Casa Blog - Bitcoin Security Made Easy

"Hey! I wanted to know what you know about bitcoin mining? I have a friend that just got $13,000 from a $1,000 investment, and they are now trying to get me to do it."

If you’ve worked in the bitcoin space as long as I have, you immediately dismiss this message as a scam, but the ugly truth is not everyone works in the bitcoin and security space.

This is a real and scary message I recently received from a friend. We will call her Katie. I immediately dismissed the message as my friend being hacked and a scammer using her account to target me via DM to steal my money.

After a quick text message verification to Katie, she confirmed that she did, in fact, send that message and was curious about bitcoin mining based on her own friend's “investment recommendation.” We will call him Doug.

Bitcoin mining beyond your wildest dreams!

As someone who tried his hand at mining, I let Katie know the message she received from Doug sounded typical of other scam messages I’ve seen prior. Bitcoin mining profits do not work that way. Katie, however, was new to bitcoin, and she was ready to invest a large amount of money with Doug and Doug’s crypto “investment coach.”

The coach had an Instagram account with many followers, a URL listed for their investment website, and various pictures of their bank accounts, financial reports, luxury goods, and vacations. Doug’s profile was starting to resemble the luxurious lifestyle of the coach. Who wouldn’t want to live the same life?

If it sounds too good to be true, it probably is

I spent a lot of time persuading Katie that she was talking to a scammer who was either using Doug’s account or impersonating him. Often, scammers will create fake accounts to impersonate people you know to try to gain your confidence.

These “fake-friend” accounts will scrape all your friends' real photos and repost them under the fake account. Other fake accounts will engage the photos with likes and comments to provide legitimacy. Another tactic scammers use is to hack (or purchase a hacked) social media account and use the account to run scams through DMs and posts to a victim’s friends and family.

In this case, Katie was adamant that Doug was real. They knew each other in real life, and Doug was only trying to share sound investment advice and access to the coach, or so she thought.

crypto-scam-direct-message
Be wary of investment-related messages, even from people you already know. This is a common scam tactic.

Ask yourself: If someone was making this much money, why are they spending time trying to get you to give away yours? Why are they not busy making more money with their foolproof method?

Red flags are moments of hesitation that determine our destination

Katie continued to message me about the investment program over time. I tried to convince her that the program was not real, but I had the feeling that she was going to eventually lose her money.

At one point, I relented. If Katie was still going to invest — let adults be adults — then I offered to join a group phone call with the coach to assist Katie through the onboarding process and initial investment. In reality, I figured if I could ask the scammer about their business and practices on a call, then maybe it would prove to Katie it was all an illusion.

I identified multiple red flags in the scammers’ communications:

🚩 The scammers’ investment website linked in their profile had no news, SEO, or backlinks to it. Most reputable bitcoin businesses have a long and varied history that can easily be researched.

Scammer insight: The website is fake and easily deployed and easy to take down. The site only exists to steal your money.

🚩 Katie asked the scammer how taxes work at the end of the year on the investment. The response she received was “there are no taxes and you’re only charged 20% on your commission,” which is false. Most people in bitcoin know the pain of having to report taxes at the end of the year due to taxable events from transaction activity.

Scammer insight: Scammers don’t want you to fixate on the details, or else you’ll realize it’s a scam. Delusions of grandeur keep us from thinking logically.

🚩 There was a tiered payment structure showing the more someone “invests” the more they make, but the numbers do not make sense, similar to Ponzi schemes.

scheme-showing-impossible-profits

🚩 Doug and the coach both had pictures on their social media of charts trending up, stacks of money, luxury items, vacations, mobile notifications, and screenshots of bank balances. These screenshots can easily be faked in a matter of seconds and are usually shared across multiple scams and platforms. Why would someone needlessly make themselves a target?

success-graph

🚩 The coach stated the company was registered and protected by another entity. I performed an open-source search and could not find registrations for any of the company names, especially not relating to bitcoin.

🚩 Doug and the coach were both quick to remind Katie repeatedly they were not involved with any fraudulent activity, the process was “100% safe and guaranteed,” and there would be a 5-hour withdrawal period for all the money she was about to make.

Scammer insight: This reassurance keeps you, the target, moving forward and provides the scammer with enough time to get away if you start to express concerns.

When in doubt, shout!

I recalled Katie knew Doug in real life prior to the investment conversations. Katie could easily prove if Doug had accumulated this magic knowledge by simply text messaging or calling them, assuming Doug’s phone was not under compromise. After proposing this to Katie, a few minutes went by.

“I just texted Doug and he said he was hacked!” Katie told me. “His Instagram was taken over and he can’t change his password and get back in! It’s crazy what these scammers are capable of.”

Yes, it is scary

The above attack is not scary because of how it’s performed, how long it takes, or the amount of effort needed. It’s scary because it’s effective. It’s an effective, low-effort trick that is stealing millions of dollars each year. And because people fall for it, one can only wonder how many scams exist that we don’t hear anything about.

We need to educate ourselves about how scammers operate. They do not need to perform a long-con engagement for a big win. More simply, can they get 60 of their 2,500 followers to send them $1,000? If so, $60,000 for a few hours of work is worth more to the scammer than the heartache and misery you and your family will feel about losing your hard-earned money.


Secure your bitcoin now

Casa makes self-custody easy for everyone. Our multi-key vaults protect your bitcoin from accidents, hackers, and more. Learn about our plans here.