You’ve probably read, heard about or even know someone who has got their account hacked. It is a huge problem as bitcoin is becoming a commodity used by the masses. Hackers are using all sorts of clever tactics. Social engineering and account takeovers seem to be becoming the norm.
The issue here is this – when people do not take enough care securing their accounts, their funds are in danger. Treat it as you would a bank account because this is what it is essentially. Your very own bank account, controlled by you. The best and the worst about bitcoin is that the transactions are irreversible. This is why we need to make sure we protect and secure our wallets and funds properly.
Social engineering is used by hackers by manipulating people into giving up sensitive info for them to gain access to their accounts. The types of info they are after can vary but normally they are tricking people to give away their passwords or financial accounts’ info to gain access and empty the unsuspecting victims’ accounts of their hard earned money.
We all should take extra care about what info we share on the internet. Here are some ways that fraudsters use social engineering to get access to your accounts.
It could be something like a simple email from Paxful.
Emails are sent out to phish for your details, for example asking you to log in and enter your password.
If a criminal is able to hack or socially engineer a person’s email password and gain access to their contact list, they can easily wreak havoc. People often use the same password for many different services and this also gives them access to all of the contacts that the fraudster can now easily target.
The messages by criminals will try and get you in different ways.
- Asking for help
- Email from Paxful stating that there’s a problem with your account
- Baiting scenarios
Criminals use compelling headlines or messages, normally containing a link or download that will infect your machine with malware. It will be taking advantage of human emotions, whether it is asking for help or pressing for urgency. They may often also be offering something specific that you may want as bait.
They may be contacting you seemingly from a service that you use. For example – Important message from your bank asking you to log in and verify some transactions let’s say. The email will be branded and will look exactly like the service provider. You may not even notice at first glance that it isn’t a legitimate contact. They will use email addresses that are similar but have a letter swapped for example. So if the phishing attack would be coming from someone impersonating Paxful. The email might look like this – [email protected]
Always make sure when entering your details that you are in fact on https://paxful.com/
Verizon account takeover
There was a very compelling story written on the 1st of June by Cody Brown on Medium: How to lose $8k worth of bitcoin in 15 minutes.
This personal story hits a lot of people right in the feels because this happens more often than we’d like to think. To cut the long story short – a hacker got access to his phone number through Verizon just confirming their billing info. He got notification via text notifying him that an alternative authentication had been set up prompting him to get in touch if it was not him. Verizon, however, failed to respond to his calls as they were out of hours and the hacker got access to his phone number.
From gaining access to that they could easily swap his number and send confirmation texts to the new one. In this case the criminal got access to gmail and his account where he stored his bitcoins. The hacker then continued to empty the account of $8000 worth of bitcoin. He was targeted probably via a tweet where he mentioned specifically what exchange he kept his coins on.
This is not an exceptional case and is in fact something that happens quite often. Read more on this in a great article about hackers on Forbes.
How can we prevent this from happening?
Here’s what you need to do to keep your account safe
- Use Google Authenticator or Authy instead of 2FA via text
- Use 2FA with Authenticator for all your accounts online – your email providers or any other account where your personal info is accessible
- Use different passwords and login details for different accounts
- Be cautious of what info you give out publicly on social media
We would also strongly recommend setting up 2FA for withdrawals from your wallet. This way if a hacker gets access to your account they won’t be able to send any coins out.
Here’s a guide on how to set up 2-factor authentication.
If you are already signed in, follow this link to set up 2FA in your account.
We work around the clock to keep you safe
Paxful uses geolock to prevent hacking attempts, this means if someone tries to log in from a different location we will temporarily lock your account until you’ve verified that it is you.
To take your account security to the next level, also please set up strong security questions that you will remember. You will need these in case you need to restore access to your account or change account details.
Paxful will never contact you to ask for your login details