An alert regarding an increase in impersonation schemes, which frequently use “the names and titles of government employees,” was released on June 12 by the Cybersecurity and Infrastructure Security Agency (CISA). According to the CISA caution, its employees will never ask for gift cards, cash, bitcoin, or money transfers. “Do not give money to anyone posing as a CISA employee if you think you are being targeted by an impersonation scammer. Instead, record the caller’s phone number, hang up right away, and verify the contact by contacting CISA.”
Scams “continue to be a major threat to the [crypto] ecosystem at large,” according to Phil Larratt, director of investigations at Chainalysis. Scams are “one of the biggest drivers of cryptocurrency-based crime, bringing in at least $4.6 billion in revenue in 2023,” according to Larratt. According to our Chainalysis 2024 Crypto Crime Report, impersonation schemes in particular had the fourth-worst impact on victims in 2023, with an average payment size of $948.In keeping with the CISA’s recommended course of action, Larratt discussed prevention in general and stated that public education is the first line of defense against widespread scams. “This is crucial because without the private keys to the third party’s funds, control over crypto assets is lost once they are transferred to them.”
Regarding phony impersonations of Federal employees, Larratt offered more details on the two most common scam techniques, which are crypto drainers and approval phishing: “The proliferation of fake crypto apps has historically allowed approval phishing scammers to target large segments of the cryptocurrency user base.” He claimed that romance fraudsters, sometimes referred to as pig butchering scammers, have started using this technique, which has resulted in significant losses. The operators of cryptocurrency drainers frequently advertise their fraudulent Web3 sites on social media accounts that have been hacked and in Discord groups, luring victims into connecting their cryptocurrency wallets to the drainer. They then use the approval phishing technique to trick the victims into accepting transaction proposals that give the drainer operator control over the funds in the wallet. In closing, the head of investigations at Chainalysis stated that in order to counteract these con techniques, it is becoming more and more “important for Web3 projects and users” to put preventative security measures like “Web3 security extensions” in place.