Beware of new crypto scams targeting investors in Singapore

Published
Updated

The police and the Cyber Security Agency of Singapore (CSA) have issued a warning about new cryptocurrency scams that have resulted in significant monetary losses.

These scams involve phishing websites, deceptive investment opportunities, and fraudulent job offers that compromise victims' cryptocurrency assets.

Scammers are using social media platforms and fake advertisements to lure victims with seemingly lucrative cryptocurrency investment opportunities.

Victims are directed to Telegram channels under the pretence of accessing exclusive market insights.

To join, they are asked to complete a CAPTCHA verification, which appears to be faulty. When they attempt to bypass the verification by entering a PowerShell command as instructed, they unknowingly execute malicious code that compromises their cryptocurrency wallets.

Victims searching for DeFi platforms often encounter paid advertisements that redirect them to phishing websites. These fraudulent sites trick users into connecting their cryptocurrency wallets, which then execute hidden smart contracts that drain funds from their accounts.

Scammers are also reaching out to job seekers through LinkedIn messages and emails, offering fake blockchain-related job opportunities.

Victims are asked to download malicious files under the guise of a work evaluation or to join interviews via compromised links.

These files contain malware designed to extract browser extension data and wallet details, leading to financial losses.

To safeguard against such scams, the police and CSA recommend the following precautions:

  • Use secure wallets: Store cryptocurrency in hardware wallets, which are less vulnerable to online attacks. Ensure software wallets are from reputable sources and regularly updated with security patches.
  • Enable strong security measures: Use strong passwords, activate two-factor authentication (2FA), and never share private keys, recovery phrases, or seed phrases with anyone.
  • Monitor account activity: Regularly review your wallet and online accounts for unauthorised transactions. Revoke suspicious token approvals via blockchain explorers or wallet interfaces.
  • Be wary of phishing attempts: Avoid clicking on unsolicited links, downloading unknown attachments, or running unverified commands. Always verify links with official sources.
  • Stay informed: Keep up to date with the latest security threats and best practices in cryptocurrency safety through trusted sources.

Use secure wallets: Store cryptocurrency in hardware wallets, which are less vulnerable to online attacks. Ensure software wallets are from reputable sources and regularly updated with security patches.

Enable strong security measures: Use strong passwords, activate two-factor authentication (2FA), and never share private keys, recovery phrases, or seed phrases with anyone.

Monitor account activity: Regularly review your wallet and online accounts for unauthorised transactions. Revoke suspicious token approvals via blockchain explorers or wallet interfaces.

Be wary of phishing attempts: Avoid clicking on unsolicited links, downloading unknown attachments, or running unverified commands. Always verify links with official sources.

Stay informed: Keep up to date with the latest security threats and best practices in cryptocurrency safety through trusted sources.

If you suspect that your cryptocurrency assets have been compromised:

  • Contact your cryptocurrency exchange immediately to halt further transactions or freeze your account.
  • Review and revoke any suspicious token approvals using your wallet interface.
  • If your wallet's seed phrase is compromised, transfer remaining assets to a secure wallet.
  • Report the incident to the police.
  • Report fraudulent cryptocurrency phishing websites to CSA's SingCERT at singcert@csa.gov.sg or via the incident reporting form at www.csa.gov.sg/singcert/reporting.

Contact your cryptocurrency exchange immediately to halt further transactions or freeze your account.

Review and revoke any suspicious token approvals using your wallet interface.

If your wallet's seed phrase is compromised, transfer remaining assets to a secure wallet.

Report the incident to the police.

Report fraudulent cryptocurrency phishing websites to CSA's SingCERT at singcert@csa.gov.sg or via the incident reporting form at www.csa.gov.sg/singcert/reporting.

As cryptocurrency scams continue to evolve, staying vigilant and adopting strong security practices are crucial in protecting digital assets.

For information on scams or to report suspicious activities, the public can call the police hotline at 1800-255-0000 or submit information online at www.police.gov.sg/i-witness.

For urgent assistance, dial 999.

Verify potential scams by calling the 24/7 ScamShield Helpline at 1799 or by using the ScamShield app.

Visit www.scamshield.gov.sg for more information.

As cryptocurrency scams continue to evolve, staying vigilant and adopting strong security practices are crucial in protecting digital assets.

Have a story to share? Send it to us by emailorWhatsApp

Get more of Stomp's latest updates by following us on:
Share this article
Loading More StoriesLoading...