NatWest mobile app users are being directed to a warning screen advising them to beware of cryptocurrency scams. The bank received a record number of reports of such scams.
NatWest mobile app users are being directed to a warning screen advising them to beware of cryptocurrency scams. The bank received a record number of reports of such scams.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>Consumers are being warned to beware promises of big rewards and getting “rich quick”, with cyber criminals exploiting the high levels of interest in the currency. NatWest’s warning comes as cyber criminals become increasingly sophisticated – operating not just through fake websites, but also the use of celebrity figureheads to coax people into investing.</p> <p> </p> <p>It is critical consumers are made more aware of the risks. This means always taking a cautious approach – checking links before clicking on them, never filling out forms that are new and out of the ordinary, and always contacting banks when unsure. Failure to do this risks opening the doors up to hackers, allowing them to remotely access software without consumers even realising.</p>
<p>Reminding customers to be wary of these cryptocurrency scams is a welcomed move and it’s great to see a major bank leading the charge with this. All too often, industry experts are quick to blame consumers for “falling” for scams or advise how they could have avoided being caught out. Fraudsters are using more sophisticated tactics than ever before, with a common one involving fake celebrity endorsements – the recent Elon Musk incident is just one example of this.</p> <p> </p> <p>Now, the onus is on technology and finance organisations to step up to the challenge to protect consumers. It’s great to see a major high street bank setting an example and it’s now time for others to follow suit. A simple flag (‘This link could be fraudulent’) would go a long way to protecting consumers. And all it takes is AI and machine learning algorithms that are trained to spot scams before they reach the consumer.</p> <p> </p> <p>To fight misinformation, Twitter and Facebook started flagging posts that weren’t backed up by fact, and the problem has improved significantly. Why can’t we do the same for fraudulent activities online? With the right technologies in place, digital service providers – messaging apps, mobile manufacturers, email providers, or mobile networks – could warn us when a suspicious link or message is shared.</p> <p> </p> <p>In the future, technologies like behavioural biometrics could be used to track fraudsters’ behaviour and movements around the web, to build a digital footprint of their activity and figure out if they’re really who they say they are. Legislation also plays a role, and initiatives like the UK’s Online Safety Bill are a welcome step forward. For now, however, we have to rely on the tools we already have at our disposal – and use them to stamp out scams before they hit our inboxes.</p>
<p>As these non-regulated commodities soar in value, threat actors and organised criminals are highly motivated to target users with mobile phishing campaigns. These attacks are designed to gain users trust and steal their login credentials that give access to the cryptocurrency platforms and wallets they use. </p> <p> </p> <p>The social engineering attacks that lead to the loss of this sensitive information can come from anywhere on a device, including SMS, social media platforms, third-party messaging platforms and email. Beyond phishing, there are malicious apps that have hidden capabilities that can log keystrokes or watch user activity on screen, most cryptocurrency wallets are accessed and managed via an app.</p> <p> </p> <p>Many of us install antivirus software on our computer, and what people are starting to realize is that they should do the same with their smartphones and tablets. More than ever we are expected to work on any device, from anywhere with connectivity, often using networks we have no control over, to access data in the cloud. Considering the amount of data we trust to our mobile devices, they are the most important to secure. Attackers know that we use our devices for everything and trust them implicitly. If they find out you own cryptocurrency, they will target you via every channel to leverage that trust.</p> <p> </p> <p>Twitter recently experienced a significant breach. On July 15 2020, an unauthorized party entered its backend infrastructure and gained access to 130 accounts belonging to high-profile individuals such as Barack Obama, Kanye West, Bill Gates and Elon Musk. The attackers stole more than $100,000 by tweeting out Bitcoin phishing scams and snatched data from some of the handles.</p>