A recent report from cybersecurity firm Kaspersky reveals that scammers are using Google’s legitimate form submission system to create highly deceptive emails that appear to confirm receipt of a crypto transaction. 

But these messages are elaborate bait to trick victims into sending money under false pretences.

The scam starts with a simple form submission. The attacker enters the target’s email address into a pre-filled Google Form. This triggers an automated confirmation email from Google, containing the platform’s official logo and formatting, enough to convince many recipients it’s genuine. 

But the message is entirely fabricated, part of a scheme to coax users into believing they’ve received a large cryptocurrency transfer.

What happens next is where the trap is set. The email includes a message prompting the recipient to “claim” the crypto transfer before the offer expires. Clicking the embedded link redirects users to a fake website that impersonates a blockchain support page. There, they are told to pay a “commission” in cryptocurrency to unlock the so-called funds.

There are no funds. Once the fee is paid, the scammers disappear.

According to Kaspersky’s Email Threats Protection Group Manager, Andrey Kovtun, “This campaign demonstrates a cunning exploitation of a trusted and widely used platform to deliver scam attacks on cryptocurrency users.” 

He added, “By crafting fraudulent submission confirmation emails that mimic legitimate notifications from crypto exchanges, attackers used the platform’s credibility to bypass email filters and lure victims into divulging sensitive wallet credentials.”

It’s a disturbingly effective tactic. The use of Google Forms, a tool most people associate with harmless surveys and registration sheets, gives the scam a veneer of legitimacy. 

Most spam filters don’t catch the emails because they come directly from Google’s servers and include authentic links like forms.gle, which email systems recognise as trustworthy.

And it’s not just the delivery method that’s clever, the language used in these emails is designed to create urgency. Victims are told the transaction will “expire,” pushing them to act quickly without thinking critically. It’s a psychological tactic commonly used in phishing, but now reinforced with the trust many have in Google.

Reports indicate that this form-based scam has surged by over 60% since last year, and with the rising adoption of digital currencies globally, the trend shows no sign of slowing.

For users, the advice is not to click on unexpected links, no matter how authentic the source looks. Never send crypto payments or personal details in response to unsolicited messages. And most importantly, confirm any financial communication via official platforms or apps, not through email links.

In addition to basic digital hygiene, users are urged to educate family and friends, especially those new to crypto, about emerging scams. Setting up email filters to catch keywords such as “Create your own Google Form” might help, but it’s not foolproof, especially since legitimate services also use the same infrastructure.

• The rising popularity of cryptocurrency has attracted a surge of scammers preying on both new and experienced investors.
• Common scams include fake exchanges, phishing emails, Ponzi schemes, impersonation fraud, and malware attacks, leading to significant financial losses.
• Online security expert Richard D. advises using reputable exchanges, enabling VPN protection, and staying vigilant to navigate the crypto market safely.

Cryptocurrency has never been more popular. Bitcoin continues to hit record highs, and even public figures like Donald and Melania Trump are launching their own coins. 

With millions joining the crypto frenzy, scammers are seizing the opportunity to exploit the uninformed. “Scammers thrive on hype,” says Richard D, an online security expert at VPN Pro. “The more people rush into crypto, the easier it is for bad actors to exploit their lack of knowledge.”

From fake exchanges to phishing schemes, here are some of the most common crypto scams and how to avoid them.

8 Common Crypto Scams and How to Avoid Them

1. Fake Cryptocurrency Exchanges

Scammers create convincing replicas of legitimate crypto platforms, luring users to deposit funds that become impossible to withdraw. These fake exchanges are usually promoted through phishing links and social media ads, making them seem authentic.

How to Stay Safe:

Verify exchanges through independent reviews.

Ensure the platform is registered with relevant regulatory authorities.

Stick to reputable exchanges like Coinbase, Binance, or Kraken.

2. Phishing Emails

Fraudsters send emails that mimic official crypto platforms, tricking users into clicking malicious links or sharing private keys. These emails often contain urgent warnings to pressure victims into taking action.

How to Stay Safe:

Double-check email senders and website URLs.

Never click on unsolicited links.

Remember, legitimate platforms will never ask for private keys via email.

3. Ponzi Schemes

These scams promise guaranteed high returns by using funds from new investors to pay earlier participants. They rely on testimonials, influencers, and hype to attract victims before ultimately collapsing.

How to Stay Safe:

Be sceptical of investments that promise high, consistent returns.

Research thoroughly and avoid schemes that depend on recruitment.

4. Fake Initial Coin Offerings (ICOs)

Scammers create elaborate websites, whitepapers, and marketing campaigns to promote non-existent blockchain projects. They collect funds from investors before vanishing.

How to Stay Safe:

Research the project’s team, partnerships, and technology.

Look for verified information on trusted blockchain platforms.

5. Pump-and-Dump Schemes

Scammers buy large amounts of a low-cost cryptocurrency, artificially inflate its value through hype, then sell off their holdings, leaving other investors with worthless coins.

How to Stay Safe:

Avoid investments driven by social media hype.

Focus on cryptocurrencies with transparent teams and real-world use cases.

6. Impersonation Scams

Fraudsters create fake profiles of celebrities, influencers, or crypto companies, promoting fake giveaways or investment opportunities. Victims send funds, only for the scammer to disappear.

How to Stay Safe:

Verify accounts with blue checkmarks.

Remember, legitimate figures never ask for upfront payments for giveaways.

7. Social Media Scams

Scammers use fake accounts or groups on platforms like Twitter, Facebook, and Telegram to promote fraudulent token giveaways, phishing links, and fake ICOs.

How to Stay Safe:

Always verify the authenticity of social media accounts.

Never share wallet details, private keys, or sensitive information.

8. Malware Attacks

Some malware can infiltrate devices via fake crypto apps, phishing links, or malicious downloads. Hackers use these tactics to steal private keys or redirect transactions to their own wallets.

How to Stay Safe:

Keep antivirus software updated.

Download apps only from trusted sources.

Double-check wallet addresses before confirming transactions.

Why a VPN is Essential for Crypto Security

Beyond avoiding scams, protecting online activity is neccessary for crypto users.

A VPN (Virtual Private Network) creates a secure, encrypted connection, hiding users’ IP addresses and safeguarding their online transactions. Public Wi-Fi networks are especially risky, as hackers can intercept data—but a VPN protects against these threats.

Some VPNs, like VPN Pro, offer malware blocking, ad blocking, and phishing protection, providing an extra layer of security against crypto-related scams.

“The rapid rise of cryptocurrency has transformed the way we think about money, but it has also opened the door to unprecedented levels of online fraud,” says Richard D.

“Staying ahead of these threats requires a proactive mindset. Educate yourself about the risks before entering the crypto market. Use trusted sources to research platforms, and never rush into an investment based on pressure or promises of quick returns. 

“Secure your online presence by avoiding public Wi-Fi when accessing trading accounts, or better yet, use a VPN to safeguard your activity. By staying informed and cautious, you can navigate the crypto space confidently and minimize your risk of falling victim to scams.”

The crypto market brings incredible opportunities but also huge risks. Scammers prey on fear, urgency, and misinformation—so staying informed is the best defense. 

In using reputable exchanges, verifying sources, and securing your online presence with tools like VPN Pro, you can trade safely and protect your investments.

As we observe Cybersecurity Month, it’s a timely reminder of the importance of staying vigilant and protecting yourself from these schemes.

Here are some steps to help you avoid falling victim to fake service scams, and what to do if you’ve already been scammed.

Exercise Caution with Unsolicited Offers

Be particularly cautious with cold calls, emails, and messages on social media that offer services that seem too good to be true. Scammers often create a sense of urgency or present deals that are hard to resist in order to lure their victims.

Verify Contact Information

Always take the time to verify the contact details of sellers or service providers you’re considering. Be it through emails or social media groups, look closely for subtle differences in spelling or unusual domain names that scammers might use to impersonate legitimate companies. Authentic businesses will always have verified contact information.

Cybersecurity Month: How to Identify Fake Service Crypto Scams

Stay Educated and Informed

Knowledge is your best defence. Stay informed about the latest scams and how they operate. Understanding common tactics used by scammers can help you spot potential fraud before it’s too late. Regularly updating yourself on cybersecurity practices will go a long way in protecting your personal information and assets.

What to Do If You’ve Been Scammed

If you find yourself a victim of a fake service scam, act quickly:

1. Report the incident: Immediately notify relevant local authorities and the platform or messaging service where the scam occurred.
2. Provide details: Share all relevant information, including the scammer’s profile name, email, or phone number. This will help prevent others from falling victim to the same scam.
3. Protect your accounts: Change your passwords and monitor your accounts for any suspicious activity.

The irreversible nature of blockchain transactions makes falling victim to such scams especially painful and devastating. 

Hence, this Cybersecurity Month, and every other day, it’s important to feed yourself with knowledge about the latest scams in the crypto space, particularly fake service scams that can take many forms—from counterfeit hardware to fraudulent support services.

Understanding Fake Service Scams

Fake service scams exploit users’ lack of awareness and vigilance. These scams can manifest in various ways, including counterfeit hardware and software, as well as fraudulent services such as shipping, fund recovery, and customer support such as upgrading a crypto exchange account to a VIP level. Scammers may even promise to resolve non-existent account issues to lure victims in.

Mechanics of Fake Service Scams

At the core of every fake service scam is a counterfeit product or fraudulent service offering designed to attract potential victims with promises of value. This can range from providing account verification on social platforms or games to impersonating customer support agents and enticing users to pay for the resolution of non-existent problems.

Building Credibility

Scammers often invest in creating professional-looking websites and establishing a credible online presence through social media. They may imitate the branding, logos, and email addresses of legitimate organizations to appear authentic.

Offering Attractive Deals

Another common tactic is the presentation of enticing deals. Scammers may claim to offer potentially useful services such as fund recovery or provide products at significantly lower prices than market rates. They may also promise high returns on investments that seem too good to be true.

Collecting Payments and Disappearing

Once victims pay for a product or service, scammers typically vanish. They may go offline, shut down their operations, and disable all previously used forms of contact, leaving victims unable to recover their funds.

Recognising Red Flags

To protect yourself, be on the lookout for the following warning signs:

• Unsolicited offers: Be cautious of unexpected emails or messages promising incredible deals or urgent support.
• Poor website quality: Check for spelling errors, low-quality images, and lack of contact information on websites.
• Pressure tactics: Scammers often create a sense of urgency, encouraging you to act quickly without doing proper research.
• Too-good-to-be-true claims: If an offer seems too attractive, it probably is. Always verify the legitimacy of such claims.

Gathering knowledge and staying vigilant is indispensable to protecting yourself from fake service scams in the crypto space. You need to understand how these scams operate and recognise the red flags, so you can make better decisions and safeguard your assets. Share your experiences and insights with your network to help educate others about the importance of cybersecurity.

Defi has been the most vulnerable sector accounting for all of the incidents so far this year.

The most targeted blockchain in 2024 is the Ethereum chain with 33 incidents. The top 5 others are listed below:

Image

Experts at Smart Betting Guide have provided a guide on the best ways to keep your crypto safe in 2024.

1. Do not store your password and seed phrase on the Cloud 

For many people, the best and most convenient way to access crypto is through an exchange or a crypto wallet.

Cryptocurrency wallets store users’ public and private keys while providing an easy-to-use interface to manage crypto balances.

These exchanges require you to create an account with a password, and wallets give you extra security through the use of a seed phrase.

Seed phrases are a sequence of random words that store the data required to access or recover cryptocurrency on blockchains or crypto wallets. Hackers will often attempt to steal these to gain access to your crypto and steal it.

It is vital that these passwords and phrases are not stored in the cloud or on a device that could potentially be hacked. Instead, write these down, or get them engraved on a metal card (to protect against water damage or fire) and store them somewhere secure within your property.

Finally, no crypto protocols or their customer support staff will ever ask for this information from you, so if someone asks for it they are trying to steal your crypto.

2. Use a hardware wallet instead of an exchange

If you want to ensure your crypto is completely protected, a hard wallet is the best choice. This is a device such as a USB thumb drive that securely guards a crypto user’s private cryptographic keys in offline or “cold” storage, ready to be used online to complete a crypto transaction whenever you are ready.

These are much safer than keeping crypto on an exchange; like with the FTX collapse, users lost billions of dollars of crypto stored in their wallets. Hardware wallets ensure that your crypto is safe from hackers and exchange collapses alike.

Pros: Cannot be accessed by anyone online and is completely secure from online attacks, also prevents loss of crypto from exchanges collapsing

Cons: Could be lost or damaged physically, rendering the crypto useless (although some come with backup features now)

3. DYOR – Do your own research

A rug pull is a scam where a cryptocurrency or NFT developer hypes a project to attract investor money, only to suddenly shut down or disappear, taking investor assets with them.

These scams can often be well disguised, which makes them very difficult to spot. Many may be advertised across social media and entice investors through the promise of making lots of money.

This is why it’s important to do your own research before investing your money in any cryptocurrency or NFT.

Here are the things to look out for when thinking of investing in a new or unknown crypto:

• Developers 

Investors should consider how credible the team behind the project is. Are they known in the crypto community, and do they have a good or bad track record?

Be sure to check the legitimacy of social media accounts. Have they just been created, or is there a clear history that the person is who they say they are?

Anonymous developers are a red flag, and any projects are approached with caution. Anonymous developers are a red flag, and any projects are approached with caution.

• Whitepaper 

It is important to check the quality of the white paper; this is a document that explains the purpose of a project and how it works.

For a cryptocurrency, the whitepaper is a guide to its technology, features, and goals. If the whitepaper seems vague or doesn’t offer a valued use case or tokenomics, then it could be a potentially risky investment.

• No liquidity locked

One of the easiest ways to distinguish a scam coin from a legitimate cryptocurrency is to check if the currency is liquidity-locked.

With no liquidity lock on the token supply in place, nothing stops the project creators from running off with the entirety of the liquidity.

Investors should also check the percentage of the liquidity pool that has been locked. A lock is only helpful in proportion to the amount of the liquidity pool it secures. Known as total value locked (TVL), this figure should be between 80% and 100%.

• No external audit 

It is now standard practice for new cryptocurrencies to undergo a formal code audit process conducted by a reputable third party. One notorious example is Tether, a centralized stable coin whose team had failed to disclose that it held non-fiat-backed assets.

An audit is especially applicable for decentralized currencies, where default auditing for DeFi projects is a must. However, potential investors shouldn’t simply take a development team’s word that an audit has taken place. The audit should be verifiable by a third party and show that nothing malicious was found in the code.

4. Verify fake apps and fake crypto exchanges 

These are a very popular type of scam and target many investors, however, new investors are more likely to be impacted by these as they may be unsure of what to download.

These fake apps can be used to steal money, cryptocurrencies, or seed phrases and passwords.

The best way to avoid these scams are:

• Never search for crypto apps directly from an app store. Always find the direct download link or redirect link to the app store from the company’s official website or whitepaper.
• Check for the number of app downloads and number of reviews – if these are low, this is a red flag
• Check the developer of the app, this should be verifiable and come from the official company. Check for spelling mistakes and also other apps made by the developer.

5. Take extra security measures

Finally, there are some basics that should be adhered to, which can protect your day-to-day date and accounts as well as your crypto.

• Never click links on emails you are unsure of where they originate from.
• Set up Two Factor Authentication (2FA), this means hackers would need your phone to hack you even if they have all your other account details.
• Don’t click popups or links that come up on the internet or social media
• Be cautious of any messages you receive from people who say they can ‘make you money fast’. These have become popular across social media and utilize fake accounts to try and get your money.

A spokesperson from Smart Betting Guide commented:

“Hacks, scams and rug pulls not only pose a threat to individual investors but cast a shadow on the broader narrative of cryptocurrency as a revolutionary force in finance. They erode trust, stifle innovation, and impede the progress towards a more inclusive and decentralized financial future. Therefore, the task at hand goes beyond personal security; it is a shared responsibility to fortify the foundations upon which the future of finance stands.” 

[Featured Image Credit]

The first report—“The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI”—demonstrates how, in the future, scammers could leverage technology like ChatGPT to conduct fraud on a massive scale with minimal technical skills.

However, a second report, titled “Cybercriminals Can’t Agree on GPTs,” found that, despite AI’s potential, rather than embracing large language models (LLMs) like ChatGPT, some cybercriminals are skeptical and even concerned about using AI for their attacks.

The Dark Side of AI

Using a simple e-commerce template and LLM tools like GPT-4, Sophos X-Ops was able to build a fully functioning website with AI-generated images, audio, and product descriptions, as well as a fake Facebook login and fake checkout page to steal users’ login credentials and credit card details.

The website required minimal technical knowledge to create and operate, and, using the same tool, Sophos X-Ops was able to create hundreds of similar websites in minutes with one button.

“It’s natural—and expected—for criminals to turn to new technology for automation. The original creation of spam emails was a critical step in scamming technology because it changed the scale of the playing field. New AIs are poised to do the same; if an AI technology exists that can create complete, automated threats, people will eventually use it. We have already seen the integration of generative AI elements in classic scams, such as AI-generated text or photographs to lure victims.

“However, part of the reason we conducted this research was to get ahead of the criminals. By creating a system for large-scale fraudulent website generation that is more advanced than the tools criminals are currently using, we have a unique opportunity to analyze and prepare for the threat before it proliferates,” said Ben Gelman, senior data scientist, Sophos.

Cybercriminals Can’t Agree on GPTs

For its research into attacker attitudes towards AI, Sophos X-Ops examined four prominent dark web forums for LLM-related discussions.

While cybercriminals’ AI use appears to be in its early stages, threat actors on the dark web are discussing its potential when it comes to social engineering.  Sophos X-Ops has already witnessed the use of AI in romance-based, crypto scams.

In addition, Sophos X-Ops found that many posts were related to compromised ChatGPT accounts for sale and “jailbreaks”—ways to circumvent the protections built into LLMs, so cybercriminals can abuse them for malicious purposes. Sophos X-Ops also found ten ChatGPT-derivatives that the creators claimed could be used to launch cyber-attacks and develop malware.

However, threat actors had mixed reactions to these derivatives and other malicious applications of LLMs, with many criminals expressing concern that the creators of the ChatGPT imitators were trying to scam them.

“While there’s been significant concern about the abuse of AI and LLMs by cybercriminals since the release of ChatGPT, our research has found that, so far, threat actors are more skeptical than enthused. Across two of the four forums on the dark web we examined, we only found 100 posts on AI. Compare that to cryptocurrency where we found 1,000 posts for the same period.

“We did see some cybercriminals attempting to create malware or attack tools using LLMs, but the results were rudimentary and often met with skepticism from other users. In one case, a threat actor, eager to showcase the potential of ChatGPT inadvertently revealed significant information about his real identity. We even found numerous ‘thought pieces’ about the potential negative effects of AI on society and the ethical implications of its use. In other words, at least for now, it seems that cybercriminals are having the same debates about LLMs as the rest of us,” said Christopher Budd, director, X-Ops research, Sophos.