October 26, 2021
Cyber Risk

Crypto is not cryptic if you know how to use it securely

Cryptocurrency has surged in popularity and investments, with Indians joining the bandwagon of various cryptocurrency wallets and exchange services mushrooming in the startup ecosystem. In fact, in a hugely anticipated move, India got its first cryptocurrency index, which will monitor the fluctuations of the prices of fifteen popular cryptocurrencies listed on global exchanges. Like anything with a solid and lucrative digital market, cryptocurrency has attracted bad actors looking to defraud unaware people like anything with a solid and lucrative digital market.

What are some of the crypto-crimes being perpetrated in India?

India is an emerging market for this segment. Several attacks driven by traditional means, such as phishing and account takeovers, have been historically associated with bank frauds. The base remains the same, but the playground has been changed. Users fall prey to fairly simple scams such as crypto-mining due to the lack of awareness and vigilance.

Indians are infamous for downloading torrents and browsing pirated websites. Cybercriminals use such websites to attract users to leverage the user’s hardware (CPU, RAM) to mine bitcoins. Unfortunately, no law exists to punish crypto-crimes that still fall under the larger gambit of ‘cyber fraud. As a result, there has been a considerable shift from direct bank frauds to crypto mining crimes.

The other means to catch a user unawares is through crypto spear phishing. In a few cases, exchange employees share a list of crypto owners from their database with cybercriminals for a price, after which the threat actors start phishing campaigns via emails and Text/WhatsApp messages with malicious links.

Lastly, crypto-blackmailing is the newest means to exfiltrate cryptocurrency. Organized criminal gangs honeytrap young users via social media platforms. They capture sensitive videos, messages, or images and then blackmail them.

How vulnerable are crypto owners in India to such crimes?

A report claimed that users of the Indian crypto exchange CoinSwitch Kuber have started spending an average of 27 mins per day on the app. At the beginning of this year, the average time was 13 minutes per user. However, the challenge is that users engage in these technologies without exploring the privacy and security features provided by wallets and exchanges. For instance, most users do not know that crypto wallets have an option called ‘whitelisting,’ which minimizes fraud. Users treat crypto wallets as traditional e-wallets such as PayTm or PhonePe. In reality, they forget that it's nearly impossible to retrieve once crypto accounts are lost, and the cryptocurrency is siphoned off. The Government of India has not recognized cryptocurrency as a legitimate form of investment, hence limiting redressal options.

What can be done to ensure security for cryptocurrency?

Since the foundation of cryptocurrency is blockchain, it is secure by design. However, organizations using blockchain to design apps and services may not be securing their end of the deal. Businesses need to educate users about security and threats in cryptocurrency. Once the end-user is adequately informed, only then will cryptocurrency be considered safe.

The best ways to remain one step ahead of cybercriminals include:

  1. Activating two-factor authentication on your wallets and email services.
  2. Wherever possible, use biometric authentication.
  3. Do not click on links on emails/forwards/messages from unknown sources.
  4. Avoid downloading attachments from suspicious emails.
  5. Keep a tab on big data breaches to see if your information has been leaked. Our mobile app, SAFE Me, can help you track these developments, alert you in real-time, and also guide you toward best practices on cyber hygiene.