FAKE ID – How Crypto Hackers Are Trying To Steal Your Identity Right Now (And What To Do About It)
Hacking is the number one security concern this year, and nowhere is it more prevalent than in the world of cryptocurrency.
New and emerging technology, combined with novice investors who like to flaunt their cryptocurrency knowledge on social media platforms like Youtube, make for easy targets for cryptocurrency hackers; and it’s not just money they’re stealing, but your identity too. In fact, you’re much more likely to have your identity stolen online than your home being broken into, or being involved in a traffic accident, according to this article.
Why Does Identity Theft Matter?
It could be argued that in this age of mass data creation and consumption, living with the threat of identity theft is just something anybody who uses the internet has to deal with, and maybe it’s not such a big deal. Julia Angwin, writing for The Wall Street Journal argued almost a decade ago that maybe we don’t even need to worry about it at all – that the risk is so low and the loss usually minimal, that perhaps the real risk is we are being conned into paying for privacy protection services (like VPN services to keep us safe while browsing in public places) that we don’t even need.
But a decade ago is like a lifetime ago when it comes to the age of technological advancement. Now, it’s not just a case of somebody stealing your credit card details and going on an electronics shopping spree.
In 2018 and beyond, not only are hackers intent on stealing your money and / or exploiting weaknesses in businesses and companies, they’re also stealing your identity to commit other crimes in your name, which could lead to ruined credit records, piles of fraudulent debt, false arrest and imprisonment, and even false medical records. With a simple Google search, one can find Australian Fake ID companies seemingly operating with impunity ready to sell “Legal Fake ID’s” for less than $70.
But How Much Risk Is There For Cryptocurrency Investors?
The statistics are vague – most accounts are first-hand, issued through social media, or hypothetical ‘this could be a risk’ style warnings in reddit forums. The facts are clouded though, because cryptocurrency is still so new and emerging – it’s almost impossible to survey something with any really reliable data in an industry that for the most part has remained virtually inaccessible to the mainstream consumer until 2017, when the rash of exchanges opening up, which, combined with mass publicity, meant that now any average investor could access cryptocurrency.
Despite the weak statistics, the first-hand accounts are scary enough to warrant at least considering protection against identity theft. And when you consider the process required to purchase cryptocurrency – that is, to verify your identity on an exchange – which usually requires some form of photo ID such as your passport, driving licence, etc, plus all of your contact details, date of birth, etc – and the amount of phishing sites that exist designed to lift that information with scam sites and duplicate (and highly convincing) ‘look-a-like’ sites, it’s apparent how easy it could be for a would-be hacker to quickly and easily steal your identity, take your crypto – or worse.
Thankfully, most hacks appear targeted at exchanges, companies, and token providers, rather than at individual consumer level – think about the infamous Mt Gox hacking, and the more recent Verge cryptocurrency hack. But personal hacking is still definitely a risk, particularly if you have any sort of profile or visibility online – Ian Balina, a high-profile cryptocurrency investor, trader and advocate, recently lost over two million dollars to hackers, which he accredited to his carelessness while livestreaming and accidentally revealing his email address.
(Yes, even revealing your email address is like advertising an open door to crypto hackers).
How To Prevent Hackers Stealing Your Identity And Your Money
Phone-hacking is one of the number one ways hackers gain access to your email, which they can then use to hijack your funds. The scariest part is that it’s so simple – hackers can simply call your network, pretending to be you, and request another sim with the same number.
Fabrice Grinda, a prominent investor and entrepreneur, detailed in February this year how it happened
‘The hackers had been very sneaky. After they got control of my cell phone number, they sent themselves a reset password text message at my domain manager to get access to that. They left my existing Exchange mailbox intact, but created a new mailbox and switched the MX record to point to that mailbox. It took a few hours for the MX record change to propagate so I still received emails for a few hours. Also, because they did not reset the password of my Exchange email I did not get an incorrect password message that would have aroused my suspicion. Once the MX record change had propagated, they were able to use their control of my email and access to my cell phone (given that I required text confirmation in addition to control of my email) to reset the password for my Dropbox, Venmo, Twitter, Gmail, Coinbase, Xapo, Uphold and Bitstamp accounts’.
To prevent phone hacking from happening to you, call your provider and set up a password that will be required before any changes to your mobile phone can be authorised.
On your mobile itself, consider using the LogDog app, which reviews your installed apps for any security threats and alerts you to possible suspicious behaviour. It can also scan your email and messages to ensure you’re not unwittingly sharing sensitive details which could leave you vulnerable.
‘Going grey’ online could also help protect you, meaning that you assume a virtual identity that makes you harder to hack. Most hackers will need some sort of information about you such as your date of birth – if you’ve put this as public information on Facebook, for example, then you’re making their job easy. Keep your information private, or ideally, false. Forgo those social media birthday wishes for your safety and security.
If you discuss cryptocurrency or your holdings anywhere online, then you might want to use a false identity and / or at the very least, ensure you don’t talk about your holdings and where they are stored publicly – and definitely not while livestreaming, where it’s so easy to make a careless mistake that immediately leaves you vulnerable to hackers.
You could also consider individual email addresses for every place your cryptocurrency is stored, and ensure that 2FA authentication is enabled for every possible site and app you use, in particular for gmail, and where possible, unlink your phone from your security settings.
Privacy and identity hacking is a very real crime, but it’s important not to get too paranoid about it – it’s essentially the digital version of having your wallet pickpocketed on the street, and by taking the right steps to ensure you’re protected, you can help prevent this happening to you.