Bitcoin security tips

Crypto crimes: Direct Message Scams

Instant messengers let scammers target victims privately and pressure them to act recklessly. Stay informed to avoid being a victim of message scams.

Direct message (DM) scams are the modern version of a tactic that has existed for hundreds of years in different forms. Letters from imprisoned noblemen, emails from deposed African kings, and DMs from Adam Back all fall into the same category of social engineering, as a way to deploy various scam tactics.

A common format is to get the victim to send funds by promising large returns, but DM scams encompass a whole book of tricks designed to make you give up your money. While they may still take the form of an advance fee scam — pay now, be rewarded later — the instantaneous nature of DMs grants scammers much more flexibility in creating and selling a narrative, enhanced by close, real-time contact with the victim. Scammers can answer questions, assuage fears, and put pressure on their target to increase the likelihood of the scam working.

This article takes a look at some of the different ways scammers operate over direct message, and lays out some guidelines to help you avoid these scams in future. If you’ve been a victim of a direct message scam and would like to contribute your insight to this piece, please reach out using the comment section.

Contents:

• Problem: Direct messages from scammers appear on every platform
• Why scam messages are so effective
• How direct message scams work
• Warning signs of scam messages
• How to protect yourself from direct message scams
• What to do if you are scammed over direct message
• Case study: Fake support agent
• Case study: Impersonators

Problem: Direct messages from scammers appear on every platform

One of the places you are most vulnerable to a DM scam is on social media. Many of us have public profiles which anyone can reach out to by direct message, so scammers can glean personal information about their victim and tailor messages to be more personalized, making victims more likely to respond.

The problem with social media is that few people observe good practices for protecting their personal information. Public profiles should ideally be anonymous, or at least pseudonymous, to prevent strangers from finding out valuable information. People’s online accounts and public comments reveal a lot and allow anyone to build a personal profile that can be leveraged by scammers.

The Only Way to Protect Your Data is to Never Provide it

Public forums, message boards and social media feeds are often used to ask questions and seek help. In crypto, asking for help makes you a target for impersonators and other attackers. Of all the platforms, Reddit is among the worst, with users reporting scammers approaching through DMs any time a cryptocurrency-related question is posted. The huge number of ‘throwaway’ accounts run by scammers and bots are exacerbated by a lack of moderation, meaning victims need to identify the scam themselves or risk losing their funds.

In the next sections, we’ll cover why direct message scams are so effective and how they work, both from the social engineering side and in terms of the payload: some scammers will send you to phishing sites while others are interested in harvesting data to use in another form of attack, such as mailing victims compromised hardware wallets, offering exclusive access to fraudulent trading groups, tricking users into sharing their seed phrase, performing SIM swaps, or for carrying out identity fraud.

Why scam messages are so effective

Direct message scams depend on three factors to be successful:

1. Attacks are personalized: scammers will reach out to users who are part of a specific group and therefore likely to respond to the narrative the scammer has created. They can then tweak and personalize their conversation to each individual.
2. It’s cheap to hit and run: running a scam of this sort can be as simple as creating a new free account and sending some messages. Even at scale, automation using bots is simple and lets attackers filter for more suitable targets.
3. There are always more victims: the success rates for message scams are a tiny fraction of those targeted, but there is little stopping the scammer from simply moving on to another target. While security education is slowly improving, many people still do not treat DMs with proper caution.

All three of these point highlight that message scams are endemic to communications channels. While there is an argument for enforcing stricter moderation on platforms, it is unlikely to have much impact. The most effective thing that can be done is to raise awareness and continue to reduce the number of potential victims through education.

How direct message scams work

Messaging apps linked to social profiles create the perfect environment for scammers to be creative. There are hundreds of stories a scammer can tell, from wild fiction to perfectly plausible, but there certain frameworks that regularly appear.

Common tactics used by scammers

These are some common ways scams are presented which take place on messenger apps:

Helpers are scammers who will find people posting for help with crypto issues. This is an easy way to find desperate people who are more likely to trust the scammer. Helpers will either talk the victim into giving up access to their accounts or seeds, or link the victim to a phishing website that harvests seeds or contains malicious software. Helpers pretending to be Trezor support are common on Reddit, so always remember that Trezor support will never start a chat.

Service providers will present themselves as employees of desirable services such as trading groups, high-interest lending or staking, crypto miners, or other type of business. Promising high returns for modest investments, they can appear legitimate and even deliver some profits — in traditional ponzi style — before disappearing with the funds.

Impersonators are fake accounts designed to look like accounts of celebrities or influencers. They may even have a large following if they have access to hijacked or fake accounts. Impersonators can flatter the victim before asking for help or offer a special opportunity like free coins, trading courses or more. Impersonators are particularly common on Twitter.

Bots can serve different functions, from broad to very specific. They are rarely designed to be clever, rather they target many accounts at once to serve links to malicious sites or to test whether the target is likely to fall for one of the scams tactics above. Bots have a large attack surface and even experienced users can fall victim to them in a lapse of attention.

Remember that even if an online chat with a stranger seems innocent, they could be extracting information to use in another scheme. Simple questions can reveal a lot about you and your security model. Never provide any information that could reveal your address, finances, or any other sensitive information in DMs.

Warning signs of scam messages

There are many ways to present a scam, from obvious to subtle. Warning signs like typos are often intentionally included in the scam message to filter out more cautious targets, but it’s not always the case.

Some of the red flags that can indicate a scam is taking place include:

Modified username: imposters often use celebrities’ usernames modified with special characters. If you are contacted by someone claiming to be a famous account, make sure you check the name is correct

Low follower count or young account age: followers can be a good sign that someone has a reputation. Low-follower accounts or new accounts can indicate that the account is run by scammers. Unfortunately, follower counts can be gamed using bots or compromised accounts, so always proceed with caution.

Links to tools and services: never click on an unknown link sent by a stranger. There are many ways a link can be malicious, and you could end up installing malware or giving critical data to a phishing portal.

Typos, poor grammar: as mentioned above, these can be used to identify people who are more likely to fall for the scam. In these cases some people are tempted to ‘mess’ with the scammer, but it is better to simply report and ignore such messages as you may inadvertently give them more information than you intend to, or give them a reason to double-down on trying to attack you.

Overly interested in your habits: questions about your trading or investment preferences and other personal information is often part of getting users to buy-in to the scam, but it can also reveal information that can later be used against you.

Promising financial return: often imposters of high-status accounts will promise unbelievable returns on small investments, or even to simply double your coins. Remember that crypto transactions are generally irreversible so any money you send can not be recovered.

Sense of urgency: scammers will often create stressful situations to force you to act quickly and overlook red flags. If you are ever told about a security risk, it is best to look for official communication from Trezor — it is very unlikely that an exploit has been discovered without it first being disclosed to security teams by researchers. Always remain calm and perform proper checks before thinking of responding to these kinds of messages.

It is best not to play with scammers because it can cause the situation to escalate. It is likely they are part of an organized crime group with multiple tools and resources at their disposal. Physical dangers are very real in the crypto space, as criminals know that self-custody assets like Bitcoin can not be recovered and will physically harm their victims to extract information. Do not share personally identifying information online and make a habit of reporting scammers without responding to them.

Even seemingly obvious scams can claim less diligent victims, so we as a community need to protect our most vulnerable members. Make sure to report and publicly share information about scams so we can better combat this growing problem.

How to protect yourself from direct message scams

Avoiding scams depends on a combination of knowing what warning signs to look out for, and protecting your private information as a matter of routine.

1. Be wary of anyone who contacts you. Trust has no place in crypto — always verify the legitimacy of any query that lands in your inbox before acting upon it, and avoid clicking on unfamiliar or unsolicited links. On sites like Twitter you can close your DMs to the public so only accounts you follow can contact you, minimizing your exposure to these sorts of scams.
2. Understand what data is critical to security. Your recovery seed is the master key to all your crypto addresses and private keys. Never enter it on a network-enabled device and never share it with anyone. Only use your seed if your Trezor shows instructions to do so on its display, and only enter your seed using the method specific to your device.
3. Don’t trust numbers alone. Follower counts, app ratings and other data can help identify scams, but they can be faked. Take extra steps to verify whether the person contacting you is actually who they claim to be. Official high-profile accounts have been hacked in the past, so be careful even if the account can be verified.
4. Use a hardware wallet. The safest place for your seed is offline. Trezor hardware wallets create and store your seed permanently offline. As long as you follow instructions and don’t voluntarily share your seed online, there is no way for a scammer to access your funds.
5. Don’t accept message requests without reason. Just because someone contacts you does not mean you need to engage with them. Only accept messages where you know the sender.
6. Be more private online. The only way to protect your data is to never give it out. Anonymize your social media accounts and do not share personal information anywhere. There is always an alternative, such as using a drop-off point for deliveries and having multiple email addresses for different purposes.
7. Be especially wary of discussing crypto online. Never discuss how much you hodl, even if it seems small. As bitcoin’s value increases, you will inevitably become a target for theft. As an asset designed for self-custody, you must take responsibility for security more seriously.

What to do if you are scammed over direct message

Native digital currencies can make digital crimes more efficient. Decentralization means that there’s no-one with the power to reverse a transaction, so criminals have a higher chance of getting away with any money they steal. Even cryptocurrencies which are not properly decentralized will likely not take steps to restore the funds unless the amount is significant and many users were affected.

Transparency of blockchain networks allow funds to be traced but organized scammers have tactics to cover their tracks. The reality is that once funds are stolen, they are likely lost forever. That said, it is still important to share information publicly to help others avoid the scam, and potentially receive support from the community to trace and even freeze the funds, should they be sent to any centralized exchanges.

If you have been targeted by a scammer sliding into your DMs, feel free to share your experiences in the comments below. Below are some examples of what a conversation with a scammer may look like.

Case study: Fake support agent

In the below scenario, a user asked a question on the r/Trezor subreddit. Within minutes they were approached by a user impersonating Trezor support. The scammer behind the account offers to solve the user’s issue by providing a plausible explanation for why it is not working, and then directs the user to a phishing site made to look like the official Trezor website.

Warning signs:

1. The scammer initiated the conversation: Trezor support will only respond to incoming DMs.
2. Nonexistent solution: Trezor Model One wallets do not currently support Cardano. This can be easily verified by visiting the Trezor coin list.
3. Link to unofficial website: the target rightfully identifies that the link is not the official Trezor website, https://trezor.io. The linked site is a phishing scam made to look identical to the Trezor homepage.

Solution:

While Trezor support do moderate the official sub-Reddit, there are too many scammers to shut down. Instead, Trezor launched Trezor Forum last year to provide a safer, more strictly-controlled environment for support and discussion. If you need help with a hardware wallet issue and want to avoid being messaged by scammers, use Trezor Forum instead of Reddit.

Trezor Forum: community support and troubleshooting

Case study: Impersonators

Here we’ll look at a typical DM scam that took place on Instagram, where a user with over 50,000 followers is being impersonated. The scammer uses the account’s notoriety to offer an investment opportunity, attempting to gain trust by pretending to know the victim. The end goal of the scammer is to have the user transfer capital to their scam investment platform.

Warning signs:

1. Poor spelling. Misspelling ‘cryptocurrencies’ and ‘Coinbase’ helps avoid spam filters.
2. Asking for investment. Never agree to unsolicited investments. If an investment is worthwhile it will not need lone users to promote it through DMs.
3. Promising unbelievable returns. Even the world’s best fund managers could not guarantee a 500% return on an investment.
4. Pretending to know the victim. When the victim says he’ll text by phone, the scammer adapts by responding with a message pretending to know the victim, saying “I know you know how to trade very well”.

Solution:

To avoid this situation, it is easiest to restrict messages to people who you follow. Using the steps outlined above, other advice here would be to verify the account by carefully checking the name, follower count and post history — this scammer would fail the check at the first hurdle if the target check the account name carefully.

by Anthony Allen