This is not about losses where people get rug pulled or a Luna-type disaster, the focus here is on hackers and how they use new and increasingly more cunning methods to infiltrate your PC or phone. There are some alarming new techniques hackers use to infiltrate your device and consequently steal any crypto you have and even though crypto hodlers are not the only ones in danger, they are a very attractive target for these scammers since all they need to do is somehow infiltrate your device, lurk along how you log in and where, and they can do it themselves on their own device and drain your crypto wallets. The emerging of these new methods may very well have something to do with the crypto Telegram groups and other online platforms where we recently saw an alarming increase in hodlers wondering what on earth happened as their wallets got drained.
I'm no hacker or computer wiz so I don't have all the answers, but I think by at least talking about it and sharing known examples, we minimize the possibility that some of these used methods will find new victims. So on that note:
Actuallyanexe.doc ?
Let's start off with the latest and possibly most worrying tactic: Executables and other dangerous files that can install spy/malware, camouflaged as "harmless" other file types. Yes you read it correctly, our greatest fears have become a reality. Downloaded something without thinking twice because the file was "just" an image or MS office document? Chances are you just ran something which gave hackers eyes and ears or even remote access over your device. Be very careful what you download and to be sure to double check the file type in properties because simply viewing the document logo (which can easily be changed into anything) or the file extension (which can now be changed as well) doesn't cut it anymore!
Dubious websites
This may be the most common and oldest one. Websites with bad intentions covertly installing junk on your device when you visit them. I have a web extension from the same antivirus I use on my device to help minimize this threat, but again, be careful what you install as an add-on since you may actually cause more harm than good. Be sure you only download things from the legitimate and verified companies and not some random add-on from just anyone.
Fake wallets
This is pretty much the same as the add-on warning but still worth mentioning because people seem to still be falling for it. Don't let your judgement get clouded by reading reviews which are 100% of the time fake on these phishing wallets, be sure you choose the actual wallet from a verified and trusted source, not just some wallet with tons of "good reviews" and a cool interface.
Paid Google Ads
This happened already a few times but will probably happen some more. People searching for something to install and clicking the "top" Google search result which was a scammer's paid ad waiting to casually spy on you when you type credit card info, passwords or when you access your crypto wallets.
Files within files within a script
This may be the most dangerous one to detect or avoid. The problem is that if the infection is about to take place via a script within a document they manage to get you to open, chances are it will download the malware via the embedded link without your antivirus or other PC protection detecting the imminent danger as the document itself is not what's dangerous and thus infecting you, the script the document gets you to click on does. It sounds like gibberish if you just read/hear it I know, this short video explains it better with visual examples:
Impersonations/Hacked accounts
Our mans Vitalik thought a Paris Saint-Germain player would impersonate him in order to scam people on Twitter.
Yeah, nah, more likely, hackers and scammers gain access to high profile accounts and send out malicious links or entice people to do dumb things like send scammers their crypto to prove that they hold it in order to receive double or triple in return. You know, because the only way for anyone to verify you really hold crypto is for you to send it, there is no other possible method.??
Fake scam accounts approaching you
This one we actually covered already so I'll just link it here.
Not so cold wallet
Think you have a cold wallet and are thus eternally secure? Then read up and don't repeat this mistake:
Saved passwords/log in data
Just don't. First off, if your device ever gets stolen or damaged, you might now no longer know your own login data anymore because you are not reminding yourself by daily typing it in but more importantly, many browsers save your login/password in documents which hackers can gain access to and encrypt and voila; all your saved login data and passwords very conveniently displayed along with which websites you use them on, in one easy to read file in a third party's hands.
Fake mining or trading bot scams
If it sounds too good to be true, it almost always is. From time to time many old scams reemerge looking for newcomers in the crypo sphere, these false claims vary from saying you can "mine" Bitcoin or that you can use some miracle "trading bot". The mining scam varies in tactic but the method is the same: You need to pay the fee in Bitcoin or have at least 0.005 BTC on the so called "mining wallet" before you can use it. Now you can then see the so called mining wallet increase in value with every passing minute. Obviously this was all HTML manipulation where the digits on the screen represent nothing and you send scammers actual Bitcoin. Something you'd only find out later on when you try to withdraw.
This seriously happened to me a few years ago. I actually got a scam email from by own bank with their actual email address, requiring me to click on something to help secure my bank account. I'm not making this up and deleted it way back then already to prevent me from ever accidentally clicking on it, but this seriously really happened. How this happened I will never know but I contacted my bank and forwarded the message to get to the bottom of it and at first, there was this careless customer service guy with the standard "oh yeah, this is a scam impersonating us, delete and don't click on it" reply. After I kept calling and demand to get answers, some regional manager replied with his personal email and thanked me for bringing it to their attention and that they would investigate. I never heard anything again. But my guess is someone working there could see my transactions and knew I was in crypto and decided to use the standard/shared email address so no one could pinpoint it to him and hoped I would just click on it, so even if I replied and others working there could see the scam email, my PC would already be compromised and he/she would be in the clear anyway because no one would know exactly who sent it from the shared mailbox. But again this is just me guessing so who knows really, it could be a number of things, bottom line remains the same though: You can never be too careful.
