The U.S. Federal Bureau of Investigation has warned that cybercriminals are creating fraudulent cryptocurrency applications to defraud investors.
The FBI said in the private industry notification that cybercriminals have been contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency services. The same cybercriminals are also convincing investors to download fraudulent mobile apps with increasing success to defraud investors of their cryptocurrency.
The FBI has identified 244 victims of fraudulent cryptocurrency investment apps and estimates the approximate loss associated with this activity to be $42.7 million.
One example invovles cybercriminals purporting to be a legitimate financial institution defrauding at least 28 victims of $3.7 million. The cybercriminals convinced victims to download an app that used the same name and logo of an actual financial institution and then deposit cryptocurrency into wallets controlled by the cybercriminals. When 13 of the 28 victims attempted to withdraw funds, they were told they had to pay taxes on their investments to make withdrawals – the victims did and were still not able to withdraw funds.
In another example, cybercriminals using the name YiBit defrauded at least four victims of $5.5 million through an app. Like the previous example, the cybercriminals said that taxes had to be paid with victims unable to withdraw funds. A third example involves a fake company called Supayos or Supay that also tricked users into transferring cryptocurrency.
The FBI recommended that financial institutions proactively warn customers about these activities, how to report them and also educate customers on what services they legitimately offer. Investors are warned to be wary of unsolicited requests and to verify that the app is legitimate before downloading it by confirming the offering.
“Although the recent cryptocurrency crash has no doubt soured some investors from participating in the space, the reality is that for many people cryptocurrencies still carry the mystique of being the next big thing in investing and this has fueled some inexperienced investors into making rash decisions for fear of missing out on the next wave that promises life-changing financial returns,” Chris Clements, vice president of solutions architecture at IT service management company Cerberus Cyber Sentinel Corp., told SiliconANGLE. “Unfortunately, the same lack of regulation and centralized control that attracts some cryptocurrency proponents can be abused by malicious actors to conduct fraud on a massive scale.”
“The FBI’s recommendations for investors to stay safe from similar fraudulent schemes is good advice, particularly to have skepticism towards unsolicited requests to participate in new investment platforms or apps,” Clements explained. “But guidance to verify the legitimacy of a new or unknown organization can be a difficult task as it can be just as easy for fraudsters to falsify a fake company website or address.”
James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc. noted that cybercriminals always target money and what better to scam people out of money than those with access to millions in cryptocurrency.
“While Security awareness training focuses on phishing, it’s important to remember that we should only download apps from trusted sources, like the Google Store or Apple’s App Store,” McQuiggan said. “Cybercriminals will leverage social engineering to convince victims to download apps which can take over their devices like smartphones or install browser extensions to take over their computers.”
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.