If you have clients interested in investing in cryptocurrency or engaging in the digital asset space in general, one common topic of concern could be the safety and security of this type of investment. Depending on where you get your information from, it can seem a little like crypto is the Wild West, but that’s not really the case. You’ll find bad actors everywhere these days, and crypto’s skyrocketing popularity has made it an increasingly lucrative target for cryptoscammers. However, investors’ crypto tokens are usually protected by secure wallets or institutional custodians.
Cybersecurity topics we will cover in this article:
- Up-Level Passwords
- Password Management
- Two Factor Authentication
Of course, human error happens – and that’s what scammers are watching for. They exploit things like investor enthusiasm or carelessness. So, with that in mind, let’s talk through some of the most common scams that investors could encounter with crypto – and how your clients can protect themselves.
Common Scams with Cryptocurrency
This isn’t just a problem for crypto by any means, but phishing happens when a malicious actor impersonates a credible figure or organization in order to trick an investor into granting access to their funds – or to disclose personal information that can then be used to hack their accounts. Phishing can happen by email, text, phone call, or really any other medium of communication. In crypto, they could even take the form of entirely fake cryptocurrency exchanges. What this means is that, in order for a phishing scam to work, there has to be human error involved in the form of clicking on a malicious link or providing information to an untrustworthy source.
So, what’s the best way to guard against an investor becoming a victim of a phishing scheme? Remind your clients to adopt a mindset of always proceeding with caution. It’s important to double-check any email sender’s contact information and every website URL link and to take a beat before responding to anything asking for personal information – even if the messaging makes it seem like an emergency. Using tools like two-factor authentication (2FA) or a password manager can reduce an investor’s risk of becoming a victim, too (more on that below).
In this common form of cyberattack, bad actors use social engineering to exploit an investor’s vulnerabilities in some way. An email containing ransomware, for instance, might seem incredibly friendly and familiar, yet include an attachment that can wreak havoc on a person’s computer – and on their life. Any offer that seems too good to be true, especially through email or text, probably is.
Encourage your clients to maintain basic precautions at all times, to look at every message with a critical eye, and to elevate their network security. Using antivirus and antimalware software is paramount, and it’s important to remember to update it, too. Keeping email spam filters set to a high level is helpful, as is using 2FA on all password-protected accounts, as mentioned above.
What Else Can Your Clients Do to Keep Themselves Protected from Cryptoscams?
In addition to the tips mentioned above to guard against phishing and ransomware, there are a few foundational steps any investor can take to optimize their safety and security when engaging in the digital asset space.
Anyone in the habit of using simple passwords or the same password for every account should immediately reevaluate. Every account, especially those of a financial nature, should have a unique and complex password that cannot be easily guessed based on information that could be mined from social media.
Use a Trusted Password Manager
Creating and storing optimal passwords becomes much easier with a trusted password manager. Not only will it act as a vault for passwords, many can also generate unique passwords that are exceedingly difficult for hackers to crack.
Get Truly Serious About 2FA
This one bears repeating – again – because it has become a best practice in the crypto space. It’s a built-in second layer of protection in the event an account password is somehow compromised.
Now, your clients may tell you they already use 2FA in the form of a code sent via text message. However, a more secure way to use 2FA is to download and activate an authenticator app, like Google Authenticator or Authy. These apps guard against sophisticated scams like SIM swaps, which work by targeting weaknesses in common 2FA code messages.
Utilize Hardware Security Keys
This is the strongest level of protection available, using cryptography to ensure no one can gain unauthorized access to financial, social media, or any other accounts. Google’s Titan Security Key is a popular option, as is YubiKey.
Don’t Forget to Log Out
It’s simple, but everyone needs reminded of this one every now and then. It’s especially important for people using their smartphones to access their accounts since phones can easily be lost or stolen.
Helping Your Clients Combat Cryptoscams
At Arbor Digital, safety and security are paramount for us – and we know they are priorities for you and your clients, as well. By sharing tips on how they can better protect themselves from crypto scams, you can help your clients engage in the digital asset space in a more safe and secure manner. There will always be scammers, but your clients who use the tools discussed above and who practice vigilance will be better able to enjoy the benefits of investing in crypto and other digital assets without fear of compromising their personal information.
If you would like more information on how you can better prepare your clients for investing in the future of finance please schedule a call with us.