Thomas Daniels

Published On: 07/11/2024
Share it!
Social Engineering Scams Threaten Crypto Users, Says Coinbase CISO
By Published On: 07/11/2024
Coinbase

Jeff Lunglhofer, Chief Information Security Officer at Coinbase, warns that social engineering scams represent the most significant risk facing cryptocurrency users today. In a recent interview with crypto.news, Lunglhofer detailed the rising prevalence of these scams, which target both novice and seasoned crypto enthusiasts.

“Social engineering scams are by far the number one threat to crypto enthusiasts and crypto holders and investors today,” Lunglhofer stated, underscoring the heightened frequency of these attacks in recent years.

Three Steps to Avoid Social Engineering Scams

To combat these scams, Lunglhofer recommends a three-pronged approach to protect crypto assets.

1. Ignore Unsolicited Calls from “Reputable” Sources
Lunglhofer advises ignoring unsolicited calls from people claiming to represent exchanges like Coinbase or Kraken. If users receive such a call, he suggests they hang up immediately and contact the company directly through official channels. He estimates that following this approach could prevent “up to 80%” of social engineering scams.

2. Understand Self-Custody vs. Exchange Custody
A critical distinction for crypto users is between self-custody and exchange custody. In self-custody solutions like Coinbase Wallet, users hold full control over their private keys and must safeguard their seed phrases, which should never be shared with anyone. In contrast, exchange custody involves third-party management of private keys, with the provider taking on responsibility for security and asset management.

3. Avoid Sending Crypto to Unknown Contacts
Lunglhofer’s third piece of advice is to refrain from sending cryptocurrency to anyone unknown or unverified. Scammers frequently exploit emotional vulnerabilities through romance scams, a tactic that became more common post-COVID as many sought online connections.

“I feel like, particularly post-COVID, people were just lonely, and were vulnerable to [romance scams], and it’s heartbreaking to see people go through that. They just want to be loved,” Lunglhofer added.

The Growing Threat of Deepfake Technology

Lunglhofer also pointed to the growing use of deepfake technology, which scammers deploy to impersonate trusted figures and manipulate victims into sending funds to fraudulent accounts. As deepfake capabilities improve, he advises users to verify all video communications, as AI-driven scams now include fake calls from “family members” asking for financial support.

In response, Coinbase has incorporated AI and machine learning to detect potential fraud, monitoring user activities and support chats for warning signs of scams or account takeovers.

Strengthening Cooperation Among Crypto Platforms

Beyond social engineering, Lunglhofer emphasized the need for greater collaboration across cryptocurrency platforms. Coinbase is an active participant in the Crypto Information Sharing and Analysis Center (Crypto ISAC), an initiative focused on sharing knowledge about emerging threats, scam trends, and security vulnerabilities within the industry. As a board member of Crypto ISAC, Lunglhofer is optimistic about the impact of these partnerships on bolstering the overall security of the crypto ecosystem.

“What a great opportunity for crypto companies to come together to share information… share information about scams, trends that we’re seeing, or vulnerabilities that might affect the broader crypto ecosystem,” Lunglhofer commented.

By spotlighting social engineering risks and the importance of inter-company cooperation, Lunglhofer underscores Coinbase’s commitment to strengthening cybersecurity standards across the industry, as fraud tactics continue to evolve.

source