There are more than 1,500 cryptocurrencies in circulation today. An increasing number of businesses now accept Bitcoin, Ethereum, and other well-known altcoins as a legitimate form of payment, so the competition is likely to grow even fiercer in the years ahead.
The knock-on effect of this popularity is an increase in cybercrime. Losses from cryptocurrency crime reached $4.4 billion in 2019.
There are various forms of crypto crime to look out for. Two of the most common are fraud and ransomware.
What are they and how do they work?
Cryptocurrency scams, or crypto fraud, is where one party tries to trick another into sending them money.
Typically, the fraudster will approach you in the guise of a legitimate investor. They claim to have found a fantastic investment opportunity and invite you to contribute your own funds. This is paid into a digital wallet, and often comes with a promise of a fast and significant return on investment.
However, as soon as you transfer the funds into the designated wallet, the so-called investor disappears – along with your money. It then becomes a race against time to see if you can recover your investment.
Ransomware is slightly different in that it is more overt.
The fraudster installs a malicious programme on your computer, often through a phishing email or similar techniques, that gives them control of your data – locking you out in the process. They threaten to expose any sensitive data they find or delete it altogether unless you pay them off.
This can be especially damaging for businesses. So much so that many feel it is worth paying the ransom to avoid suffering heavier losses further down the line.
In either case, the most effective defences are preventative. These are some of the measures we recommend to all our clients.
1. Do your due diligence
If someone approaches you with an investment opportunity that seems too good to be true, it probably is. So the best way to protect yourself against crypto fraud is to do your due diligence before entering into serious discussions – certainly before any money changes hands.
We advise conducting open source research into the individual and/or the company they represent. Your first port of call should be Financial Conduct Authority (FCA) records. Is the investor or company registered? Are they on any warning lists? Alongside social media and other publicly available information, this will help you determine if potential investors are on the level, for relatively minimal effort.
For added peace of mind, it may be worth hiring specialist investigators to supplement your own research. As well as having more experience conducting this type of research, they will have access to resources you do not. This will help you build an even more comprehensive profile and pick up on any red flags you may have missed.
2. Invest in the right security software
48% of UK businesses were hit by a ransomware attack in 2019. And, while it can be easy to spot some phishing scams and malicious links, there are plenty of subtle tactics criminals employ to gain access to your computer or mobile devices.
To reduce this risk, you should protect your computer (or computers) with robust security software.
There are several commercially available solutions geared specifically towards ransomware. The most effective is ZoneAlarm Anti-Ransomware. However, both Kaspersky and Bitdefender offer reliable anti-ransomware software as part of their general cybersecurity packages. Whichever solution you choose, we recommend installing a solid firewall to monitor ingoing and outgoing network traffic.
If the worst happens and you suffer a ransomware breach, there are programmes that can remove it from your system. Kaspersky and Malwarebytes are two of the most effective. But once again, it is safer and more cost-effective to prevent infection in the first place than trying to combat the symptoms.
All the solutions listed here are scalable. This makes them the perfect choice if you need to protect a vast network of computers.
3. Always back up your data
Security software can protect your data against the majority of online threats. But even the most sophisticated cannot guarantee 100% protection. Nor can they account for the basic human errors that lead to ransomware infections.
As an added layer of protection, you should backup core systems and sensitive data. This can be on a separate machine, a secure cloud server, or a combination of the two – depending on the level of security you require and the amount of data that needs protecting.
The advantage of this approach is simple. Should a cybercriminal delete your data, because you refuse to pay or out of spite, it is not irrevocably lost. You can then focus on dealing with the immediate threat. Once you have neutralised this, you can reinstall the backups.
Consider seeking professional advice
Physical security assessments and audits are commonplace. But in today’s world, regularly reviewing your digital defences is just as, if not more, important.
The consequences of a ransomware attack or crypto fraud are not only financial. If sensitive customer data is leaked on the web, for instance, the reputational damage can be even more severe.
Our investigators specialise in cybersecurity. We can review your current online security measures to see where your biggest vulnerabilities lie, and help you implement more effective protocols to plug any gaps.
You might view this as an unnecessary expenditure. Especially if you have never been the victim of cybercrime. However, proactively addressing vulnerabilities or blind spots in your digital defences before they are exploited can save you time, money, and hassle further down the road.
What's inside?
Stay a step ahead in an increasingly complex and unpredictable world
Our consultants stay on top of the latest megatrends that influence how organisations are attacked, whether related to terrorism, criminality, war or cyber.
We document their analysis here. Be the first to see it.
