Luno, a South African cryptocurrency exchange said that it is imperative to be aware of the tactics being used in crypto scams despite safeguards already put in place to protect customers.
Marius Reitz, General Manager for Africa at Luno, unpacks the most common scam tactics and explains how to avoid losing your crypto to a con artist.
The most common method in cyber theft is tricking users into sharing information or granting scammers access to their accounts. Similar to the way hackers attempt to compromise traditional banks, crypto scam attempts are often disguised as requests from valid operations. The good news is there are a number of safeguards built into Luno’s platform which provide additional layers of security for users to avoid being scammed.
Customers should always be sceptical of anyone claiming to work for Luno or representing Luno in their personal capacity. Luno is not associated with any third-party “investment scheme” or “trading platform” and does not permit third-party trading accounts.
There are several things you should know about cryptocurrency service providers and how they contact you. More importantly, there are questions Luno will never ask, so any of these should immediately raise an alarm: your password, banking details, one-time-PIN (OTP), two-factor authentication (2FA) code or authorisation links. Luno will never threaten to deactivate or close your account if you don’t click on a link or upgrade your account.
Remember that if something sounds too good to be true, it probably is. Luno will never guarantee any kind of return on your cryptocurrency and we advise our customers to be cautious of people who offer to trade on their behalf.
Scammers may invite you to a social media group to give the impression that it is a legitimate entity or ask you to send them cryptocurrency through the Luno platform in exchange for a fee. Tricksters may ask you for your Luno account login details, or ask you to open a Luno account on their behalf so they can buy, sell, receive, send, or trade cryptocurrency, offering you compensation in return.
If you suspect someone has accessed your Luno account, report this suspicious activity via the app or email and lock your account to prevent scammers from accessing your wallet. You can also switch off the ability to send cryptocurrency from your Luno wallet (this is off by default) and you can further secure your account by enabling 2FA. This keeps your account more secure when logging in or sending money out by requiring two things to complete any task: something you know (like your password) and something you have (like your mobile phone).
Phishing uses disguised email as a weapon. The email recipient is tricked into believing that the message is something they want or need, or is designed to drive fear and urgency – this may include a request from their bank or crypto exchange, for instance, or a note from someone in their company along the lines of, “Your account is not secure and hackers may have access to it. Click the link and follow the instructions to prevent this.” The recipient then clicks the link or downloads an attachment and inadvertently shares personal, sensitive information with the scammer.
Smishing (SMS phishing) takes place through SMS communication, similar to phishing, whereby scammers trick victims into revealing security codes sent to their mobile devices or transferring money to them.
Twishing (phishing through Twitter) is when a phisher tweets to or sends a direct message to a Twitter user with a link to a fraudulent website. If the user signs into that site, the phisher obtains their private information or login credentials, such as a username and password, which may be used elsewhere on the internet to access email inboxes and even cryptocurrency wallets.
Vishing (voice phishing) is a similar type of attack where voice is used instead of email. Attackers will phone a victim to prime an attack or ask to guide them through changing settings or disclosing a password. Victims are fooled into providing valuable account information over the phone.
Spoofing sees attackers impersonating people familiar to the victim either by sending an email as someone else or changing the address very slightly to appear as if from the legitimate sender. Always look carefully at the email address. Although cryptocurrencies are not currently regulated in South Africa, Luno operates as though it is regulated. The business follows stringent KYC (know your customer) and AML (anti-money laundering) measures, which are digitally implemented across the 40 countries in which it operates.