscendEX platform;
2. Do not make any private payments and strictly abide by the transaction process used on AscendEX.
2. Illegal Exchange Scam
Scam: Scammers trick their victims to trade on illegal crypto exchanges and manipulate them into losing their assets
Types:
1. After their victims make a deposit, scammers will trade in reverse, resulting in unrealized losses for each trade of the victims. In order to avoid direct loss from liquidation, the victims might choose to HODL for a long run, but they Eventually will pull their funds because they realize the scammers’ malicious manipulations.
2. Scammers seduce their victims into engaging in high frequency trading, which continuously eats into their assets. For instance, scammers ask them to opens a short position and then a long position in several minutes after closing the short position. The victims are forced to engage in high frequency trading that costs them huge fees.
3. Scammers will make the victims lower their guard first by helping them secure a little profit and seduce them to increase the size of their trades or execute cross-margin trades until a forced liquidation occurs to them.
[Security Reminders]
1. Be sure to use a reputable and trusted exchange when buying or selling crypto.
2. Do not believe in the investment advice from any so-called "investment advisors", "financial experts", etc., and be cautious about any matters involving personal assets.
3. Once you find that you have been cheated, stop the loss and exit the investment immediately.
VI. Fake Crypto Scam
1. Arbitrage Trading
Scam: Use the price difference among crypto exchange platforms to carry out arbitrage trading, during which fake tokens are used to trade for real tokens or assets.
Types:
1. Deposit real tokens and withdraw fake ones. Scammers lure their victims in by taking advantage of social networks, claiming they could perform crypto arbitrage for their victims. After receiving the real tokens from the victims, scammers will pretend carrying out arbitrage trading before returning the fake tokens to the victims.
2. Fake crypto exchanges lure users in with crypto arbitrage services in order to garner real tokens while rejecting users’ request for withdrawals. Using social tools, scammers tempt their victims into entering fake crypto exchanges to carry out arbitrage trading with the promise of turning a high profit. Once the victims withdraw their assets to the platforms, the assets are locked in and cannot be recovered.
[Security Reminders]
1. Learn more about the crypto basics, including how to identify the addresses of major cryptocurrencies and how to distinguish fake and real tokens.
2. Keep in mind the fact that the price difference between major crypto exchanges is not huge. If you find an exchange offering absurd crypto prices, it should be considered as a fraudulent platform.
3. Be sure to use a reputable and trusted exchange when buying or selling crypto.
2. Delegated Crypto Transactions
Scam: Trade fake tokens for real ones in delegated crypto transactions
Type: Victims are tricked to delegate the process of buying crypto to scammers. Once scammers receive the payment, they deposit the fake tokens to the destination addresses of the victims, or victims are cheated to delegate the process of selling crypto to scammers. To start, scammers only sell a small amount of crypto for the victims over excuses like trading limits. After gaining the trust of the victims, scammers will start to delegate large-volume sales and pay back the victims with the fake tokens.
[Security Reminders]
1. Do not delegate your assets to other people to make transactions for you;
2. Be sure to use a reputable and trusted exchange when buying or selling crypto and do not carry out private trading outside trading platforms.
V. Software Scam
1. Blackmailing Software Scam
Scam: Extort crypto assets using malware to lock up the mobile devices or computers of users
Type: Scammers send blackmail software files to lock up their victims' mobile devices or computers, making it impossible for them to access important files or databases, and threaten them to pay ransom in crypto within a specified period of time, otherwise important documents will be deleted or released to the public, and so on.
[Security Reminders]
1. Install antivirus software and update operating systems and applications in a timely manner.
2. Do not click on suspicious ads or links.
3. Handle email attachments carefully, especially the files with suffixes of ".exe", ".vbs", and ".scr".
4. Back up files regularly so that they can be restored even if the device is infected.
5. Turn to professional organizations for advice on anti-extortion software and free system recovery tools.
3. “Clipboard Hijacker” Malware Scam
Scam: Hijack the clipboard data
Type: Scammers install “Clipboard Hijacker” on the devices of their victims to hijack the data saved in their clipboards. The malicious software can be used by scammers to make fraudulent crypto transactions. This can be achieved simply by changing crypto wallet addresses from those saved in the victims' clipboards to others owned by the scammers. In this way, scammers can use a Clipboard Hijacker to steal crypto from their victims.
[Security Reminders]
1. Always pay attention to the security of devices, be cautious against all kinds of suspicious messages or emails, and do not click on unknown links.
2. Be certain of the security of the websites you visit and any installation software for devices, do not browse unknown and unsafe websites, and do not install suspicious software.
3. Install antivirus software for devices and scan it regularly to check for potential risks.
4. Update the operating system of devices in a timely manner.