Cryptocurrency investors have lost nearly $43 million to fraudulent cryptocurrency investment apps, according to the US Federal Bureau of Investigation (FBI).
“The FBI has observed cyber criminals contacting US investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency,” the Bureau says.
“The FBI has identified 244 victims and estimates the approximate loss associated with this activity to be $42.7 million. The FBI encourages financial institutions and their customers who suspect they have been defrauded through fake cryptocurrency investment apps to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.”
In one recent example, scammers stole $3.7 million from twenty-eight people.
“Between 22 December 2021 and 7 May 2022, unidentified cyber criminals purporting to be a legitimate US financial institution defrauded at least 28 victims of approximately $3.7 million,” the FBI says. “The cyber criminals convinced victims to download an app that used the name and logo of an actual US financial institution and deposit cryptocurrency into wallets associated with the victims’ accounts on the app.
When 13 of the 28 victims attempted to withdraw funds from the app, they received an email stating they had to pay taxes on their investments before making withdrawals. After paying the supposed tax, the victims remained unable to withdraw funds.”
The FBI offers the following recommendations for users:
- “Be wary of unsolicited requests to download investment applications, especially from individuals you have not met in person or whose identity you have not verified. Take steps to verify an individual’s identity before providing them with personal information or relying on their investment advice.
- “Verify an app is legitimate before downloading it by confirming the company offering the app actually exists, identifying whether the company or app has a website, and ensuring any financial disclosures or documents are tailored to the app’s purpose and the proposed financial activity.
- “Treat applications with limited and/or broken functionality with skepticism.”
And it also has recommendations for businesses, specifically financial services companies, who have a role in making social engineering more difficult from their end:
- “Proactively warn customers about this activity and provide steps customers can take to report it.
- “Inform customers as to whether the financial institution offers cryptocurrency investment services or other related services and methods to identify legitimate communications from the institution to customers.
- “Inform customers whether the financial institution has a mobile application.
- ”Periodically conduct online searches for your company’s name, logo, or other information to determine if they are associated with fraudulent or unauthorized activity.”
New-school security awareness training can give your employees a healthy sense of suspicion so they can recognize these types of scams.
The FBI has the story.