The FBI has warned US investors and financial institutions of a surge in fake apps designed to trick consumers into depositing cryptocurrency.
The scams have already cost 244 identified victims $42.7m, although it’s unclear what the time period of this activity is.
“The FBI has observed cyber-criminals using the names, logos and other identifying information of legitimate US businesses, including creating fake websites with this information, as part of their ruse to gain investors,” the Private Industry Notification claimed.
“Financial institutions should warn their customers about this activity and inform customers as to whether they offer cryptocurrency services.”
The FBI highlighted three incidents which illustrate the scale of the threat:
- Cyber-criminals convinced investors to download an app designed to spoof a real US financial institution, and deposit cryptocurrency. Not only did the victims lose this money, but many also fell for a follow-on scam in which the fraudsters said they could only make withdrawals by paying tax on these funds. The scam ran from December 2021 to May 2022
- Scammers spoofed the brand of defunct crypto exchange Yibit to convince at least four victims to deposit $5.5m via a fake app. The victims were also told they could not withdraw money unless they paid additional tax. The scam ran from October 2021 to May 2022
- Cyber-criminals created a fake app “Supay” with the same name as an Australian currency exchange provider. The scheme defrauded two individuals in November 2021
The FBI urged financial institutions to proactively warn customers of the threat of crypto fraud, and whether their own organization offers similar legitimate services via mobile apps.
It also warned consumers to be extra cautious when receiving unsolicited requests to download investment apps, and to verify apps are legitimate by confirming the companies offering them actually exist.