- Hackers and scammers are targeting cryptocurrency and digital asset investors at increasing rates as the value of crypto assets continue to rise.
- A common method of these hacks are SIM swap attacks, which have risen in prevalence with hackers stealing millions in 2021.
- Similarly, Phishing attacks have grown and accounted for more than 90% of data breaches in 2021.
- Learning how to identify these common scams and best practices to take is the best course of action in protecting your assets.
- Caleb & Brown and your personal broker will be a continued avenue of support and protection against such threats.
What is a SIM Swap Attack?
A SIM swap attack is when a scammer obtains your SIM card either physically or remotely in an effort to steal your personal information for financial gain. SIM swap attacks have become increasingly prevalent over the years with the FBI reporting $68 million stolen by criminals in 2021 - a significant increase from $12 million (560%) during the 2018-2020 period.
By hacking your SIM card, scammers gain access to your phone number and personal information. This is most commonly achieved through remote measures where the scam artist will impersonate you, call your phone provider and request your SIM data be moved to their phone. If the transfer is successful, the perpetrator will then have total control of your phone number, allowing them to receive all texts and calls, attempt to reset passwords and try to gain full access of your digital wallets.
This poses a major risk to your digital asset holdings if your exchange or digital wallet data has also been compromised. While these custodial services tend to implement secondary security measures like Two-Factor Authorisation (2FA), this will be ineffective if your phone number has been compromised. Scammers will then be able to request asset/fund withdrawals and completely siphon the value of your account to their wallets, never to be retrieved.
What is a Phishing Attack?
Targeted phishing attacks are another prevalent scam method. These are incoming calls, texts or emails which try to bait you into clicking links which will either steal or request user data. These attacks are designed to be tempting and trigger an emotional response from you, often claiming that you have won a prize or been sent funds to your account (See below). To help identify these kinds of attacks and protect your personal data, you should familiarise yourself with these best practices.
Attacks on the Rise
As digital assets become increasingly adopted globally, the importance of security measures to safeguard against hackers and scammers has become paramount. Previously we have explained some of the most common methods of attempts to scam/hack users’ funds.
The rise of these new attack vectors and their consequences can be felt globally. In the U.S., the Federal Communications Commission (FCC) reported 1,611 incidents just last year. The FCC are currently working to strengthen the identification processes conducted by cell phone providers and have suggested withdrawing from publicly posting your digital portfolios and to avoid using SMS-based 2FAs.
In Australia, the Australian Communications and Media Authority (ACMA) have proposed the new ‘Telecommunications Service Provider Determination 2022’, which comes into effect at the end of June. This will require phone providers to administer much stricter identity checks when customers request SIM swaps. This is to protect consumers from identity theft, as a preventative measure against sim swapping.
Victims who have had funds stolen through SIM swap scams or phishing attacks are generally not afforded compensation by cell phone providers. This reinforces why consumers must exercise greater due diligence and protect their online accounts/identity as a means of protecting their digital assets.
What Can I do to Safeguard My Digital Assets?
While these measures provide additional layers of security towards protecting your phone number, the best form of defence is optimising how you manage and store your personal data. To reduce the risk of your personal data being breached, please consider the following:
- Use a password manager such as LastPass, which provides security by randomly generating and storing your passwords for you.
- Never share your private keys. This includes giving it to people you know or on random links asking for them. If you receive a strange email from your custodian - enquire about it.
- Change your passwords regularly. If you don’t enjoy the idea of using a password manager at least change your passwords every few months and leave out personal info like D.O.B or street names.
- Educate yourself on the methods currently being deployed to steal your information. The more you know the more suspicious you will be of these kinds of attacks. Here is a great place to start.
At Caleb & Brown, security of your digital assets is our top priority. To ensure we continue to provide the highest level of security available, we have recently upgraded our withdrawal process to involve a tertiary level of authorisation. This industry leading practice helps stop undesired withdrawals from being processed - keeping your funds safe within our custody.
To find out more about our security services contact your personal broker today!Don’t have an account yet? Sign up here!
Recommended reading: Crypto Security Best Practices
Disclaimer: This assessment does not consider your personal circumstances, and should not be construed as financial, legal or investment advice. These thoughts are ours only and should only be taken as educational by the reader. Under no circumstances do we make recommendation or assurance towards the views expressed in the blog-post. The Company disclaims all duties and liabilities, including liability for negligence, for any loss or damage which is suffered or incurred by any person acting on any information provided.