Most attacks can be avoided with vigilance and a little technical knowledge. Online criminals are often trying to make their money as quick and easy as possible. The more difficult you make it for them, the more likely they will move on to an easier target. The tips below will assist you in protecting yourself and your identity online.
Do not allow anyone to access your account or devices
A very common trick used by scammers is to pretend they are helping or teaching you how to trade. By taking control of your devices or asking for information that will allow them to access your account they can gain entry to bank accounts and steal your funds. They may ask you to install third party software, to use remote desktop, or ask you to verify your account details including passwords and two-factor codes.
Beware of investment brokers
Given that these scams result in the largest total losses for Australians it is important to be vigilant and aware of them when browsing the internet and looking for advise/knowledge on cryptocurrency. These scams are initiated by clicking on fake advertisements/social media post and entering in personal information or filling out surveys.
Scammers who claim to be brokers/portfolio managers will then contact you via email or telephone and attempt to coax you into investing in cryptocurrency, either on your behalf, or offer to coach you via remote access software. You will be shown various fake data of profits which are hosted on fake websites, all in an attempt for you to transfer more money to these scammers.
It is common in these scams for the ‘broker’ to claim to be located overseas and try to be seen as sophisticated and trustworthy by showing you falsified documents and credentials to coax you into investing.
These scammers may allow you to withdraw a small amount of your total investment, but this is a tactic used to build trust, which will be abandoned if you request to withdraw all funds. At which time these scammers will stall on returning funds and most likely request further funds to withdraw. The conclusion to these sorts of scams ends in these scammers cutting all contact.
Regularly update computer software
One of the best ways to keep attackers away from your computer is to apply patches and other software fixes on a regular basis. By regularly updating your computer, you help prevent attackers from being able to take advantage of vulnerabilities in the software that they could otherwise use to break into your system.
Choose strong passwords and keep them safe
Avoid using easy-to-guess passwords or passwords based on your personal information such as your last name or login name. Use a mixture of lower- and uppercase letters as well as numbers. Select especially strong, unique passwords for protecting activities like online banking. BTC Markets recommends using a password safe with generated passwords.
Protect your personal information
Exercise caution when sharing personal information such as your name, home address, phone number, and email address online. Attackers will attempt to get your information in many ways.
If you are not sure about a link or file attachment in an email, don't follow the link or download it, just simply delete it. If you are unsure, you can also contact the entity directly via their website or phone number to confirm. It could be malware that once executed can allow attackers to access the data on your machine remotely.
Poorly worded emails
Things that indicate a message may be fraudulent are misspellings, poor grammar, odd phrasings, website addresses with strange extensions or entirely numbers where there are normally words, and anything else out of the ordinary. Additionally, phishing messages will often tell you that you have to act quickly to keep your account open, update your security, or urge you to provide information immediately or else something bad will happen. Don't take the bait.
Guard your email address
Spammers and phishers sometimes send millions of messages to email addresses that may or may not exist in hopes of finding a potential victim. Responding to these messages or even downloading images ensures you will be added to their lists for more of the same messages in the future. Also be careful when posting your email address online in newsgroups, blogs or online communities. Pay attention to privacy policies on websites and in software. It is important to understand how an organisation might collect and use your personal information before you share it with them.
Use two-factor authentication
BTC Markets and many other websites support two-factor authentication. Utilise it where possible, especially on financial accounts and your email address. If you do manage to leak your online credentials the attacker will not be able to steal your personal information (or Bitcoins) if they do not physically have access to your phone at the same time.
Online offers too good to be true
The old saying "there's no such thing as a free lunch" still rings true today. Supposedly "free" software such as screensavers or smileys, secret investment tricks sure to make you untold fortunes, and contests that you've surprisingly won without entering are the enticing hooks used by companies to grab your attention.
The creators of a cryptocurrency, rich or famous people, are not going to double your money if you first send them your funds.
While you may not directly pay for the software or service with money, the free software or service you asked for may have been bundled with advertising software ("adware") that tracks your behaviour and displays unwanted advertisements. You may have to divulge personal information or purchase something else in order to claim your supposed contest winnings. If an offer looks so good it's hard to believe, ask for someone else's opinion, read the fine print, or even better, simply ignore it.
Review bank and credit card statements regularly
The impact of identity theft and online crimes can be greatly reduced if you can catch it shortly after your data is stolen or when the first use of your information is attempted. One of the easiest ways to get the tip-off that something has gone wrong is by reviewing the monthly statements provided by your bank and credit card companies for anything out of the ordinary.
Additionally, many banks and services use fraud-prevention systems that call out unusual purchasing behaviour (e.g., if you live in Sydney and all of a sudden start buying goods in Russia). In order to confirm these out-of-the-ordinary purchases, they might call you and ask you to confirm them. Don't take these calls lightly—this is your hint that something bad may have happened and you should consider pursuing the activities described in the area covering how to respond if you have become a victim.
Know the recipient before sending funds
Only transfer funds to trusted recipients. Bitcoin transactions are irreversible. Before transferring funds from BTC Markets, always double-check you have the correct destination BTC address.
Watch out for ransomware
Ransomware (such as CryptoLocker) is usually propagated via infected email attachments in the form of an executable file. Once activated, the malware encrypts certain types of files stored on local and mounted network drives using cryptography. The private key is required to decrypt the data but this will only be provided if a payment (through either Bitcoin or a pre-paid cash voucher) is made by a stated deadline.
How do I defend against ransomware?
The best defense against ransomware is preventing infection in the first place. Take precautionary steps, such as backing up your data so you can restore to a last known uninfected state. CryptoLocker has been known to target Remote Desktop Protocol (RDP), so disable RDP if you are not using it. Never open an executable (.exe, .bat, .vbs, etc.) and filter for such files to prevent receiving emails that may be harmful. You can create rules within Windows or with Intrusion Prevention Software to disallow a particular, notable behaviour used by Ransomware, which is to run its executable from the App Data or Local App Data folders. If (for some reason) you have legitimate software that you know is set to run not from the usual program files area but the App Data area, you will need to exclude it from this rule.
Use of our services for illegal activities
BTC Markets is committed to reducing and preventing crime by reporting any issues or suspicious activity to the appropriate authorities. BTC Markets prohibits the use of our services for illegal activities including paying ransoms for ransomware or any other illicit activities. The addresses used to send bitcoins on our service are public information and each transaction is recorded for future traceability.
Below are some useful resources about protecting yourself online:
- ScamWatch - is run by the Australian Competition and Consumer Commission (ACCC) and provides information to consumers and small businesses about how to recognise, avoid and report scams
- Personal security guides - on this page you can find some helpful guides created by the Australian Cyber Security Centre.
- Report | Cyber.gov.au - is where to go if you have been a victim of a scam or fraud online and want to report it to police.
- IDCARE - is Australia and New Zealand’s National Identity and Cyber Security Support Service and provides free phone consultants and advice for the community.
- ACCC Little Book of Scams – is an important tool for consumers and small businesses to learn about scams.
For more information about any of the topics mentioned above, feel free to contact support.