Key takeaways:

  • Cryptocurrency is legal but there is currently not a lot of government oversight.
  • Cybercriminals take advantage of the fact that your actual identity isn't made public.
  • Common scams include phishing/smishing, fake apps, giveaway or contest scams, ransomware, cryptojacking and investment scams.
  • Thoroughly research any investment opportunity. You can check if a company is registered using the Canadian Securities Administrators (CSA) National Registration Search tool.
  • If you've fallen for a crypto scam, it's important to act fast.

You've probably heard of cryptocurrency like Bitcoin or Ethereum, and maybe you're curious about adding it to your investment portfolio. Before you get started, it's important to be informed.

Like any other currency, cryptocurrency can be used to buy or sell goods and services — and it can be exploited by cybercriminals to steal your data or your money. According to the Canadian Anti-Fraud Centre (CAFC) Annual Report from 2021, crypto is the second-most used payment method for fraud in Canada, after wire transfers.1

The good news is that you can fight back. Read on to learn about common cryptocurrency scams and how to avoid them.

What is cryptocurrency?

Cryptocurrency, or crypto, is a form of digital currency that uses cryptography (or codes) and other encryption services. It's considered pseudo-anonymous, meaning that data about you, such as your earnings, losses and address, are posted to a public ledger (known as the blockchain), but your actual identity is not made public.

Launched in 2009, Bitcoin was the first cryptocurrency on the market. It remains the most popular and valuable.

Types of crypto scams

Cryptocurrencies are legal, but they're not generally overseen by governments, nor are they centralized. Individuals or organizations can access cryptocurrency easily and make transactions while hiding their identities, making it an extremely vulnerable tool for cybercrime.

Be aware of the following types of cryptocurrency scams.

Investment scams

Investment scams in any currency work by promising large returns when you invest. Crypto scammers will reach out claiming to be investment advisors, often saying they themselves have earned outstanding returns. Once you express interest, they'll ask you for a fee to get started, as well as personal information to set up your accounts.

When it comes to crypto, investment scams are the most expensive type of fraud, according to the CAFC, with an average dollar loss of over $47,000. Senior Canadians are at particular risk; in 2021, they lost $38 million with an average of $78,000 per person.

Phishing and smishing scams

Phishing occurs when a scammer sends an email intended to trick you into revealing sensitive or personal information, giving access to your accounts or transferring money to a fraudster.

For example, you might receive an email that appears to be from Ledger (the company that provides crypto wallets),2 asking you download a new version of the app or to input your recovery password. Don't do it! The message might be tailored to look legitimate, often using the corporate logo and a real-seeming address, a tactic called “spoofing." If you reply, your message will go straight to the scammers, who can use your data to steal your identity or access your money and accounts.

Smishing is the same process, only using SMS (text messages).

Fake apps

With a little bit of coding, criminals can design and build apps that seem like legitimate tools to buy, sell or trade cryptocurrency. Only when users download and deposit their crypto, they won't be able to withdraw it.

Even worse, sometimes just clicking on a link installs malware (malicious software) onto your computer. Be wary of “too good to be true” investment offers on social media or dating apps. Cybercriminals can hack social media or meail accounts and impersonate your friends.

Giveaway scams

You might have seen cryptocurrency “giveaways" advertised on social media. Be wary. Many of these contests take you to pages where you're instructed to enter your crypto account number or make a payment to verify your account. Scammers can then use this data to steal your identity or money, and you might infect your computer with malware.


When you click on a link sent through a phishing or smishing message, a website, a social media post or downloaded from a fake app, you run the risk of exposing your computer to ransomware. Ransomware is a type of malware that infects your computer for the purpose of extorting money from you. It scrambles (encrypts) the data in your files, locks you out of your device and demands payment to restore your data.


Cryptocurrency can be collected and amassed through a process called “mining," which involves locating and verifying digital “coins." Crypto mining uses significant computing resources, so cybercriminals might attempt to avoid the associated costs by cryptojacking your computer to do their work. If your computer, smart phone, tablet or server is running slowly, it might be mining under instructions from hijackers.

How to protect yourself

Falling for a cybercrime can cause significant problems. If a scammer assumes your identity to commit theft and fraud, it can be a complicated process to clear your name and re-establish your credit history, identification and financial solvency. Plus, if cybercriminals funnel money from your accounts, you may not be able to recover your funds.

Luckily, there are ways to defend yourself against cybercrime.

Consider the source

You'd likely be suspicious of an unsolicited email or text message promising you cash, and you should bring that same scrutiny to cryptocurrency. The best practice is to ignore these messages, particularly if they include promises or guarantees of financial returns. Beware of messages that are urgent in tone, social media posts, pop-up ads and other blanket marketing.

Do your due diligence

Many cryptocurrency scams rely on gaining your trust. Cybercriminals might show up in forums about cryptocurrency or in social media groups where they engage with a curious community, luring them into dubious activities by creating a false sense of security.

If you're planning on buying cryptocurrency or making an investment:

  • Take the time to do your due diligence.
  • Don't trust a site based on its appearance.
  • Read company white papers to make sure you understand the product and search for reliable sources when considering an investment. You can check if a company is registered using the Canadian Securities Administrators (CSA) National Registration Search tool.
  • Never share your digital wallet’s information and check your bank statements regularly.
  • Ask for detailed information and don't invest unless you receive it.
  • Use strong passwords and two-factor authentication to protect your accounts.

When in doubt, do your research and always be aware of common scams targeting your personal information or money.

Use reputable platforms

Use the Apple App Store or Google Play Store to download financial apps. When you're ready to buy crypto or make an investment, type the URL of the service's website directly into the browser rather than following a link from an email or the web. Visually check to make sure the website address is correct. An address that's off by even one character will take you somewhere else. Even if the address is spelled correctly, never trust a URL that starts with “http" instead of “https" (the “s" stands for secure) and doesn't display a tiny padlock icon in the address bar.

Protect your wallet

Cryptocurrency is digital money, so you keep it in a digital wallet. You can protect your wallet by making sure you never share your “seed phrase," the unique and random phrase the wallet generates. The seed phrase lets you access your wallet even if you forget your password or if your hard drive is corrupted.

Practice good password hygiene

Always keep your passwords confidential and avoid using the minimum six to eight character limit — longer passwords make it harder for others to guess. Also, never use the same password for two or more accounts. To help you remember multiple passwords, you can create a passphrase, which is when you take a phrase and convert it to a password using a combination of different letters, capitalizations and special characters.

You can add an extra layer of security to your account by activating 2-step verification. This allows you to get notifications of sign-in attempts and block unauthorized users from signing into your account.

Learn more about 2-step verification here.

What to do if you've been scammed

If, despite your best efforts, you suspect you've been scammed, there are steps you should take right away. First, immediately change your passwords and usernames. The longer scammers have easy access to your accounts, the worse the damage might be. Then, call Scotiabank at 1-866-625-0561 to log the issue and the police to make a report. Finally, inform the Canadian Anti-Fraud Centre (CAFC) so they can assist law enforcement in your case.

Bottom line

Every new technology brings new opportunities — and new risks. If you're curious about crypto, use the latest anti-fraud tools and strategies to protect your identity, reputation and money.

Have you been scammed?