A small handbook to combat crypto scams
The most common scams in the history of crypto seen in detail
We will try to give some practical pointers on how to recognize frauds, how they work, and what the safeguards and forms of protection might be, but which, as we will see, are almost never easy or effective.
We will be accompanied in this exploration by Paolo Dal Checco, one of the best-known and most authoritative forensic computer experts in Italy, who will also help us understand the mechanisms and technical peculiarities of these frauds.
One of the frauds that it is easiest to come across is carried out through Facebook.
The scheme is quite simple: one uses the fake endorsement of a famous person who is appealing to the crypto public (among the favourites, Elon Musk and Jeff Bezos) and promotes, through a paid advertisement, the sale of a fictitious token soon to be issued by a large technology company (such as Tesla or Amazon).
The most recent one concerns the issuance of a fake token called A-Mazon with Bezos’ face in the foreground and the promise to make the lucky investors rich.
Whoever subscribes to the offer and sends the money, by credit card, usually receives nothing in return or, at best, receives something that perhaps resembles a token, be it a code or a numeric string, totally devoid of any function and utility.
This is because neither Amazon, nor Tesla, nor Bezos, nor Musk is behind the operation. End of transmission.
How to recognize recurring patterns?
The pattern is simple but raises several questions. First, how is it possible that Facebook, despite its super-strict policies, allows the massive dissemination of blatantly fraudulent advertisements? Secondly, is it possible that the perpetrators cannot be traced, considering that the payments are made by traceable means (mostly by credit card)?
In a recent interview, a Facebook (now Meta) executive, Andrew Bosworth, when asked about misinformation on the social media disclaimed any responsibility of the platform. In short, if you trust false information circulating on Facebook, you have a problem with the person who put it there, not with the platform. This overlooks what is not exactly a detail. Namely, that in these cases we are talking about paid advertisements, on which the platform profits.
We turned these questions over to Paolo Dal Checco, Forensic Computer Consultant and also expert in the field of cryptocurrencies. Dal Checco reports how advertisements on Facebook that lead to dubious sites that provide trading activities are quite frequent, even though the platform attempts to combat the phenomenon with verifications, warnings, and user blocks. The problem is that the checks and warnings often have no immediate effect, which means that the scam ads can remain online for up to a few hours.
Facebook as a major vehicle for scams
Moreover, precisely in order to limit the effect of the checks, fraudsters often choose to publish ads not from newly created accounts, but through the accounts of people whose accounts have been “hacked”. This allows them to increase Facebook’s trust in the posted adverts and thus slow down their removal.
The unfortunate consequence for the owners of the compromised accounts is that they are often restricted, if not blocked forever, from accessing the platform or at least from being able to publish advertisements. This means that in the event of an attack on an advertising account of a company that makes advertising its business or part of its activity, the damage can be quite considerable, both for the victims of the scams, and for those whose accounts have been used as a vector for illicit activities.
The question is often asked why Facebook allows this kind of ad. It would certainly be interesting to hear their opinion, but we can imagine that unfortunately given the huge amount of ads that are published every second, they are unable to keep up with the scam attempts by nipping them in the bud, letting some victims fall into the trap before blocking the ad campaigns and banning the users or pages involved.
Precisely for this reason, the best defence for those using advertising accounts is to protect their accounts by activating the minimum security measures such as two-factor authentication, email notifications of suspicious activity, and verification of authorizations granted by Facebook.
Clearly, these precautions are not enough, and fraudsters may try alternative ways such as stealing cookies or session data, cross-site scripting, phishing, and techniques that exceed the security measures. In this case, the only solution is to be extremely careful about everything that revolves around the account being used for advertising.
The problem is that, once the scam has been perpetrated, the Facebook account used can generally still be recovered (mitigating any damage caused by its fraudulent use), but the question of the funds transferred by the victims remains.
The two most commonly used modus operandi
There are two types of scams: the first in which funds are requested to be transferred by bank transfer or credit card and then allegedly invested for the benefit of the victims (who at some point lose control of them). The second in which the funds are first converted into crypto and secondly transferred to the criminals’ wallets.
What to do after falling for a crypto scam
In the first case, passing through standard circuits, recovery can always be attempted by turning to payment gateways or banks. It is clear that in 99% of cases, the fraudsters will carefully empty the accounts receiving the funds before they can be reversed.
In the second case, on the other hand, the security of cryptocurrency transfer protocols paradoxically presents itself as a difficulty for the recovery of sums from victims, who will not be able to reverse payments and will have to concentrate on identifying and tracing the details of the recipients of the funds. One must then assess, through blockchain forensics and intelligence techniques, whether the funds were channelled to an Exchange or to a personal wallet (e.g. Trezor, Ledger, Electrum, MetaMask, etc.).
In the case of an Exchange, one can attempt to retaliate against it, or at least involve it by requesting a freezing of the funds pending legal action, as soon as it can be reliably demonstrated that the funds transferred there are from illegal activities. It will not be easy, but at least you will have an interlocutor with whom to assess appropriate actions, as well as involving him in the investigation activities to attempt the traceback of the wallets to the users, by means of investigative activities by the Judicial Authority.
Unfortunately, in most cases, those who commit offences in the crypto sphere for significant sums do not use exchanges or, where possible, use those less “available” to interact with the Judicial Authority, and also use personal wallets, hardware or software, which are more difficult to identify.
Indeed, most of the time, if used correctly, they are totally untraceable, except in particular cases where, through analysis of the blockchain and of the digital evidence attached to the protocol used, no discernible traces emerge that can be used to trace wallets or transactions back to the real users. In the case of Exchange use, then, the credentials provided by the criminals are often false, obtained through nominees or identity theft, and the IP addresses used for connection are anonymous (VPN or Tor) and therefore of little use for investigations.
It is paradoxical that, in a system in which the monitoring of means of payment has become capillary and even obsessive, it is not possible to reach the other end of traced transfers and thus to identify the perpetrators of these frauds.
But if even the intervention of the judicial authorities and the police risks being in vain and fruitless, what protection do consumers who fall victim to these frauds have?
One must bitterly conclude that the only form of protection is to exercise the utmost care to avoid falling into these traps.
The most common signs to detect fraud
There are several warning signs that may suggest the risk of fraud. One of them is the promise of unreasonably high guaranteed returns. If an investment sounds too good to be true, it is highly likely to be a dud.
Another indicator is that, when the operation is a scam, neither the names and identifying details of the company managers nor the details of the legal entity promoting the venture are clearly stated on the various websites. No registered offices, physical addresses, tax codes or registration numbers, and so on. It thus becomes impossible to carry out a chamber of commerce visit or a query at the local commercial register.
Then there is another possible indication: the substantive function of the whole operation is not clearly explained. In other words, what the token being promoted is actually used for. If there is a white paper, it has undefined and unclear contents.
Last but not least, among the possible indications is that of disproportionate and hammering marketing. Although the extensive use of marketing campaigns is a common element of initiatives in the crypto world (even non-fraudulent ones), those who set up this type of fraud pursue a hit-and-run logic. That is, they have a pressing need to reach as many people as possible, and then get rid of them as quickly as possible. This requires marketing campaigns to be particularly invasive and extensive.
Of course, it is natural to ask what use is the enormous paraphernalia of data collection, sanctions and bureaucratic and identification requirements imposed by the anti-money laundering legislation, the burden of which is in fact borne by ordinary users when the system then fails to actually prosecute those who appear to be declared criminals.
Back to the list