FRAUD AND SCAMS
This is a small guide to prevent fraud and scams
CryptoLocalATM is aware of the recent increase of Bitcoin related scams. Because of this, CryptoLocalATM urges users to educate themselves about Bitcoin itself, and have full confidence in transaction partners.
Bitcoin transactions are untraceable and irreversible. Past incidents include scammers posing as the local police.
We urge you not to send Bitcoin to any unfamiliar third party under any circumstance. If you require further information about the claim, we encourage you to contact the corresponding agency directly.
Feel free to contact CryptoLocalATM support lines for any additional assistance!
Before sending any bitcoins please check these links if a given address has been registered as a scam. This does not give you the certainty that the wallet is safe the sites listed below are the result of reports from other users if you have any doubts contact us we will investigate for you. But please contact us before using our ATM and not after only in this way can we protect you . Thank you.
Receipts of unexpected packages
1. The scammers create websites of alleged shippers with tracking of consignments for their victims.
2. The scammers provide to lure their victim via email or through a website that they themselves have created to offer products at ridiculous prices.
3. The criminals will thus begin to trigger emails with a hypothetical shipment.
4. Demographics of victims: people looking for bargains at bargain prices, the elderly, recent immigrants, young people (students with little knowledge of computer systems).
This scam is carried out by criminals who start by building a fake website by simulating a shipping service (express courier) with traceability that they create themselves. Then they lure their victim by email (fake amazon, ebay or various marketplaces or simply send a shipment tracking) where they point to their fake site, show the status of the “shipment” at customs, awaiting payment.
In the email, the victims will be instructed on where to go to make the payment, at any bitcoin atm and for this they will give you the coinatmradar.com link to see the bitcoin atm closest to you (coinatmradar is a website where everyone is present the atm of the world). Then they will tell you to scan the qrcode of the “package” and then insert the cash for the payment of the customs (the qrcode they will give you is nothing more than the scammer’s bitcoin wallet), thus simulating the payment to the “shipping company”.
Be careful because the email is well done, also indicating to the victim to bring any identity documents to identify the user and to forward the payment receipt to the scammers themselves.
These scammers use the bargain of the moment or the awareness of attracting the customer with expensive products at low prices or simply receiving a free package. The scammers will do everything in their power to keep the victim with the desire to get “that package”. Pressing the victim to act immediately otherwise the package rolls back.
Do not trust these emails, especially if you know that you have not placed an order in an ecommerce and therefore do not wait for any packages. No shipping company has an agreement with us or with any ATM provider, so when they try to take you to maps where ATMs are positioned to pay for a package or shipment, know that you are a victim of a scam.
Pyramid or Ponzi schemes
1. Scammers create sites or ads often with fake screenshots or videos showing stratospheric earnings by investing in a certain financial product or service with payment in bitcoin or cryptocurrencies in general.
2. Scammers will instruct you on how to deposit bitcoins on their platform, often enticing you to buy them from third party services or simply with their own cash from any bitcoin atm.
3. The criminals will start making sure that you can view huge earnings on your smartphone for the sole purpose that you can deposit more and more by guiding you on where and how to buy them.
4. Demographics of the victims: elderly, recent immigrants, young people (students with little knowledge of legal systems) and workers who receive illegal payments.
Pyramid or Ponzi sales systems are scam schemes often used by cyber criminals to steal the money of people interested in Bitcoin or other virtual currencies. These schemes are not born in the digital world but in the sales of non-existent products or services.
Thanks to a sort of cascade system that works through the Sant’Antonio chain, anyone who brings a new customer into the system earns a percentage of the sales of that particular person. This system is also used for the sale of some crypto-currencies. Too bad that after months of investment and work we will not receive anything since there is no virtual currency behind the company that hooked us.
These scammers use emotion and stress to cloud the judgment of their victims. The scammers will do everything in their power to keep the victim with the desire to get more and more money. Pressuring the victim to act immediately and deposit more and more.
There are no guarantees or 100% fixed profits in a single day, week or month and there is no such thing in the world of cryptocurrencies that in order to withdraw bitcoins you will have to deposit other bitcoins. So it’s a blatant scam to avoid.
The word ransomware refers to a class of malware that makes the data of infected computers inaccessible and demands a ransom payment, in English ransom, to restore them. Technically they are cryptographic Trojan horses and their sole purpose is the extortion of money, through a “file seizure”, through encryption which, in practice, makes the PC unusable. Instead of the classic background we will see a notice appear that appears to come from the police or another security organization and proposes an offer. In exchange for a password capable of unlocking all the contents, he orders to pay a fairly high sum of money: generally the currency used is bitcoin, the electronic currency. The goal of the bad guys is, therefore, to beat cash.
How to pay the ransom? Behind the ransomware industry there are not simple hackers, but real criminal organizations that have reached a high level of efficiency and organization: therefore, after having encrypted all the files, they will make a screen appear on the attacked computer where detailed instructions are given. (often in good Italian!) to access the TOR network and pay the ransom.
One of the main channels for spreading ransomware is the banner ads of sites with adult content. But emails are also used (very similar to phishing emails) that invite us to click on a certain link or download a certain file: email that is masked so that it is sent by someone we trust, for example a work colleague. Furthermore, cybercriminals do not reserve the right to exploit vulnerabilities present in various programs – such as Java, Adobe Flash and Adobe Acrobat – or in various operating systems. In the latter case, the malicious software propagates itself without the user having to take any action.
The vectors of infection used by ransomware are essentially the same as those used for other types of malware attacks:
The most common, because unfortunately it works very well, are phishing emails: through this technique, which uses social engineering (social engineering), more than 75% of ransomware are conveyed. All of us will have ever received emails from shippers, or with fake bills attached. They are obviously phishing emails, but statistics tell us that in 30% of cases these messages are opened by users and even attachments or links in emails are clicked in over 10% of cases, thus allowing the infiltration of malware!
Despite the virulence and spread of ransomware, there are simple rules of thumb that can help us avoid them. We will list them here in summary:
Never open email attachments of dubious origin. If in doubt, it is advisable to ask the sender if that email is authentic!
Beware of emails also coming from known addresses (they may have been hacked in a way known as “spoofing”).
Enable the “Show file name extensions” option in the Windows settings: the most dangerous files have the extension .exe, .zip, js, jar, scr, etc. If this option is disabled we will not be able to see the real file extension.
Disable the automatic reproduction (“autorun”) of USB sticks, CDs / DVDs and other external media and, more generally, avoid inserting these objects into our computer if we are not sure where they come from. This attack mode is called “Baiting”: it consists in using a bait for a person able to access a specific computer system (a sort of Trojan horse). In practice, a storage medium such as a USB key or hard disk containing malware (which will activate as soon as the object is connected to the computer) is left unattended in a common place (company entrance, canteen, public bathroom). And human curiosity makes this bait work in many cases and the person inserts the unknown key into their computer …
Disable the execution of macros by Office components (Word, Excel, PowerPoint). A malicious macro could be contained in an attachment in Office format and be automatically activated following our click.
Always update operating systems and browsers. In general, it is a good rule to always and immediately install the security “patches” (updates) that are proposed to us by the manufacturers of the software we have installed.
Use – when possible – accounts without administrator rights: if an account with administrator privileges and access is breached, the attacker can use the same privileges to perform more actions and do more damage. Conversely, a non-administrator user has limited privileges and the same limitations will be transferred to the attacker
Install effective and advanced Antispam services. They will not be able to block all phishing emails, but the best ones still manage to achieve an efficiency higher than 95%.
Implement “User Behavior Analytics” (UBA) solutions on the corporate network (web traffic anomaly analysis). These tools represent the most advanced protection against ransomware today. In fact, it is known that these malware exhibit a series of typical behaviors (access / write to system folders, connection to external servers for downloading encryption files, etc.). The UBAs therefore analyze the behavior of each computer in the company and are able to understand if “anomalous” events are occurring (such as for example an above average data traffic, access to IP addresses classified as malicious, and writing to system folders that should not be used). Upon detection of anomalous and suspicious events, they can isolate the offending computer and block (at least limit) the attack.
Implement the use of Sandboxing: these tools are generally present in UBA systems (referred to in the previous point) and allow you to analyze suspicious incoming files in an isolated environment (precisely the “sandbox”).
Make sure that the plugins you use (Java, Adobe Flash Player, etc.) are always up to date. These plugins – it is known – represent a preferential entry route for most cyber attacks. Keeping them up to date reduces the vulnerabilities they are affected by (although it does not completely eliminate them).
Always be careful before clicking on banners (or pop-up windows) on unsafe sites. As I have already explained, ransomware can strike us not only through phishing, but also by visiting sites that have been “infected”, with the so-called “drive-by download” method.
Frequent backup of your data. This is a fundamental rule: if despite everything a ransomware manages to hit us, the only salvation is to have your data saved in another place. And it is important that the backup is performed frequently and completely. In the absence of a backup, only the option to pay the ransom remains, which we strongly advise against since you will never know if they will actually unlock everything or ask for more money. The advice we are also is to always report everything to the police.