Speaking with CNBC, Google’s email security lead Mark Risher talks about securing your bitcoin from online hackers. Beyond adopting various technical options to better secure your accounts from attack, how much you reveal about yourself online could increase the chances of both being scammed and successfully so.
Whether you are a minnow or a whale in the crypto-market, you can get caught in the net.
“It could just be a case of mistaken identity or guilt by association. They could be using someone who seems to be low value to pivot toward somebody considered a higher value target, like somebody political in nature…Or maybe they saw that you were discussing Bitcoin on a public message board,” said Risher to CNBC.
That’s the nature of scammers and hackers today; they now have an arsenal of first-hand information that not long ago was never before accessible. Because of social media and other public webspaces where personal information is shared, what you post (or posted about you) can increase your chances of being targeted.
Risher said, for example, that some cryptocurrency wallet providers allow users to reset a wallet though email. As such, attackers will find posts by a victim on social media or on public message boards and use this information to attempt to break into their email account. By doing so, the attacker can then reset the digital wallet, open it, and steal the funds.
Additionally, personal information posted online can be used by scammers to craft a more individualized approach in their deception: “You might think of this generic ‘Dear Sir or Madam, I am contacting you to ask you for a favor,’ but the truth is many of these attackers have done some serious research on their victims…So you might get what we call ‘social truth’ in your message,” said Risher.
These “social truths” are described in the article as personal details which are partial to your own life. Bad actors make use of your online data to make their initial contact appear authentic.
Online criminals are also keen on using smaller targets to reach bigger ones down the line. Risher states, for instance, that “If you’ve ever volunteered for a political campaign, gone to a dinner party hosted by a CEO or worked for a well-known technology company,” you might become a target.
So what can you do to reduce the risk of being targeted and attacked? First, limit your disclosure of personal information and don’t discuss wealth or how much cryptos you own online. By not doing so, you not only increase the chances of becoming a target but also of being successfully attacked. Secondly, ensure your passwords are not common ones or tied to your personal information (such as your pet’s name) and be sure to use secondary verification options such as two-factor verification. Be mindful of the security of old/unused email accounts which can be utilized by cybercriminals to breach newer/active accounts. Lastly, keep a general mindfulness when interacting online, especially if you can not be certain of the authenticity of the person on the other side of the screen.
As always, it is most secure to store your cryptocurrency in an offline hardware wallet and to never store any information associated with that wallet digitally (be it a local text document or a google document). This would compromise the offline security of the hardware wallet if hackers were able to access the wallet’s seed words, for instance.