Analysis of Cryptocurrency Scam Typology: Elderly Abuse
Analysis of Cryptocurrency Scam Typology: Elderly Abuse
Introduction
Cryptocurrency scams are a growing threat to both individual investors and financial institutions. As these schemes become more sophisticated, particularly during a bull market where there is lots of press about crypto gaining in value. Compliance departments must understand their mechanics to develop effective prevention strategies.
This report outlines a detailed typology of a typical scam scenario where fraudsters target vulnerable individuals, leveraging misinformation and psychological manipulation to steal funds. Additional insights from industry sources are also included to provide a comprehensive overview of these scams. Furthermore, we provide insights into current industry best practices and propose advanced technical solutions for crypto service providers to identify and prevent account takeovers, even when the victim has been coerced into lying.
Scam Typology: The Long-Term Trust-Building Approach
1. Initial Contact and False Representation
Scammers typically initiate contact by phone, posing as representatives from well-known and trusted cryptocurrency platforms like Crypto.com. These calls can vary between being solicited (the scammers fake a “Sign up for information” page, posing as a legitimate website - particularly crypto.com) or being unsolicited. Such language is a red flag as cold calls are illegal in most jurisdictions due to strict regulations on promotions for financial services. Here are the steps scammers use in this phase:
- Caller Identity: They use online phone numbers that the victims cannot call back, making the communication untraceable and avoiding direct callbacks.
- Legitimacy Check: To gain trust, scammers encourage victims to verify the caller’s legitimacy by referencing reputable sources or news articles about the company they are impersonating. The victim feels like they have done due diligence.
- Website imitation: Scammers create convincing spoof pages of the company they claim to imitate.
- Warnings about safety: The scammers will warn the victims warnings that they should invest carefully, e.g., only with trusted companies that they have researched (while providing spoofed pages to capture their details).
- Exclusive Communication Channels: They insist on using secure messaging apps like WhatsApp, Signal, or Telegram for further communication, which deviates from standard practices of legitimate financial institutions that use official in-app chats, emails, or formal letters.
2. Building Trust and Gathering Personal Information
Over an extended period, scammers work to build a rapport with their victims. This phase is characterised by:
- Personal Stories: Sharing personal details about their own family life and asking victims about theirs to create a bond and gather personal information.
- Gradual Investment Requests: Slowly introducing the idea of moving funds into a "safe" cryptocurrency investment, often using language and a friendly demeanour to seem credible and trustworthy.
3. Pressuring and Manipulating the Victim
As the relationship develops, the scammer begins to exert subtle pressure:
- Opening Accounts at Other Providers: The scammer may suggest opening accounts at other service providers or even recommend taking out short-term loans to increase investment capital. Legitimate advisors from recognized companies would never make such recommendations.
- False Technical Information: They often provide misleading information about blockchain technology. For instance, they might claim that investments are "locked" on the blockchain and require large fees to unlock, which is not how blockchain transactions work. Legitimate blockchain fees (like gas fees on Ethereum or miner fees on Bitcoin) are minimal and transparent.
4. Theft of Funds and Misinformation
Once the victim's trust is secured, scammers move to the final phase of their plan:
- Obtaining Private Keys: Scammers persuade victims to transfer their funds to a decentralised wallet, often set up by the scammer, or ask them to set it up and then obtain the private keys under the pretext of technical assistance. This gives them complete control over the victim’s funds once they leave the centralised platform.
- Misleading Verification Processes: Victims may be misled into lying to their cryptocurrency exchanges about their activities or wallet ownership , further aiding the scammer in bypassing security measures. They are informed that the legitimate platforms are not working in their interest and are gatekeeping, which that is why they should lie.
- Taking over the account on the legitimate exchange once verification is completed: Victims are pressured into handing over the account details in order to have “technical help” managing their account
Industry Insights on Cryptocurrency Scams
To further understand the breadth and sophistication of such scams, here are some insights from leading industry experts:
- Sardine.ai highlights that phishing and social engineering are the most common tactics scammers use. They note that fraudsters often exploit psychological manipulation and sophisticated identity theft techniques to deceive victims into revealing sensitive information, such as private keys or account credentials.
- According to Elliptic.co, scammers frequently exploit the pseudonymous nature of blockchain transactions to perpetrate fraud. They use mixers and privacy coins to obscure transaction trails, making it challenging for authorities to trace stolen funds. Elliptic also underscores the critical role of robust KYC (Know Your Customer) and AML (Anti-Money Laundering) protocols in detecting and preventing such fraudulent activities.
- SumSub.com identifies that scam typologies have evolved to include more complex and targeted approaches. They report that criminals often use deep-fake technology and other advanced methods to create convincing personas, which they use to manipulate and defraud their victims. This underlines the need for advanced identity verification and continuous monitoring to detect unusual patterns of behaviour.
Recommendations for Compliance and Prevention
1. Enhance Verification Processes:
- Device Fingerprinting and Geolocation: Use advanced device fingerprinting and geolocation to verify that logins and transactions originate from known and trusted devices. Only allow account access from devices that have undergone live verification during the EDD process.
- Enhanced Video Due Diligence: Integrate a targeted video during the Enhanced Due Diligence (EDD) process. This video should educate potential victims about common scam tactics and be played at the point of the video interview when it is confirmed they are directly interacting with the victim. This stage ensures maximum impact as it reaches the victim during a secure and attentive moment.
- Wallet Whitelisting Linked to Geolocation: Implement a system where wallets are whitelisted based on geolocation data, restricting transactions to known and verified locations.
- Manual Review of Withdrawals: For accounts flagged as high-risk or for vulnerable customer groups, introduce a meticulous manual review process for all withdrawals to detect potential signs of coercion or fraud.
2. Customer Education and Awareness
- Regular Scam Alerts: Continuously update customers about the latest scam techniques and how to identify them. Use newsletters, in-app notifications, and educational videos.
- Official Communication Channels: Encourage customers to use and trust only the official communication channels provided by the platform. Warn against using unsecured or unofficial messaging apps for communication with support or advisors.
3. Monitor and Analyse Transactions:
- Real-Time Chain Analysis: Use blockchain analysis tools to monitor and trace suspicious transactions. (YouHodler uses Elliptic)
- Real-Time Transaction Monitoring: Implement real-time transaction monitoring systems to identify and flag unusual activity. (YouHodler uses a custom alert system linked to Elliptic and also SumSub)
- Increase reviews of vulnerable groups: Put all withdrawals for identified vulnerable customer groups (e.g. New customers over age 60) on manual approval.
- Enhanced IP and VPN Detection: Improve the detection of VPNs and unusual IP addresses to flag potential unauthorised access attempts. This should be integrated with the existing KYC processes to prevent fraud at the point of account creation and transaction initiation.
4. Collaboration with Authorities:
- Active Reporting and Intelligence Sharing: Closely collaborate with law enforcement and regulatory bodies to report and combat cryptocurrency fraud.
- Participate in industry forums to share insights on emerging threats and best practices. Foster collaborations with industry bodies to increase awareness.
- Contribution to Industry Standards: Engage with industry efforts to develop and promote standards for security and customer protection in the cryptocurrency space.
Conclusion
As cryptocurrency scams grow in sophistication, they present a significant threat to both individual investors and financial institutions. By understanding the tactics used by scammers and implementing robust preventative measures, we can protect our customers and uphold the integrity of the financial system. Proactive measures such as enhanced verification, continuous customer education, and rigorous transaction monitoring are essential in the fight against crypto-related fraud.
References
- Sardine.ai: Insights on phishing and social engineering in cryptocurrency scams.
- Elliptic.co: Reports on the use of privacy coins and mixers to obscure illicit transactions.
- SumSub.com: Analysis of evolving scam typologies and the use of advanced fraud techniques.
- Banks Aren't Doing Enough to Protect Customers From Scams | TIME
- Firms should strengthen anti-fraud systems and must treat victims of fraud better, review finds | FCA
- Three Ways Banks Can Improve How They Help Scam Victims
- Scammers are getting smarter at targeting financial services, here’s 5 ways to better guard against scams
- Scam warning Video