Google security experts warn: Don't show off how much Bitcoin you have online

This article is translated by XiaocongApp, the original title is: Google's top fraud fighter explains why it's risky to brag about owning bitcoin, source: CNBC, author: Kate Fazzini, translator: Liu Wan. The full text has been slightly edited, please indicate the source for reprinting.

Mark Risher, chief expert at Google's anti-fraud department, reminds us that as a target, your "value" is far beyond your imagination.

The initiative to improve the security of Gmail and other Google assets has been put on the agenda. As the person who monitors the implementation of the work, he said that even if your position is not important enough, those who send spam will not "let you go" for this.

“Maybe it’s just a case of mistaken identity, or it could be attributed to the circle you belong to: they will start with some lower-level people as a tool to approach higher-value targets, such as politicians. Of course, it is also possible that you yourself have discussed Bitcoin in a public forum and were targeted by someone with ulterior motives,” Risher said in an interview with CNBC.

In either case, attackers can use your social circles and email accounts to "fish" for more information, or directly steal email accounts to reset passwords for other important financial accounts and crypto wallets.

Here are the highlights of Risher's warning.

Showing off your Bitcoin carries risks

Risher pointed out that hackers are always improving their attack techniques. Attacks on cryptocurrency wallets often start with a post made by the victim on a forum, which can then lead to the theft of user emails.

The reason is simple: some cryptocurrency wallets allow users to reset their account passwords via email, which gives hackers an opportunity to log in to wallet accounts and steal cryptocurrencies.

Spam is becoming more personal

Risher believes that it is a mistake to compare old-fashioned spam from decades ago, such as the once popular "Nigerian Prince" scam, with today's criminal methods. New scams sometimes look like greetings from friends and family.

“‘Dear Sir/Madam, I need your help,’ you might think, sounds genuine. But the reality is that many email scammers do a lot of research on potential victims,” he notes. “So you get a certain ‘social authenticity’ in these emails.”

What is "social authenticity"? That is, using personal information that is closely related to your life to make the content of the email have a certain degree of credibility. As more and more details of modern life are shared on the Internet, it has become increasingly easy to obtain such information. People write emails, hang out on forums, and post on social networks at any time, but they forget them as soon as they are written; but even if the memory has faded, the information left on the Internet will not disappear out of thin air. To a certain extent, it is people themselves who have contributed to the rampant spread of such fraudulent emails.

As Risher puts it: “Our data is always there.”

How to improve account security?

Hackers have also made great progress in approaching "high-value targets", such as infiltrating through colleagues, social circles, etc., to get close to high-end corporate managers or politicians; even if the connection with high-end figures is not so close, it is possible to escape the "clutches". For example, if you have served as a volunteer in political activities, attended a dinner hosted by a CEO, or have worked in a well-known technology company - then don't look at it, you are the one being targeted.

Criminals have also demonstrated that they can successfully obtain the login password to the wallet-associated email address through a series of password resets through a forgotten email address.

Google has warned users of the potential government-backed hackers who could steal passwords, which is a persistent threat to email security that is often backed by a nation-state. Risher said this is "important" because once these potential victims become aware of security, they often use additional security measures, making it difficult for such powerful and effective hacker attacks to be carried out.

(From CNBC)

Other safety measures include keeping a record of all email addresses associated with financial accounts and keeping an eye on the security of those addresses, Risher said, and avoiding sharing personal information on social networking sites.

Google has already introduced a number of security measures for Gmail users who are concerned, including the Advanced Protection Program, which requires the use of third-party physical security keys - a measure that Google says has significantly reduced spam from within the company. In addition, the company is about to launch a USB-based security key for users, called Titan.