The Hackers' Latest Trick? Fake Photo ID

Reading Time: 2 minutes

Cryptocurrency scammers show no signs of letting up in the bear market, adapting their tactics instead to find new ways of stealing funds. The latest trick involves using manipulated user photographs to trick two-factor authentication (2FA) reset procedures with the theory of getting into a user’s account.

Dark Web Photos for Sale

Research by cybersecurity firm Hold Security, published Monday by Bank Info Security, revealed a huge cache of information relating to data fraud techniques is available on dark web forums for very little money, among which are around 10,000 doctored photographs for fraudulent verification activity. The purpose in relation to cryptocurrency exchanges is to use the amended photograph to convince admins that a request to reset the 2FA security process is legitimate, thus allowing the hacker to potentially access the user’s account.

The Smaller the Exchange, the Bigger the Risk

The issue seems to be mainly problematic for smaller exchanges who have fewer resources or whose security procedures may be less robust than bigger ones. Bigger exchanges usually request multiple forms of verification when users make security-related requests like changing email addresses or passwords, or resetting 2FA services.This means that unless a hacker has access to all these various forms then having a fraudulent ID alone will not achieve much. However, as we saw recently with the QuadrigaCX fiasco, even long-established exchanges can have paper thin security and non-existent emergency plans. With no industry-wide regulations in place to ensure minimum security standards are met, a user’s identity, and therefore their funds, are only as safe as the exchange’s biggest point of failure.

Take Steps to Protect Yourself

The odds of you as an individual being targeted are remote, but the fact remains that if you were to be targeted and the exchange has insufficient security protocols, then there really isn’t much you could do. The best way to protect yourself is to make sure that only a small amount of funds are kept on exchanges, with the actual amount reduced in line with the reputation of the exchange itself. It might also be wise to contact the exchange to see what security measures they have in place to tackle fraudulent behavior.