My Scam Story by Stephen Endicott
I thought I was immune to scams
“I felt like such an idiot – I didn’t think Crypto scams happened to people like me.
I have an engineering degree and work in a tech adjacent field so I assumed I was immune to these sorts of scams (I pride myself on always catching the phishing email campaigns at work).
Back in 2021 I set up a Crypto.com account during the crypto hype period, and haven’t done anything with it except check the balance every few months.
𝗪𝗵𝗮𝘁 𝗛𝗮𝗽𝗽𝗲𝗻𝗲𝗱
I got a call from a USA number and had someone with an American accent say they were from the Crypto.com security team and there had been suspicious activity on my account. We even joked about me being on the other side of the world in Australia to explain why the line was jittery. I was baking a cake at the time, and my mind wasn’t really thinking about 2FA best practice or Cybersecurity.
They directed me to a website with a similar URL that looked like a subdomain of the main site but used a hyphen instead of a period. I should have known better but entered the requested details (note to future Stephen, never paste authenticator codes into anything but the legit app). The site had a Cloudflare bot check and valid SSL certificate to help make it look more legitimate.
The site showed several "security issues" with my account and asked me to confirm those actions weren’t me. By this stage I was googling the url to see if it was legit and starting to get suspicious. I also noted that the site footer was different compared to the legitimate site. The person on the phone was starting to apply more pressure as I was taking longer to do each step as my suspicions grew and I was doing some research.
They tried to get me to download another crypto app I'm assuming to transfer my wallet to. At which point I hung up because I was 99% sure I was getting scammed (the joke would have been on the hackers, I've lost most of my wallet's value because I bought at the peak and it's been all downhill since 2021).
I immediately reset my passcode, checked my transaction history to make sure nothing had gone through, contacted the actual crypto.com security team and also locked my account while I reset my email password for good measure.”