The FBI has warned US financial institutions and investors of a surge in fake apps designed to trick consumers into depositing cryptocurrency.
Over an unspecified time scale, such scams have already cost $42.7million to 244 identified victims.
The Private Industry Notification claimed, “The FBI has observed cyber-criminals using the names, logos and other identifying information of legitimate US businesses, including creating fake websites with this information, as part of their ruse to gain investors.”
“Financial institutions should warn their customers about this activity and inform customers as to whether they offer cryptocurrency services.”
The FBI highlighted three specific incidents which illustrate the scale of the threat:
- Scammers spoofed Yibit, a brand of defunct crypto exchange, to convince at least four victims to deposit $5.5million via the fake app. The victims were also told that they would be unable to withdraw money until additional tax was paid. The scam spanned October 2021 to May 2022.
- Investors were convinced by cyber-criminals to download an app designed to spoof a real financial institution and deposit cryptocurrency. In the scam running from December 2021 to May 2022, the victims lost all their money. Many also fell for the follow-on scam in which the fraudsters said that victims could only make withdrawals by paying tax on these funds.
- A fake app, “Supay,” was created by cyber-criminals with the same name as an Australian currency exchange provider. Two individuals were defrauded in this scheme in November 2021.
The FBI has asked financial institutions to proactively warn customers of the threat of crypto fraud. It has also asked organisations to evaluate whether their own organisation offers similar legitimate services via mobile apps/
Additionally, it has warned customers to be extra cautious when receiving requests to download investment apps and to verify with legitimate providers where possible.