New data from Gen, the parent company behind Norton, has shown a huge spike in financial and crypto scams this winter, with over double the attempts reported.
The amount of blocked scams has increased by 105 percent: more than 460,000 attempts have been blocked in winter months over the last two years compared to about 226,000 on average through the remaining seasons.
The mechanism is convincing: hijacked social media accounts post fake “proof” of crypto or stock market returns to recruit victims through a trust scam.
These take the form of faked bank statement or notification screenshots. The scams will show a large sum of money and the post often features a testimonial talking about coaching for financial gains.
For example, the scam posts shown below have been taken from compromised accounts. They include a fake NAB notification claiming over $52,000 of income from bitcoin mining and a fake Commonwealth Bank notification claiming over $55,000 with a tagged account.
Why these crypto scams work
Dean Williams, Principal Systems Engineer for Norton says these social engineering scams exploit the fear of missing out, or FOMO.
“These scams are designed to create a sense of opportunity and urgency. Cybercriminals use social engineering tactics to make social media users feel like they’re missing out on financial success and encourage them to engage with the scammer.”
“Cybercriminals understand that trust is one of the most powerful tools they can exploit. When an investment opportunity appears to come from a friend, family member or trusted contact, people are far more likely to let their guard down.”
“These scams often create the illusion that ordinary Australians are making life-changing amounts of money through cryptocurrency, trading platforms or investment schemes. In reality, the social media account may have been compromised and the posts are being used to recruit new victims.”
With cost-of-living concerns at the forefront of many of our minds right now, it’s easy to fall victim to the idea that you could be earning thousands of dollars from minimal investments.
As nice as armchair investing and massive returns on the crypto market sound, reality is far less glamorous. The truth remains like the old adage: if it sounds too good to be true, it probably is.
How to identify crypto scams
There are a few telltale clues that these posts are scams.
- Unsolicited “I made money” posts from friends that sound out of character.
- Real bank notifications don’t create a shareable overlay or promotional graphic.
- A sense of hype, urgency, or pressure in the post with FOMO language. (“Everyone’s struggling,” “Don’t be scared,” “It’s worth it,” “Don’t wait.”)
- Unverified accounts claiming to be a “mentor” or “coach” either generating the post or tagged in it.
- Pressure to move to another platform for further information; often Telegram or WhatsApp.
- Guaranteed cryptocurrency returns with no mention of risk.
What to do if your account is hijacked
If your account gets hijacked, it’s important to take action quickly before you lose access entirely. While you can, change the password on the account, enable multi-factor authentication, and report the breach to the platform.
If you see a friend’s account is hijacked, don’t engage with the post directly. Warn them via another channel or platform and report the post.
If you’ve already engaged with the scam or sent money to scammers, you should report the incident to Scamwatch and ReportCyberCrime as well as contacting your bank for further steps.
Scams are getting more sophisticated and believable than ever. That’s why it’s important to take anything you read on social media with a healthy dose of scepticism.
Comments