Credit: REUTERS/Jim Urquhart
The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media.
Victims are lured in with fake Bitcoin wallets, fake Bitcoin search services, fake surveys about Bitcoin, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with Bitcoins, according to a report released this week.
"The same characteristics that make Bitcoin attractive to people who want to make money distributing ransomware make it attractive to scammers," said Philip Tully, senior data scientist at security vendor ZeroFox, which published the report.
Those characteristics are that it's decentralized, anonymous, and irreversible, he said.
"When people have Bitcoins taken from their wallets, there is no one to complain to," he said. That's not the case with traditional payments. "With a bank, a lot of banks will let you immediately stop transfers and compensate you for lost value."
This makes Bitcoin extremely attractive for a wide variety of scammers. And when the scams are deployed via social networks, they have the potential to reach large numbers of people quickly.
But people who fall for one of these scams don't just lose their own money, and possibly, the respect of their friends. They also lay the groundwork for potential future infections -- infections that could do harm to the companies where they work.
For example, scams that take users to phishing sites could also then install malware on employee computers.
"And now you have corporate data that's at risk," said Evan Blair, co-founder and chief business officer at ZeroFox.
Companies also need to keep an eye on these scams in order to protect their own reputations.
Scammers will sometimes try to leverage existing brand names. For example, they might claim that a particular too-good-to-be-true Bitcoin promotion comes from a well-known bank.
Brands that are already experimenting with Bitcoins are particularly vulnerable, since the scammers can use that legitimate activity to give their scams a bit more credibility.
Companies can protect their employees from these kinds of scams through user education, and through blocking malicious sites. They can also report the scams directly to the social media platforms.
However, it can be hard to keep up, since scammers can use templates to generate these websites.
"For every one Instagram was taking down, three new scams created," said Blair. "It's an exponential curve."
Plus, it can take days, weeks, or month to get a social media site to remove a scammer from its network.
Sign up for Computerworld eNewsletters.