Many people have heard of it but don’t
really know how it works.
The crypto craze is an investment trend that’s grown in popularity the last decade. Many people seem to think it’s a quick way to get rich, but the Federal Trade Commission (FTC) found cryptocurrency accounted for the second highest scam losses in 2021.
So, what is it?
Cryptocurrency is a volatile digital payment system which does not rely on banks to verify transactions. Instead, it uses blockchain technology and does not exist in a physical form. It’s not regulated by any particular institution, like government or banks.
There is a big difference between the cryptocurrency and traditional currency. It’s not insured by a government like U.S. dollars deposited into an FDIC insured bank account. If your cryptocurrency account is ever compromised, the government has no obligation to help get your money back.
Why is cryptocurrency so popular?
Many people relate the digital coin world to a precious commodity with a limited quantity, like gold. There are only so many coins available. The most popular versions are Bitcoin and Ethereum, but there are more than 19,000 different cryptocurrencies.
Investment or Gamble?
Like any investment, cryptocurrency can be risky. Some people, including well-known investors, consider it more of a gamble. If you plan to get into this form of currency, it’s recommended to have your finances in order. Don’t invest more than you can afford to lose. As you would for any investment, understand exactly what you’re investing in and start small.
Protect Yourself and Accounts
Guard your wallet. Just like your physical wallet, your cryptocurrency wallet security is essential. Lose the key and you could lose your funds permanently.
Use multi-factor authentication. It increases security because if even one credential becomes compromised, unauthorized users may be unable to meet the second authentication requirement.
Utilize a virtual private network (VPN). It protects you as your computers data traffic is routed through an encrypted virtual tunnel. A VPN is highly encouraged for cryptocurrency trades, purchases and payments.
Avoid Falling For Scams
A 2022 Better Business Bureau (BBB) study found cryptocurrency created a fertile environment for scams resulting in financial loss. BBB Scam Tracker data show that social media is the most common place victims find cryptocurrency scams. The FTC reports that 25% of all scams in 2021 began on social media.
Do not believe there are guaranteed returns. No one can ensure how an investment will perform.
Only scammers demand payment in cryptocurrency. No legit business will demand you to send crypto payment in advance.
If you’re a victim, report it.
Law enforcement agencies have pursued cases involving large cryptocurrency losses. Before an investigation can take place, victims need to report complaints and scams to help protect other people from falling victim.
Here is a list of where reports should be filed, click the name to file an online.
- Federal Trade Commission (FTC) or call 877-FTC-Help
- Commodity Futures Trading Commission (CFTC)
- U.S. Securities and Exchange Commission (SEC)
- Internet Crime Complaint Center (IC3)
Take Precautions
The best defense is prevention. The tips below, while not all-inclusive, can help protect your business and personal devices from attack:
- Install the Russian keyboard option in your Windows system – Some Russian malware gangs program their malware to check for the presence of Russian (or other Cyrillic) keyboards on the system. If they find it, they may not attack that system. While not a guarantee, this is a simple step you can take, for free, that will not impede your use of your system in any way:
- Hit the Windows button and “X” at the same time
- Select “Settings” then “Time and Language” then “Language”
- Scroll to the Russian or other Cyrillic option.
- Pick one, then reboot.
- Hit the Windows button and “X” at the same time
- Maintain offline, encrypted backups of data, including system images and configurations. Test your backup data and files regularly — after all, there’s no need to pay ransom for data that’s accessible via backup.
- Install software updates and patches as soon as possible.
- Ensure that antivirus and anti-malware software is set to automatically scan and update.
- Establish basic security practices and policies for employees, including strong passwords and multifactor authentication.
- Educate employees on social engineering and phishing, including how to spot red flags and report suspicious activity.
- Restrict internet access. Use a proxy server for Internet access, and implement ad-blocking software. Restrict access to common ransomware entry points, such as social networking websites.
- Use a secure email gateway/system to detect and block malicious emails, flagging external emails to alert employees of potential spoofing.
- Block all unauthorized software from executing on all devices and servers.
- Conduct regular vulnerability scanning and perform penetration testing to find and patch vulnerabilities.
- Apply a policy of “least privilege” to all systems and services; users can only access required platforms.
- Monitor your server, network and backup systems to detect unusual file access activities and network activity.
- Implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification to lower risk of spoofed or modified emails from valid domains.
Methods of Attack
Attackers have many methods of delivering malware, including:
- Phishing emails:
An email recipient opens a malicious attachment or clicks on a compromised link. - Drive-by download:
A compromised website downloads malware onto your device without your knowledge. - Strategic attacks: These attacks target software vulnerabilities.
- Remote desktop protocol compromise: A user logs on to a computer remotely, and hackers use brute force methods and credentials which they purchased on the dark web.
Responding to an Attack
If you ever experience a ransomware attack, don’t panic, take these steps:
- Disconnect the infected system from the network to contain the spread.
- Determine if a decryption key may be available; other organizations may have investigated similar malware.
- Restore files from regularly maintained backups.
- Notify your financial institution, customers and third parties that might have been affected by the attack.
- Contact a cybersecurity expert or consulting firm
- Reporting the attack! Contact a local Federal Bureau of Investigation (FBI) Field Office and/or file a complaint the FBI’s Internet Crime Complaint Center.
Important Legal Disclosures & Information
These articles are for general information purposes only and are not intended to provide legal, tax, accounting or financial advice. PNC urges its customers to do independent research and to consult with security, financial and legal professionals before making any financial decisions. This site may provide reference to internet sites as a convenience to our readers. While PNC endeavors to provide resources that are reputable and safe, we cannot be held responsible for the information, products or services obtained on such sites and will not be liable for any damages arising from your access to such sites. The content, accuracy, opinions expressed and links provided by these resources are not investigated, verified, monitored or endorsed by PNC.
Read a summary of privacy rights for California residents which outlines the types of information we collect, and how and why we use that information.
