blog

Is Zeniq legit or a scam?

We recently found Zeniq being promoted on several online forums, so our Intel team decided to look at it. On their website zeniq.com, Zeniq claims to be a “Blockchain ecosystem for finance and investments.” In essence, the Zeniq platform will supposedly allow you to exchange cryptocurrencies and to invest in different projects. In their FAQ section, they say: Everyone who has purchased the ZENIQ “HUB 01” will get the minting option to produce ZENIQ Coins. The earlier you buy your ZENIQ “HUB 01”, the earlier you start minting and therefore you get more ZENIQ Coins. The minting option does not apply to the ZENIQ HUB “02”.

To invest in this project the investor must buy the Zeniq Hub to mint Zeniq coins. So, when the coin appreciates in value the investor can then sell it or exchange it for another cryptocurrency and make money.

Appriasal of Zeniq

We begin the appraisal of Zeniq with the most critical factor, the Zeniq Coin. The Zeniq websites clearly states that the Zeniq Coin runs on the Zeniq Blockchain.

But all we found listed on their website is an address to an ERC 20 token in the Ethereum blockchain, and not the Zeniq Blockchain. So where is the Zeniq blockchain? The explanation given by Zeniq is this: The ZENIQ coin is on its own blockchain, but since it is not (yet) listed on other exchanges, we have wrapped the ZENIQ coin and made it an ERC20 token (https://etherscan.io/token/0x5b52bfb8062ce664d74bbcd4cd6dc7df53fd7233) so it can be traded on Uniswap (https://info.uniswap.org/#/tokens/0x5b52bfb8062ce664d74bbcd4cd6dc7df53fd7233), for example. As soon as the ZENIQ exchange is ready, the ZENIQ coin can be traded on it. If ZENIQ is listed directly on an external exchange, it can be traded earlier.

Since Zeniq claims that ” The ZENIQ coin is on its own blockchain,” we simply ask where is this blockchain? Where is the code? Bitcoin and Ethereum all have their code base publicly published where anyone can read it and check that it is what its founders claim it to be. Simply saying that Zeniq has its own blockchain is not enough, for all we know the Zeniq blockchain might be a pie in the sky.

Also, we noticed there is no whitepaper on the Zeniq website. A whitepaper is a document that lays out the background, goals, strategy, concerns, and timeline for implementation for the project. It should have accompanying resources such as financial models, legal concerns, SWOT analysis, and a roadmap for implementation. All we have on the Zeniq website is a list of milestones. This is a huge red flag.

The next thing we looked at was the company location and its license status. Zeniq claims in its website to be a “Limited Liability Company in DIFC Freezone.” This is true but looking at the details of the company on the DIFC website we found two red flags. The date of incorporation is listed as 24th May 2021 and the type of license is listed as Non Regulated.

non-regulated license simply means that the business is not regulated. Such licenses are given to firms providing non-financial goods and services, for example, consultancy services. Looking at the company overview we see consultancy services is listed.

Notice that its stated business activities have nothing to do with providing financial services, which is in line with the type of license given, but this is in variance with what Zeniq claims on its website.

The next red flag is the date of incorporation. The timeline on Zeniq website shows the Official Sale of the ZENIQ Hub as far back as August 2020.

Since the incorporation date is 24th May 2021, it means Zeniq was running an unlicensed and unregistered scheme for close to 9 months while making its customers and the public think otherwise.

A last point of concern is its CEO, Erwin Dokter. A search on the internet showed him as the CEO of another crypto project called JUWELIS Digital Systems AG.

A perusal of a past version of the website shows it has the same crypto services and offerings as Zeniq. For instance, below is a comparison of the fifth question of the FAQ from Juwelis Digital to that of Zeniq. Notice that both are identical.

Currently, the Juwelis Digital website is showing a coming soon banner, the above screenshots were from an earlier version of the website from the Internet archive’s way back machine.

From the foregoing, we can infer that Juwelis Digital was the first scheme propagated by Erwin Dokter, after it flopped, he quickly rebranded it to Zeniq. The is indeed a huge red flag for who is to say Zeniq will not become inactive tomorrow and when the dust settles gets rebranded as something else?

Putting it all together, we have a project with no whitepaper and blockchain, it started operation before it was incorporated, its license says it is unregulated and it is a copy of a past failed crypto project. Due to the afore mentioned reasons, we recommend that you do not put your money into Zeniq.

Spotting Cryptocurrency Mining Scams

As cryptocurrency continues to witness a boom, so also has cryptocurrency scams. Chainalysis, a blockchain analytics firm, reported that scammers made away with a whopping $14 billion in cryptocurrency in 2021. One of the ways scammers were able to dupe crypto investors and enthusiasts was through the pretext of cryptocurrency mining.

Cryptocurrency mining occurs when a node (a computing device on the cryptocurrency network) solves a cryptographic puzzle to add transactions to the blockchain and receives a coin as a reward. The process is called mining because, like other forms of mining (e.g., gold) work is done and a new commodity is brought into circulation that previously was not there. Note that not all cryptocurrencies can be mined, an example of a non-minable cryptocurrency is Ripple (XRP). Also, for minable cryptocurrencies such as bitcoin, Ethereum etc., different mining methods are employed, the most popular being proof-of-work and proof-of-stake.

Types of Cryptocurrency Mining

The three ways that people can take part in mining activities that have the potential for financial payoffs are via pool mining, cloud mining and hash rate marketplaces.

Pool Mining

Pool mining in cryptocurrency is a collective method of mining, in which miners join their computational resources or computer devices over a network to strengthen the probability or chances of finding a block or successfully mining a particular cryptocurrency. Miners taking part in the mining pool donate their computer processing power or computational resources to the effort of discovering a block or mining a cryptocurrency. If the pool is successful in its efforts, it is rewarded, usually in the form of the cryptocurrency involved. The reward of each participant is calculated based on the processing ability of their computational resources or labor compared to the total group. Sometimes individual miners may have to supply proof of labor to get their rewards in some instances.

Pool Mining Methods

Proportional mining pool: In this type of pool, miners contributing to the pool’s processing power receive shares up until the point at which the pool succeeds in finding a block. After that, miners receive rewards proportional to the number of shares they hold.Pay-per-share mining pool: This type of mining pool is similar in operation to proportional mining pool, in that each miner receives shares for their contribution. However, these pools provide instant payouts regardless of when the block is found. A miner contributing to this type of pool can exchange shares for a proportional payout at any time.Peer-to-peer mining pools: This type of mining pool aims to prevent the pool structure from becoming centralized. As such, they integrate a separate blockchain related to the pool itself and designed to prevent the operators of the pool from cheating as well as the pool itself from failing due to a single central issue.Solo Mining Pool: Solo pools work the same way as usual pools, with the only difference being that block reward is not distributed among all miners. The entire reward in a solo pool goes to the miner who finds the block.Bitcoin Pooled mining: This mining pool is also known as “slush’s system”, due to its first use on a pool called ‘slush’s pool’, it uses a system where older shares from the beginning of a block round are given less weight than more recent shares. A new round starts the moment the pool solves a block and miners are rewarded Proportional to the shares submitted. This reduces the ability to cheat the mining pool system by switching pools during a round, to maximize profit.

Cloud Mining

Cloud mining is a hands-off way of earning cryptocurrency by renting computing power from third-party sources. In Cloud mining, computational work is outsourced. Instead of buying expensive computers to mine these coins yourself, you can rent the computing power of a specialized miner from a cloud mining company based anywhere in the world.

Hash Rate Marketplaces

This is an online marketplace in which people with hashing power (the power used by a proof-of-work cryptocurrency to process transactions in a blockchain) sell that power to people who want to mine without the hassle of setting up mining equipment. An example of a hash rate marketplace is Nice Hash (nicehash.com).

Pointers to spotting a cryptocurrency mining scam

Guaranteed profits: If you are promised a high return rate at minimal risk, then it is most likely that the mining platform is a scam.

Anonymous owners: Legit mining schemes have individuals and entities that are publicly verifiable and known. It is important to note that if the owner or founders of the mining platform is hidden behind private registration, the platform is a red flag.

Has an MLM or pyramid part: Some mining pools offer large rewards for those who recruit others into the scheme. Do your research carefully to figure out if the mining has a pyramid (MLM) component. It is important to note that if the crypto mining platform advertises a referral payout scheme. This is an obvious sign that you might be dealing with a Ponzi scheme.

No publicly auditable infrastructure: Most mining services that are not transparent and have no public videos or pictures of their mining facilities and do not publicize their hash rate data might be scams.

No hash rate proof: Legit mining schemes publish and provide their hash rate proof which can be independently verified by any prospective miner. Any mining scheme with has rate that can’t be verified or does not have any evidence to back it up could be a scam. https://help.slushpool.com/en/support/solutions/articles/77000433900

Unlimited hash power purchases: If the mining platform has no limits to the amount of hashing power you can lease or promise instant and limitless scalability, which is not possible, it is a scam.

Other Pointers

Demand for unessential mining fees: A scam mining website may demand for blockchain activation / wallet activation fees/ mining activation fees or any other activation fees for mining.Similar properties with other scam mining websites: If a mining platform shares similar properties with a previous scam you have heard of or experienced, it is advisable to take a step back, pay more attention, and tread cautiously.No clear-cut path for divesting: If the platform provides no clear-cut path for divesting, the platform is a scam. Crypto mining platforms should provide easy-to-understand methods for withdrawing funds or closing contracts.

Also, what is common to experiences shared by those who have been victims of Cryptocurrency mining scams, is that the offer was unsolicited. People who they did not know contacted then via email or social media. Hence, be wary of unsolicited messages about people making money from cryptocurrency mining.

In conclusion, as with most other scams, watch out for spelling mistakes and poor grammar, bad or no reviews, and the use of stock images, these signs should set off alarm bells. Stick to well know mining platforms, ask questions, and do your due diligence by doing tons of research. Acting in such a manner will keep your funds from the clutches of crypto scammers.

Contributors:

Wale OsobaAjayi OmosholaAwoyomi Muyiwa

The post Spotting Cryptocurrency Mining Scams appeared first on #NoGoFallMaga.

Defending Against Persuasion Techniques

Emmanuel’s Story

“Hello Emmanuel, I am the Escrow for the (*calls the name of the telegram crypto group where I was scammed of my close to last 3k earlier in the day*) what happened you just disappeared, the guy that wanted to sell the cypto to you was looking for you, we couldn’t proceed with the transaction”

Quick Pause, Let’s rewind.

So here I was, a broke Nigerian student who had just received his monthly 10k from home. I had heard a lot about how ‘**Crypto has changed a lot of people’s lives**’ so I started planning on how I would also invest small money and cash out big -lol, I did my own research online and in the process of my ***great research***, I ran into a telegram group whose **mode of operation made sense to me; it appeared okay**

You announce if you want to buy or sell, then a potential buyer or seller who is interested negotiates with you in public, then after agreeing on a price you guys call on the Escrow who then sends his account details and the price he would charge for the transaction, payment is made to his account, and the coin is sent to the receiver who then notifies the admin on receiving the coin so the money can be released to the seller. The admin acts as a middleman who makes money from commissions – who would think it was a well-planned fraud.

I observed the platform for a while, and I was persuaded by what I had seen on the platform. Fast forward to the D-day, I had just received my monthly alert, paid my tithe did my calculations, and saw that the money left wasn’t close to being enough, so I thought the best thing to do was *invest 2k in one coin like that* which I heard about online, it pumps between 1 or 2 weeks and then I kiss SAPPA bye forever – perfect plan.

So, I announced I needed a coin on the platform, found a seller, we agreed on the rate then called on the admin/Escrow who told us about his commission, I agreed, and then he sent his account details which I sent the money to after which I was waiting for the escrow to confirm the alert. After waiting for a while, I sent him a message on the group that I sent the money to, he told me to wait for him to confirm and then suddenly, I could not find the group in my telegram app – I had been removed….. I searched for the group on telegram but I could not find it. It was then I started to think the group might be a scam.

Back to the future [later in the evening].

The admin called asking me what happened, that “all of a sudden I disappeared from the group”, he sounded so concerned that for a moment I believed it could have been a bug in the telegram. To cut the story short this guy only called to extract more money from me but as I was broke already I couldn’t pay more money to get more crypto-like he suggested so I asked for a refund which he promised after his Association of Telegram Escrow meeting, two days and multiple calls passed but I still didn’t get back my money, only for me to end up being blocked by the Escrow, at this point, it became clear beyond doubt that I had been scammed. How is that even possible –PERSUASION

What are persuasion techniques?

Persuasion is the process by which a person’s attitudes or behavior are, without duress, influenced by communications from other people. One’s attitudes and behavior are also affected by other factors (for example, verbal threats, physical coercion, one’s physiological states)

Hackers, social engineers, or con artists often employ Persuasion Techniques to influence people’s attitudes, thought processes or decisions. Below are the most used of these techniques.

Authority

People are conditioned to respond to an authority figure or do a great deal for someone they think is in authority. Compliance is easier to obtain when it is perceived that the requestor is in a position of authority, as people usually follow an expert or pretense of authority. This is because we tend to assume their position gives them access to information or power. Fraudsters often exploit this to their advantage. An example of how criminals use authority is the common CEO fraud. In this fraud, criminals impersonate the CEO or financial head of an organization either through email or a phone call and get an employee (in the accounts department) to wire money to a fraudulent account.

Spotting the use of authority can be daunting, but possible. It begins by having critical trust in Authority, knowing that even if the source of the message is a legitimate, well-intentioned authority, they may not always be correct. Also, ask yourself if the authority is acting in ways consistent with their character and be suspicious of requests from authority figures that use urgency or fear.

Social proof/Social Influence

People are more likely to conceive of a behavior as normal, and to engage in those behaviors if there is a belief that others are doing the same thing. That is, we are more likely to engage in an activity if we are convinced that others are doing so, or they approve if such. This technique is widely used to commit fraud based on the popular saying that ‘Nothing draws a crowd like a crowd.’ This technique can be seen in Emmanuel’s scam experience. The telegram group was populated with fake accounts connected to the scammers to give it an appearance of legitimacy. To an outsider just joining the group, it would appear as if transactions were being carried out by many people.

To mitigate social proof, it is always good to remember that the involvement of many people does not grant legitimacy. Watch out for conversations that begin with “other are into it,” such you set off alarm bells.

Urgency and Scarcity

Urgency has to do with time constraints while scarcity is concerned with limited availability or quantity. People are influenced to make decisions based on the fear of losing a perceived opportunity or if that thing will soon be restricted or more expensive later. An example of a cybercriminal using urgency would be a phishing email asking you to click a link to reset your password as it is set to expire in the next 24 hours. While that of scarcity would be an investment scammer telling you he has only three more slots available for an opportunity that would earn you a ton of money.

To avoid being a victim of this, you need to train yourself to recognize scarcity and urgency in communications. When appraising any communication, ask yourself questions such as:

Am I being asked to perform an action within a limited time?

Does the offer or opportunity limited with respect to time, information or quantity?

Once the presence of such is noticed pause and do more research.

Commitment and Consistency

As humans we value commitment and consistency. No one admires someone who says one thing and does another. As such people tend to adapt their self-image to commitments, they believe they have made, particularly when those commitments are written down, recorded, or formally made. Fraudsters exploit this trait by getting people to make an initial commitment, they know once someone has made a commitment, they are more likely to abide by it since they would not want to be seen as being inconsistent. An example of this can be found in romance scams. The fraudster asks the victim for a “favor” that is insignificant or would not cost the victim much. Once the victim performs this initial act, the fraudster then sets us a scenario the requires the victim to do something more significant or costly.

A way to mitigate this is to be on the lookout for those who request repeat favors. After ana initial request is obliged, if someone returns asking you for something else, pause and ask yourself, “Am i being manipulated?” Do not perform the action requested but take some time to think it over.

Likability and Similarity

Christopher Hadnagy captures the core of Likability and Similarity when he said “People like people who are like them. People like people who like them.” The first part of the statement, “People like people who are like them” refers to similarity. People tend to like other people with similar interests, hobbies, dispositions, or backgrounds. Fraudsters take advantage of this by joining groups to which their targets belong. For instance, an investment scammer might join a gym or a club where wealthy targets go to get common grounds and points of similarity for future engagements with the targets.

The second part “People like people who like them” refers to likability. People tend to reciprocate likeness to people who like and show an interest in them. Scammers exploit this trait by dressing smartly to appear likable and complimenting their targets and feigning interest in them.

To mitigate this, you must audit your decision-making process and ensure that you are not making decisions based on factors such as your likeness of the person involved or that you share common interests.

Reciprocity

This uses the tendency for people to feel an obligation to make a concession to someone who has made a concession for them. People are more likely to follow a request when they feel a sense of obligation or indebtedness towards a requestor. This technique is commonly used by scammers for planned fraud against people, by offering them favors or kindness causing people to feel indebted to returning the kindness. For example, an investment scammer might invite you to attend an “investment seminar” where the first fifty people would get free gifts. Such gifts are to make you more likely to invest your money out of a sense of obligation.

Conclusion

It is worth noting that these techniques can be used on their own but are more powerful when combined. Fraudsters and Cybercriminals often use two or more techniques together, with devastating effects. But we believe that being aware of and understanding these techniques can help you avoid being defrauded.

Contributors:

Egbetola OluwasolaBadmus AnuoluwapoEgbetola Oluwasola

The post Defending Against Persuasion Techniques appeared first on #NoGoFallMaga.

Is AfricGold legit or a scam?

Recently our intelligence team came across AfricGold (https://africgoldm.com/) which claims to be a mining platform. Their websites say “AfricGold is a Gold-backed digital mining application designed to be a highly secure platform design for future miners. Start mining and achieve the highest level of Hashrate.”

AfricGold lists a four-step process to use and earn money from their platform:

Buy a membership pinCreate accountStart MiningGet mining output

Their FAQ section has some interesting questions and answers, for the purposes of this investigation, we will review two of such questions and answers.

In respond to the question Will it crash? They write ‘It would never crash because there would always be enough funds to mine and earn. Units of gold supplied daily is prior to how much profit the platform makes daily. However, it’s a decentralized platform. You MINE, EARN, and withdraw as you wish.

To apprise these claims, we begin with the question which cryptocurrency is being mined? From what is written on the website it seems to be a virtual currency called AFGold. Their websites states “AFRICGOLD is a dual-purpose platform made up of subsidiaries that provide an opportunity to utilize AFGOLD Virtual mining technique, which is intended for evaluating mining revenue and as well as conversion of AFGOLD units to real word money and cash out as at when due.”

Mining AFGOLD units means that AfricGold has its own blockchain. But no mention of this or evidence of this is on its website, or whether the mining is done via proof-of-work or proof-of-stake method. We note that the writeup on the website is very vague.

The second thing in their FAQ that caught our attention was the question “After registration, what will I do to earn? And the answer to this is “AFRICGOLD is a dual-purpose platform, it’s either you mine to earn or earn through affiliate marketing.

Let us for the sake of argument grant that AfricGold has its own blockchain where AFGOLD is being mined, they next question would then be how does someone earn money after mining AFGOLD? What makes bitcoin and other cryptocurrencies profitable is their current value. Profit comes from selling the cryptocurrency and deducting the cost of mining. But what value has AFGOLD? It is not even listed in any exchange. Hence, the only way any money is being made here is through referrals, what they craftily term “affiliate marketing.” This setup is a pyramid scheme masquerading as a crypto mining offering. We offer more evidence of this hypothesis below.

When one visits the website of AfricGold, a noticeable feature is a pop-up notification on the lower left-hand corner of someone having referred or started mining on the website. See the screenshot below.

A perusal of the source code for AfricGold’s website revealed that this notification is not a live notification but pre-loaded. All the names and places have already been pre-loaded into a JavaScript code that varies the output at random once you visit the website to deceive you into thinking it is a live notification and that people are really using the website. Below is the screenshot of the code and a snippet as found on the website.

<script type=”db3bf75b8afc87d0e363df04-text/javascript”>

$(document).ready(function() {
$(‘#notification-1’).Notification({
// Notification varibles
Varible1: [“David”,”Jack”,”Olivia”,”Samuel”,”Thomas”,”William”,”Adam”,”Dylan”,”Luke”,”Matthew”,”Ethan”,”Nathan”,”Archie”,”Oscar”,”Lucas”,”Isaac”,”Tom”,”Gabriel”,”Reuben”,”Sean”,”Jude”,”Leon”,”Tanaka”,”Sasaki”,”Kimura”,”Yamada”,”Hayashi”,”Ogawa”,”Lisa”,”Grete”,”Sandra”,”Anna”,”Kati”,”Stacy”,”Jane”],
Varible2: [“Ikeja”,”Lagos”,”Kaduna”,”Kwara”,”Delta”,”Ghana”,”Cameroon”,”Makurdi”,”Uyo”,”Eket”,”Awka”,”Enugu”,”Kebbi”,”Jos”,”Kogi”,”Nasarrawa”,”Kebbi”,”Lokoja”,”Abia”],
Varible3: [“registerd”, “started mining”, “referred”],
Amount: [100, 50000],
Content: ‘[Varible1] from [Varible2] has just [Varible3].’,
// Timer
Show: [‘random’, 5, 10],
Close: 5,
Time: [0, 23],
// Notification style
LocationTop: [false, ‘5%’],
LocationBottom:[true, ‘5%’],
LocationRight: [false, ‘5px’],
LocationLeft:[true, ’10px’],
Background: ‘#252c40’,
BorderRadius: 5,
BorderWidth: 3,
BorderColor: ‘gold’,
TextColor: ‘white’,
IconColor: ‘orange’,
// Notification Animated
AnimationEffectOpen: ‘fadeInUp’,
AnimationEffectClose: ‘fadeOutDown’,
// Number of notifications
Number: 100,
// Notification link
Link: [false, ‘#’]

});

});

</script>

From the code snippet, you can see the name “Hayashi” among variable1 and the place “Eket” among variable 2 and “referred” in variable 3, all three are in the screenshot of the pop-up notification above. This shows conclusively that the pop of notification is just a tool to deceive.

A further study of the source code revealed a connection to two other websites. The first, BittALAT (bittalat.com) is an exact replica of AfricGold. See screenshots from the about section of BittALAT and AfricGold for comparison.

About BittALAT
About AfricGold

The second website Ravetok (ravetok.com) though having a fresh design still has the same content with AfricGold. One of the blog posts on the website even still has AFGOLD written in it.

In conclusion, we recommend that you stay away from AfricGold, BittALAT and Ravetok as they are the same entity, an outright swindle masquerading as a cryptocurrency mining opportunity.

The post Is AfricGold legit or a scam? appeared first on #NoGoFallMaga.

Operations Security (OPSEC) for Scam Prevention

Operational Security (OPSEC) is a term that has its origins in the military. The US Department of Defense defines it as a “method of denying critical information to an adversary.” This is the act/action of identifying critical information/intelligence that needs to be protected from falling into the wrong hands (enemies, potential enemies or even members of one’s own military corps). OPSEC has a wide range of applications as it can be adapted to organizational and business processes and be used by individuals as well.

In today’s chaotic world, we as individuals (civilians) also need to be able to maintain security in our daily lives, whether it is in relation to ourselves, our family, or our work. Maintaining security involves protecting critical information such as National Identification Number (NIN), bank details or BVN, medical information and even travel destinations. Adopting the OPSEC method can aid us in keeping these important assets safe from people who would look to do us financial harm (in this case scammers, hackers, and fraudsters).

Understanding the five-step operations security process

OPSEC Awareness – securityawareness.usalearning.gov

The thrust of the OPSEC process is identifying what you need to protect, analyzing threats and weaknesses that might impact it and then producing countermeasures to eliminate or lessen the impact.

Step 1 – Identify Critical Information. This first step is important because not all information has the same value, as such applying the same security measures to all information without distinction would be a waste of resources. For instance, the password to your mobile banking app is worth more in value than the password of an email account you rarely use. The best way to recognize critical information is to ask yourself the question “What information if it were to fall into the hands of fraudsters would cause me the most harm?

Step 2- Identify Threats. After cataloging your most critical information assets, the next step is to identify threats. A threat is something that has the potential to cause harm. Identify those who might exploit the information exposed in step 1 and what uses they might put it to.

Step 3 – Analyze Vulnerabilities. Vulnerabilities are weaknesses others can exploit to cause you harm. Vulnerabilities can exist in the way you interact with critical information assets or as critical information indicators. For the former, you would need to look at how you interact with the critical information identified in step 1 and how an adversary might exploit this process. As for critical information indicators, these are small portions of information that when put together can supply insight into an individual’s activity. For instance, taking a picture with your work badge, posting about traffic from your work route and company events when put together can give a good picture of your work life.

Step 4 – Assess Risks. Risk is the likelihood that an adversary will exploit your critical information and thus have an impact on your activity. Assessing risks is the activity of assigning countermeasures to vulnerabilities based on the level of risk these vulnerabilities possess.

Step 5 – Apply Countermeasures. Once you have discovered risks in step 4, then you can apply countermeasures to them. Countermeasures are activities designed to lessen or eradicate the impact of a risk by mitigating a threat or vulnerability.

Distilling the OPSEC process for scam prevention

While it might be necessary to walk through all the steps of the OPSEC process for business and organizations, individuals are free to adapt and use some of the steps as they see fit. We recommend that individuals identify critical information and review their actions to see how they might be inadvertently exposing such critical information or its indicators. A practical example of this would be your bank account details. Exposing such online under a giveaway post can be harvested by a tech savvy scammer who might then go ahead to send you a phishing email using the logos of your bank and account number. Below are several common ways critical information or its indicators are often exposed.

The Use of social media. Ovesharing and the careless use of social media is one of the major ways people mistakenly expose information about themselves. Activities like taking pictures of where you work, posting about your activities e.g., going to lunch and using location tagging features reveal too much about your movements. As a result of such actions scammers can easily check your activities, know your social connections, and even track your physical location. All this information can be used to craft a scam specifically targeting you. Also, social media users often reveal the names of their spouse, siblings, pets, favorite words, birthdays, all of which can be used by hackers to build a wordlist for a brute force attack.

Online Resumes and CVs. Posting your Resume or CV online is another way you can give out information to adversaries. These documents have work histories, skills, certifications, hobbies, and sometimes other information which can be used to set up a social engineering attack.

File Metadata. Metadata is simply data about data. Files such as images, videos and documents have metadata such as timestamps, version of software and device used in creating them, and owner information at the point of creation or when they are edited. Exif data which is metadate for videos and images can include camera settings and GPS information. Such files are often shared without removing metadata thereby leaking critical information.

Email Address and weak passwords. An email address can reveal a lot about a person, especially when the same email address is used to register on assorted services. There are several tools available on the internet that can list all the services to which a particular email address was used to register, from this a hacker or fraudster can enumerate the digital footprint of the owner and plot an attack. Another way emails can leak sensitive information is if they were part of a data breach. This occurs when cybercriminals compromise a website offering a service and obtain the emails and passwords of those who registered on the website. Since people often use the same email and passwords for numerous services, cybercriminals then use this information to compromise other accounts belonging to the victims on other services and obtain sensitive information.

Information revealed through interactions. Another way sensitive information can be leaked is through conversations, criminals can position themselves in places their targets are known to frequent in the hopes of eavesdropping on conversations. Other tactics can include fake questionnaires/surveys with some questions designed to elicit personal information and making phone calls impersonating reputable companies with a view to obtaining sensitive information.

In conclusion, keep in mind that operations security is all about keeping valuable information about yourself from those who will use it to do you harm. You will have to categorize information to know that which is enormously important and demands protection and then take the necessary steps to protect it which include not acting in ways that might reveal such information or its indicators.

The post Operations Security (OPSEC) for Scam Prevention appeared first on #NoGoFallMaga.

Defending Against Malware

What is Malware?

The term malware has been defined and described in many ways over the years, McAfee defines malware as a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service, or network. But in short terms, malware is malicious or ill-natured software.

Cybercriminals typically use it to extract data that they can use as leverage over victims for financial or other gains. That data can range from financial data to healthcare records, to personal emails and passwords – the possibilities of what sort of information can be compromised is ever increasing.

Types of Malware

There are diverse types of malware, some bare close similarities while others do not. According to Cisco, there are seven major malwares while Norton lists ten, but Up Guard tabulates twenty-two malwares which include those mentioned by Cisco and Norton. Below are the most pervasive and recognized.

1. Computer Viruses.

A virus is a type of malware that, when executed, self-replicates by changing other computer programs and inserting their own code. When this replication succeeds, the affected programs are said to be infected. Viruses need user interaction before they can become active, this action can vary from running a program to clicking a file to unpacking an attachment.

Virus writers use social engineering and exploit vulnerabilities to infect systems and spread the virus. Microsoft Windows and Mac operating systems are the targets of most viruses that often use complex anti-detection strategies to evade antivirus software.

2. Computer Worm.

A computer worm is a self-replicating malware program whose primary purpose is to infect other computers by duplicating itself while still being active on infected systems.

Often, worms use computer networks to spread, relying on vulnerabilities or security failures on the target computer to access it. Worms always cause at least some harm to a network, even if only by consuming bandwidth. This is different to viruses which almost always corrupt or modify files on the victim’s computer.

While many worms are designed to only spread and not change the systems they pass through, even payload-free worms can cause major disruptions. The Morris worm and Mydoom caused major disruptions by increasing network traffic despite their benign nature.

3. Trojan Horse.

A trojan horse or trojan is any malware that misleads users of its true intent by pretending to be a legitimate program. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans are spread with social engineering such as phishing. For example, a user may be tricked into executing an email attachment disguised to appear genuine (e.g., an Excel spreadsheet). Once the executable file is opened, the trojan is installed.

While the payload of a trojan can be anything, most act as a backdoor giving the attacker unauthorized access to the infected computer. Trojans can give access to personal information such as internet activity, banking login credentials, passwords, or personally identifiable information (PII). Ransomware attacks are also carried out using trojans.

Unlike computer viruses and worms, trojans do not generally attempt to inject malicious code into other files or propagate themselves.

4. Rootkits.

A rootkit is a collection of malware designed to give unauthorized access to a computer or area of its software and often masks its existence or the existence of other software. The rootkit does this by replacing the internal system files that run the operating system. Rootkit installation can be automated, or the attacker can install it with administrator access. Access can be obtained by a result of a direct attack on the system, such as exploiting vulnerabilities, cracking passwords or phishing.

Rootkit detection is difficult because it can subvert the antivirus program intended to find it. Detection methods include using trusted operating systems, behavioral methods, signature scanning, difference scanning and memory dump analysis. Rootkit removal can be complicated or practically impossible, especially when rootkits reside in the kernel. Firmware rootkits may require hardware replacement or specialized equipment.

5. Ransomware.

Ransomware is a form of malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware spreads through phishing emails, malvertising, visiting infected websites or by exploiting vulnerabilities.

Ransomware attacks cause downtime, data leaks, intellectual property theft and data breaches. Ransom payment amounts range from a few hundred to hundreds of thousands of dollars. Payable in cryptocurrencies like Bitcoin.

6. Keylogger.

Keystroke loggers or system monitoring are a type of malware used to monitor and record each keystroke typed on a specific computer’s keyboard. Keyloggers are also available for smartphones.

Keyloggers store gathered information and sends it to the attacker who can then extract sensitive information like login credentials and credit card details.

7. Fileless Malware.

Fileless malware is a type of malware that uses legitimate programs to infect a computer. Unlike other malware infections, it does not rely on files and leaves no footprint, making it challenging for anti-malware software to detect and remove. It exists exclusively as a computer memory-based artifact i.e. in RAM.

Fileless malware emerged in 2017 as a mainstream cyber threat but has been around for a while. Frodo, Number of the Beast and the Dark Avenger were all early fileless malware attacks. More recently, the Democratic National Committee and the Equifax breach fell victim to fileless malware attacks.

Fileless malware does not write any part of its activity to the computer’s hard drive making it resistant to existing anti-computer forensic strategies to incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis or timestamping. It leaves little evidence that can be used by digital forensics investigators to identify illegitimate activity. That said, as it is designed to work in-memory, it generally only exists until the system is rebooted.

8. Adware.

Adware is a type of malware designed to put advertisements on your screen, often in a web browser or popup. Typically, it distinguishes itself as legitimate or piggybacks on another program to trick you into installing it on your computer, tablet, or smartphone.

Adware is one of the most profitable, least harmful forms of malware and is becoming increasingly popular on mobile devices. Adware generates revenue by automatically displaying advertisements to the user of the software.

9. Spyware.

Spyware is malware that gathers information about a person or organization, sometimes without their knowledge, and sends the information to the attacker without the victim’s consent. Spyware usually aims to track and sell your internet usage data, capture your credit card, bank account information, or steal personally identifiable information (PII).

Some types of spyware can install added software and change the settings on your device. Spyware is usually simple to remove because it is not as nefarious as other types of malware.

10. Crimeware.

Crimeware is a class of malware designed to automate cybercrime. It is designed to perpetrate identity theft through social engineering or stealth to access the victim’s financial and retail accounts to steal funds or make unauthorized transactions. Alternatively, it may steal confidential or sensitive information as part of corporate espionage.

11. RAM Scraper.

A RAM scraper is a type of malware that harvests the data temporarily stored in-memory or RAM. This type of malware often targets point-of-sale (POS) systems like cash registers because they can store unencrypted credit card numbers for a brief period of time before encrypting them then passing them to the back-end.

12. Cryptojacking.

Cryptojacking is a type of malware that uses a victim’s computing power to mine cryptocurrency.

13. Hybrid Malware.

Today most malware is a combination of existing malware attacks, often trojan horses, worms, viruses and ransomware. For example, a malware program may appear to be a trojan but once executed it may act as a worm and try to attack victims on the network.

14 Polymorphic Malware

This type of malware is a highly targeted malware written to infect specific systems. It is capable of rewriting or adjusting its code to evade detection until it reaches its end target or the factors necessary for it to execute are present. Fortunately, due to its sophistication this type of malware is very rare.

How Malware is Spread – Methods Used by Malicious Actors to Distribute Malware

We might not be able to protect ourselves from every potential malware threat. However, our understanding of approaches used by hackers would aid us in reducing our risk of infection. Malware can spread in many ways, but these are the most common methods by which users expose themselves to malware risks:

1. Phishing Emails.

This seems to be the most common method for malicious actors to spread malware. These malicious actors have become incredibly skilled at crafting emails that trick users into clicking on links or downloading a file that contains malicious code. These Emails may appear to come from trusted sources such as the user’s bank, the postal service, or trusted contacts within the user’s own list.

These phishing emails come in all shapes, sizes, and colors but one thing they have in common is a sense of urgency. If you receive an email that you think is a phishing email, you can block it in your spam filter and then delete it.

2. Social Network Spam.

This is relatively a new method for malicious actors to spread malware. This occurs when people browse social sites, looking at pictures or videos shared on a social site, when clicked, it takes users to a fake YouTube page that requests the user to download an online tool needed to watch the video. Often these online tools give access to malicious actors to gain access to the user’s computer.

3. Website (Drive-By Downloads from a compromised website).

Malicious actors spread malware by designing websites that aim at exploiting system vulnerabilities, human error, and common sense. Users see a pop-up ad warning them against a virus and prompting them to rid the virus by clicking a link, once they click the link, a virus is installed in the host system.

These vulnerabilities can arise from out-of-date apps, missing operating system patches, or browser plugins. If a weakness is found, it is used to infect the user system with malware.

4. Remote Desktop Protocol.

This is a connection protocol that enables a user to connect to another computer over a network connection. Malicious actors use automation tools to scan the internet looking for computers that are open to RPD. Afterward, the malicious actors make attempts to guess a username and password to gain access to the remote computer. Other times, these malicious actors buy the username and password from the dark web. Once they gain access, they can do whatever they want which includes installing malware.

5. Malvertising.

Malvertising, a portmanteau of malicious advertising, is the use of advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate advertising networks and webpages.

Advertising is a great way to spread malware because significant effort is put into ads to make them attract users to sell or advertise a product. Malvertising also benefits from the reputation of the sites it is placed on, such as high-profile and reputable news websites.

6 Browser Hijacker.

A browser hijacker or hijackware changes the behavior of a web browser by sending the user to a new page, changing their home page, installing unwanted toolbars, displaying unwanted ads or directing users to a different website.

7. Malicious Mobile Apps.

Not all apps available through the App Store and Google Play are legitimate. That said, the App Store is safer due to better prescreening of third-party apps. Malicious apps can steal user information, attempt to extort users, gain access to corporate networks, force users to view unwanted ads or install a backdoor on the device.

8. Rogue Security Software.

Rogue security software tricks users into thinking their system has a security problem such as a virus and entices them to pay to have it removed. In reality, the fake security software is the malware.

Malware Defense strategies

The best form of defense is to implement actions that mitigate against the above listed strategies that malware authors use to spread their creations.

Practice Good Cyber Hygiene. Do not click links whether in emails, social media, or social messaging application except you specifically requested for it and trust the source. Same for email and file attachments.

2. Make sure you have an anti-malware application on your device that periodically runs scans for malware.

3. Install all security updates and patches for your device without delay.

4. Use an end-point firewall, some of these products have a browser guard that can check websites you visit and at once block malicious websites.

5. Disable Remote Desktop connection and do not install remote connection applications on your device.

Conclusion

Finally, there is no security method that is 100% foolproof, always make sure you have critical data backed up to an external device or cloud storage, so in the event you have a malware infestation that is proving difficult to remove, you can wipe the device and start all over again.

Contributors:

Archibong JeremiahFortune AndrewEgbetola Sola

The post Defending Against Malware appeared first on #NoGoFallMaga.

Sextortion: Defending Against Digital Blackmail

What is Sextortion?

Sextortion is the practice of blackmailing victims with the threat of exposing sexually explicit images, videos, or information about the victims’ sexual orientation via cell phones or other digital media unless the victims pay up or engage in more sexual acts. The sextortionist often threatens to share the sexual contents relating to the victims with friends, colleagues, or close relatives of the victims and/or social media platforms, if they refuse his/her bid.

Sextortion, according to the Federal Bureau of Investigation (FBI), is a serious crime that occurs when someone threatens to distribute your private and sensitive material if you do not provide them with images of a sexual nature, sexual favors, or money.

Sextortion is part of a larger continuum of image-based sexual abuse (IBSA), which includes crimes such as revenge pornography and non-consensual sexting, in which sexually explicit images are used for harm.

Methods of Sextortion

The practice of sextortion can take the following forms, namely:

Catfishing

This occurs when a sextortionist poses to be someone by creating fake accounts on social media or dating sites (an incredibly beautiful lady or rich and handsome guy) thereby arousing the interest of the victim towards building a relationship, etc. The impostor through this tactic lures the unsuspecting victim into releasing some sexually explicit videos or images or performing some sexual acts while on camera. These pictures and videos the sextortionist would later use as a leverage to extort either money or sexual favor from the victim with the threat of exposing same if the victim does not agree to his/her demands.

Email Phishing Schemes

This employs the use of social engineering tactics by the sextortionist to perpetrate his illicit act. In this scenario the sextortionist sends an email to a target (the mail could be directed to thousands of recipients), claiming to have gotten access to explicit images or videos belonging to the recipient and threatening to disseminate same if the recipient does not agree to his demands. Such emails often with the recipient’s password (harvested from data breachers) as proof of access.

Hacked Social Media Accounts

This is the hacking of the social media account of a victim to source for sexually explicit images or chats. The sextortionist then threatens to make these contents public if the victim refuses to comply with the sextortionist’s demands.

Hacked Webcams

This involves instances where the sextortionist plants malware onto the victim’s device by tricking him to download a file containing such malware. Once there, the malware can allow the sextortionist to take control of cameras and microphones and install keyloggers which enables the monitoring of the victim’s every move around the computer. Also, through keyloggers, the sextortionist can discover and access the credentials for all the victim’s accounts.

Sextortion by Ex-lover or Close Associate

The crime of sextortion can be perpetrated by someone familiar with the victim such an ex-lover or a friend. Here, the sextortionist tries to blackmail the victim into continuing the relationship or providing them with more sexual contents or sexual favors using the victim’s sexually explicit images or other sexual contents in their possession as an undue advantage.

How to avoid being a victim

With the rise in the use of social networking platforms, and virtual meetings due to the COVID-19 pandemic, it is easier to make friends with strangers online now than it used to be. You could meet a random stranger in one zoom meeting and the next thing, you are friends on Twitter or already exchanging emails. This increase in the use of remote viewing applications and the subsequent increase in the time spent online has increased the risk of sextortion. Here are some tips to keep you safe.

Remember, what gets on the internet stays on the internet. The best protection is not to create sexually explicit material of yourself in the first place. Before making a sexually explicit image or video, think about the consequences that would result if it were leaked online.Keep your private life offline, do not be quick to have intimate video calls with random strangers. You can never tell who is on the other side of the computer. The same thing goes for photos, do not share files anyone can use to rope you in.

Learn to disable your webcams when you are not using them. This tip is useful during video calls, webinars, and other similar instances.If you must use dating websites, do not lower your guard – do not be quick to move the conversation off the platform or exchange images/videos that could be used to blackmail you.Treat all email attachments with caution – you do not want anyone to plant malware on your PC, do you? Ensure you do not open email attachments from suspicious email addresses.Use of Two Factor Authentication and strong passwords to secure your social media accounts.

Actions to take if you are being blackmailed with nudes

Talk to someone

If you have someone who you trust and feel comfortable opening up to, such as a parent, sibling, reach out to them. You might feel embarrassed but talking to someone will help. They might be able to provide you with support and advice. You can also consider reaching out to a mental health professional, such as a counsellor. They can talk through what happened to you, help you to find ways to cope when you are feeling overwhelmed, and support you as you deal with the situation.

Keep a record of their communication

Write down as much information as you can about the threat or multiple threats. If they have threatened you over text, make sure to take screenshots as evidence. If someone overheard or saw the person threatening you, take note of their name and contact details. They could be witnesses if you decide to take legal action.

Report the Crime

Never cooperate with someone who is trying to blackmail or extort you, quickly report to law enforecement authorities.

Conclusion

The problem facing victims of sextortion is the inability to report such cases like this to the relevant authorities due to fear of castigation and prolonged public ridicule. Once faced with issues like this, and the pictures or files are being distributed online, the police should be notified, or a lawyer’s advice should be sought on the next line of action to be taken. If the person follows through with the threat and shares the images, make sure to keep looking after yourself as best you can. Contact individuals or organizations that specialize in the removal of explicit contents from the internet.

Contributors:

Izuchukwu Paschal UgwuSubomi LawsonSolomon Nwabueze

The post Sextortion: Defending Against Digital Blackmail appeared first on #NoGoFallMaga.

Spotting Pyramid Schemes

Pyramid schemes are a species of investment scams that bear a close resemblance to Ponzi schemes. As the name implies, Pyramid schemes denote a hierarchical structure of people, where those in the upper layers get to those positions by recruiting others (those in the lower layers) and earning part of their recruitment fee. Pyramid schemes like Ponzi Schemes are considered illegal because such schemes are doomed to fall apart as it is impossible for there to be an unlimited number of participants. As soon as new recruits dwindle, so these schemes die and the majority on the lower levels make a loss.

Types of Pyramid Schemes

Pyramid schemes can be classified into two broad categories, Naked Pyramid Schemes and Product-based Pyramid Schemes. Naked Pyramid schemes are the classic Pyramid schemes we are used to in which participants at the upper levels are paid from the funds of those newly recruited into the scheme. No goods, services or products are sold in Naked Pyramid schemes and the emphasis is clearly on recruiting new participants. Product-based Pyramid schemes are in most respects like Naked Pyramid Schemes but with the crucial difference that the buying and selling of products are attached to payouts and ascendancy to higher levels in the scheme. This added feature of the buying and selling of products makes it notoriously difficult to differentiate such pyramid schemes from multi-level marketing, another business activity which also has participants selling products in hierarchical levels.

Spotting Naked Pyramid Schemes

This type of Pyramid scheme is not hard to spot. If you are asked to join an “investment” scheme which promises huge profits without having to buy and sell products but depends on you getting other people to sign up and you are going to be paid a percentage of their sign-up fee, then you are dealing with a Naked Pyramid scheme.

Spotting Product-based Pyramid Schemes

As already alluded to, spotting these kinds of Pyramid schemes is more difficult, this is because proponents of these schemes set them up to look like multi-level marketing campaigns. Some are complex with matrix, binary and stairstep hierarchical structures with corresponding compensation plans. Nevertheless, here are some signs that can aid you in spotting such schemes.

There is an emphasis on recruiting more than selling products. Some proponents of such schemes are very clever and try to mask the fact that the concentration is on recruiting rather than the selling of products. Here are some pointers to help you spot when the emphasis is on recruiting.

a) Study their compensation system. If distributors far up the hierarchy (pyramid) receive a larger payout than those at the bottom who sell products directly to the customer, then you will have a situation in which the emphasis will be on recruiting. A legitimate MLM program will offer more rewards to those selling the products directly to the end user.

b) Advancement in the scheme is by recruitment. If to get to upper levels in the distributorship hierarchy depends on recruiting people (downlines) instead of selling products or by appointment, obviously the emphasis will be on recruitment.

c) A distributor hierarchy that is excessive. Functionally, there is no reason for multiple levels of distributors except to make people believe they can earn more money the higher up they are placed in the scheme. This in turn leads to an excessive drive to recruit others (downlines) into the scheme.

2. Lack of Financial Transparency. Pyramid schemes will keep their financials hidden or if made known it will be vague. Always request company financial statements audited by a known and reputable auditing firm. If this is made available to you, get someone who can interpret it for you to show if the company’s revenue is from selling products or from monies made by recruiting people into its scheme.

3. Use of High-Pressure tactics. Pyramid schemes use high-pressure sales tactics. Watch out for promises of high returns in a brief period, freedom to live the life you have always wanted, or an insistence to commit and failure to do so would be to miss an opportunity of a lifetime.

In conclusion, we would like to add that when you are approached with an offer to join a scheme you should always ask questions. Seek out present and past distributors and ask for their experience with the scheme. If they tell you that for you to make money in the scheme you must recruit others, know you are dealing with a Pyramid scheme.

The post Spotting Pyramid Schemes appeared first on #NoGoFallMaga.

Is Intelligence Prime Capital a Scam?

We recently received requests via our social media handles to investigate Intelligence Prime Capital (https://www.iprimecapital.com). What follows are our findings.

On the “Why IPCAPITAL” page of their website, we have this description of the company:

We consider ourselves a pioneering broker. We were founded in 2006, which is considered a lifetime in the online trading industry. In fact, we were one of the very first Forex trading platforms to be made available to retail traders, just like you. In that time, we have built a solid reputation for ourselves, and we believe it is incumbent upon us to protect that reputation and the strong relationship we have with our clients.

We decided to start the investigation with Intelligence Prime Capital’s claim that it was founded in 2006. A quick trip to open corporates revealed two entries for the same company, one in Canada and another in the US, both opened in June 2021.

Also, the WHOIS information for the domain reveals that the domain iprimecapital.com was registered in June 2021.

From this we can deduce that Intelligence Prime Capital is less than a Year old. So where did the date of 2006 come from? To unravel this puzzle, we decided to analyze the contents of the website, specifically looking at the source code. There we found code that had been hidden from displaying, pointing to another domain avatrade.com

Visiting the website avatrade.com, we find that it is similar to iprimecapital.com, with the pages why-IPCAPITAL being identical to why-avatrade except for a few changes.

Avatrade
IPcapital

A search on the internet revealed Avatrade has been in existence since 2006. From this we can deduce that those behind Intelligence Prime Capital copied the content on their website from Avatrade.

The next thing we looked to verify was if Intelligence Prime Capital had a physical office presence. On their website, the address listed is in Canada.

A search revealed five other organizations using the address, this might mean that this is a virtual office address.

The final thing we investigated was the company’s management team. This is important because having competent people at the helm of affairs means the company would do well and meet its obligations. Likewise, fraudulent companies find it hard to recruit top industry professionals who have worked with recognized firms as such individuals would not want to spoil their reputations. Intelligence Prime Capital does not list any of its management team members on its website. The only person we could find was their supposed Chief Marketing Officer via their YouTube channel.

Outside of a sketchy LinkedIn profile, there is nothing else about Dr. VAL NG SH. While researching more about the company we found that the Central Bank of Russia had released a warning about Intelligence Prime Capital. They said it shows “Signs of an illegal professional participant in the securities market.”

Putting it all together, Intelligence Prime Capital is less than a year old, stole content from another forex broker’s website for its own website, is likely operating from a virtual address and is showing Signs of being an illegal professional participant in the securities market. Our advice is that you stay clear of Intelligence Prime Capital, it has all the telltale signs of a fraudulent offering.

The post Is Intelligence Prime Capital a Scam? appeared first on #NoGoFallMaga.

Binary Options Scams

Let us begin with a quick primer on Binary Options. With Binary Options, the trader selects whether the value of an asset such as stocks, commodities, or currencies will go up or down in value by a certain point in time. This is called “Binary” because the trader must choose between two possible options – either a YES, that the asset will rise above a specified amount, or a NO, that the asset will fall below the specified amount. You either win or lose on your investment decision. If the trader chooses correctly, he/she will make a fixed amount of money. If the trader does not choose correctly, they may lose part or all their initial investment.

A lot of people are attracted to Binary Options because of the low minimum investment capital needed, making it quite easy for anyone to start investing even if they do not have a lot of capital to start with. This burgeoning interest has not been lost to scammers, as they have resorted to several tactics to fleece the undiscerning of their funds.

How Binary Options Scams Fleece Victims of Their Funds

Failure to credit customer accounts or reimburse funds. This occurs when Internet-based binary options trading platforms refuse to credit customers their payout for correctly predicting the outcome of a binary option contract. Some dubious platforms even go to the extent of refusing to return the initial deposit made.

Software manipulation to generate losses. This occurs when the trading platform manipulates the time period or payout. For instance, when a customer’s trade is about to close with the right prediction, the time for the trade to expire is extended arbitrarily until the trade becomes a loss.

Card details theft. This occurs when binary options platforms request credit or debit card details then use them for fraudulent purposes.

How To Spot Binary Options Scams – Red Flags

  • Promise of large profits. Binary Options scams always promise large profits with little or no risks.
  • Sketchy company information. Fraudulent internet binary options platforms usually have a website with just an email and phone number. Most often there is no physical address, and if an address is listed, it is a virtual address used by many other businesses.
  • They are Unlicensed. Fraudulent binary options platforms are not licensed by the security exchange commission in the countries they operate or offer their services.
  • Unsolicited Contact for Investment: Most scammers buy contact databases to send bulk emails, or they might send unsolicited messages on social media about an investment that gives a high return.
  • Paucity of online reviews: You may also want to search for any news about the company. If there is no information on Google and very few mentions on review websites, it is likely a scam.

Remember, if it looks and sounds too good to be true, then it probably is.

Contributors:

  • Chinonso Joshua Aguonye
  • George Kaduru