What to do if you’ve been Scammed
If you’ve fallen victim to a cryptocurrency scam it’s critical to take immediate action. At Crypto Consulting NZ, we specialize in scam support services tailored to your specific needs. We’ll help you confirm if you’ve been scammed, guide you through documenting your case, and provide expert advice on what to do.
Whether it’s a Phishing Scams or Rug Pulls our team can assist with every step of the process to ensure you’re informed and protected moving forward.
What Are Phishing Scams?
Phishing is a common type of cyberattack where scammers send fraudulent emails, text messages, or social media messages containing links to malicious websites. These websites might host malware (such as ransomware) that can damage systems or trick users into revealing sensitive information like passwords or transferring cryptocurrency.
Phishing attacks can target anyone, from individuals to large organisations, and are often part of broader crypto scams in NZ. Some phishing campaigns cast a wide net, sending fake messages to millions of people. However, more targeted efforts, known as spear phishing, focus on specific companies or individuals. Scammers use personal or company information to make their messages appear more credible, increasing the likelihood of success.
History Of Phishing Scams
Phishing, as a term, was first coined in the 1990s, originating with the creation of AOHell, an automated phishing tool that targeted AOL users. AOHell allowed scammers to steal credit card details and passwords from unsuspecting victims, setting the stage for many other phishing tools that followed.
Around the same time, email became a popular method for cybercriminals, with scammers launching early phishing campaigns like the infamous “Nigerian Prince” scam. In this scheme, attackers posed as royalty, promising vast sums of money in exchange for small advance payments or access to the victim’s bank details. Despite its simplicity, the Nigerian Prince scam remains active today, with losses totaling $2.5 billion globally in 2020, according to the FBI’s Internet Crime Complaint Center (IC3).
By the late 1990s and early 2000s, phishing attacks grew more sophisticated, with scammers posing as legitimate companies like PayPal, using emails embedded with the Mimail virus to steal personal information. Over the years, phishing evolved, with attackers developing increasingly complex tactics such as Business Email Compromise, spear phishing, domain spoofing, and whaling.
New Forms of Phishing Attacks
In recent years, several new phishing techniques have emerged, including:
- Pharming: Malicious code is installed on a victim’s device, redirecting them to fake websites designed to steal their sensitive data.
- Evil Twin Phishing: Attackers set up a fake Wi-Fi network that looks identical to a legitimate one. When users connect to it, scammers can steal their data.
- Angler Phishing: This method uses fake social media posts to trick users into revealing their login credentials or other sensitive data.
- Search Engine Phishing: Scammers create fake products or services that appear in search engine results. When victims click on these links, they are encouraged to enter sensitive information to complete a transaction.
Phishing continues to adapt, making it a persistent threat to individuals and organizations, especially within the cryptocurrency world. Understanding its history and evolution can help kiwis better identify and avoid falling victim.
How Does Phishing Scams Work?
According to the FBI’s 2023 Internet Crime Report, phishing remains the most common type of cyberattack, continuing to outpace other forms of fraud.
Phishing attacks have evolved significantly from the simple “spray-and-pray” tactics of early scams like AOHell and the Nigerian Prince. Modern attackers now use more advanced techniques to target specific individuals or organisations. These scams often rely on social engineering to manipulate victims into revealing sensitive information.
Clever scammers impersonate legitimate organisations, “spoof” email addresses, and craft convincing emails that appear to be from a trusted source. These emails may contain malicious attachments or links that direct victims to fake websites designed to steal login credentials, financial details, or other personal information. In some cases, the attachment can infect the victim’s device with malware, enabling further data theft or damage.
Phishing remains one of the most dangerous threats in the digital landscape, and crypto investors in New Zealand are particularly vulnerable due to the irreversible nature of cryptocurrency transactions.
Types Of Phishing
Phishing attacks come in many forms, each designed to deceive individuals into revealing sensitive information or installing malicious software. Here are some of the most common phishing techniques that kiwis should be aware of:
Standard Email Phishing: In a standard email phishing attack, scammers send mass emails to potential victims, asking them to share personal information or login credentials. These emails often appear to be from trusted organisations, making them highly effective, particularly in organisations with low awareness.
Spear Phishing: Unlike standard phishing, spear phishing targets specific individuals. Attackers carefully craft personalized emails that appear to come from a legitimate source. By including specific details, they make the message seem authentic, leading the victim to trust the sender and respond.
Whaling: Whaling attacks focus on high-level executives or “big fish” within a company. These attacks use sophisticated social engineering tactics to manipulate victims into transferring large sums of money.
Business Email Compromise (BEC): In a Business Email Compromise (BEC) attack, scammers spoof the email address of a legitimate account owner, often a senior executive or financial officer, to deceive employees into transferring money or revealing confidential business details.
Malware Phishing: In malware phishing, attackers send emails containing Malware. When the victim downloads the attachment, malware is installed on their device, allowing the attacker to steal data or monitor activities.
New Phishing Techniques Emerging in Recent Years
Phishing scams are constantly evolving, with scammers finding new ways to bypass security. Some of the more advanced phishing techniques include:
Polymorphic Phishing Scams: Polymorphic phishing scams involve making small changes to an email’s elements, such as subject lines or sender information, to avoid detection by signature-based email defense systems. This makes the phishing emails harder to block or flag.
Browser Hijacking: In browser hijacking, scammers manipulate search engine results to redirect users to malicious websites. Once on these sites, attackers can generate fraudulent advertising revenue, collect user data, or log keystrokes to steal credentials.
Dynamic Phishing with Man-in-the-Middle (MitM) Attacks: This sophisticated attack involves sending phishing emails with URLs that direct the victim to an attacker-controlled server. The server impersonates a legitimate company’s website, fooling the victim into entering login credentials or financial details, which are then captured by the attacker.
What to Do If You’ve Been Scammed
If you’ve fallen victim to a Phishing Scam, it’s crucial to act quickly. While the decentralized nature of cryptocurrency makes recovering funds difficult, there are steps you can take to mitigate the damage.
Crypto Consulting NZ offers scam support services to guide you through the recovery process. Here’s what you should do:
- Document Everything: Save all correspondence, screenshots of transactions, and any relevant details about the scam. This information will be critical.
- Alert Your Bank: If you’ve shared bank details, contact your bank immediately to flag any suspicious activity or halt future transactions.
- Use Crypto Consulting NZ’s Scam Support Services: Crypto Consulting NZ specializes in helping victims of crypto scams by offering expert advice, guidance on documenting your case, and support through the process
- Secure Your Devices and Accounts: If your personal data or login credentials have been compromised, reset all passwords, enable two-factor authentication (2FA), and scan your devices for malware.