In the United States, the FBI warns of a spike in cryptocurrency investment schemes. Criminals, typically based outside the US, defrauded victims of more than two billion US dollars in 2022 using these schemes, according to the FBI Internet Crime Complaint Center (IC3).
Schemes are socially-engineered and trust-enabled, usually beginning with a romance or confidence scam and evolving into cryptocurrency investment fraud. Criminals use fictitious identities to develop relationships and build rapport with victims. Criminals target victims using dating applications (apps), social media platforms, professional networking sites, or encrypted messaging apps.
Once trust is established with victims, criminals introduce the topic of cryptocurrency and claim to have expertise, or an affiliation with experts, who can help potential investors achieve financial success. Criminals then convince victims to use fraudulent websites or apps, controlled by the criminals, to invest in cryptocurrency. Criminals coach victims through the investment process, show them fake profits, and encourage victims to invest more. When victims attempt to withdraw their money, they are told they need to pay a fee or taxes. Victims are unable to get their money back, even if they pay the imposed fees or taxes.
The FBI also warns of criminals creating fake gaming applications (apps) to steal millions of dollars in cryptocurrency. Criminals advertise the apps as play-to-earn games offering financial incentives to players.
Some advice from the FBI:
– If an unknown individual contacts you, do not release any financial or personal identifying information (PII) and do not send any money.
– Do not invest per the advice of someone you meet solely online.
– Confirm the validity of any investment opportunity or cryptocurrency investment website or app.
– If you already invested funds and believe you are a victim of a scheme, do not pay any additional fees or taxes to withdraw your money.
– Do not pay for services that claim to be able to recover lost funds.
The FBI requests victims in the States to report these types of fraudulent or suspicious activities to the FBI IC3 at www.ic3.gov.
The FBI meanwhile has released its Internet Crimes 2022 report; saying that ransomware gangs breached the networks of at least 860 critical infrastructure organisations last year; such as water and wastewater sector entities. Phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities remained the top initial access vectors for ransomware incidents as reported to the IC3.
In a foreword, Timothy Langan, Executive Assistant Director at the FBI said: “The IC3 serves as a public resource to submit reports of cyberattacks and incidents, which allows us to collect data, identify trends, and pursue the threat at hand. In 2022, the IC3 received 800,944 complaints, which is a 5 percent decrease from 2021. However, the potential total loss has grown from $6.9 billion in 2021 to more than $10.2 billion in 2022.”
As of December 31, 2022, the IC3, set up in 2000, has received over seven million complaints of ‘Internet facilitated crimes’.
Comment
Xavier Bellekens, CEO of Lupovis, said: “The FBI’s report mirrors the data produced by our decoys. Healthcare is always the number one target. However, one interesting area that we are also seeing is criminals launching attacks from their networks they compromise as well. This means criminals not only attack a victim, but they also use their network presence to launch attacks on other victims as well. Which essentially means they are rinsing targets dry before moving on to the next.
“With industrial organisations being such a prime target today, these businesses must do more to protect their assets. We often see OT networks being connected directly up to the web, which is a critical red flag that must stop. When it comes to industrial cybersecurity, organisations must rely on segmentation, threat monitoring, vulnerability management and visibility to improve their defences.”
