Cryptocurrency Scams Continue

10664180274?profile=RESIZE_400xThe State of NJ NJCCIC continues to receive reports of stolen cryptocurrency and recently reported on observed tactics that often include the use of social engineering.  The FBI issued a notification this week alerting financial institutions and investors that cybercriminals are creating fraudulent cryptocurrency investment apps to defraud cryptocurrency investors.  The cybercriminals were observed contacting investors and convincing them to download fraudulent cryptocurrency investment mobile apps. The fraudulent apps and associated fake websites displayed legitimate business names, logos, and other identifying information.  The FBI identified two fraudulent apps claiming to be legitimate cryptocurrency exchange providers, YiBit (observed between October 4 and May 13) and Supayos/Supay (observed between November 1 and 26).  A third undisclosed US financial institution was also impersonated (observed between December 22 and May 7).  At least 244 victims were identified, resulting in roughly $42.7 million in losses.  Additionally, the Federal Trade Commission (FTC) recently reported that more than 46,000 Americans lost over $1 billion between January 2021 and March 2022 due to cryptocurrency scams, emphasizing their widespread threat and associated rising cost.[1]

The NJCCIC recommends financial institutions and investors educate themselves and others on these continuing threats and tactics to reduce victimization.  Users are advised to refrain from responding to unsolicited communications, clicking links, and opening attachments from unknown senders, and exercising caution with communications from known senders. Protect your digital assets by refraining from sending funds or installing wallets through unverified websites. Furthermore, verify an app is legitimate prior to downloading, only download apps from reputable sources, and implement security controls that help prevent account compromise, including strong passwords and multi-factor authentication (MFA) where available, choosing authentication apps or hardware tokens over SMS text-based codes. Additional recommendations can be found in the FBI notification (20220718-001).

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and offer technical reports like this from pour friends at Microsoft.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

 

[1] https://www.ic3.gov/Media/News/2022/220718.pdf

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!