What just happened? Even though we're in the middle of a crypto winter, it doesn't mean scammers have stopped trying to steal your digital assets. The FBI is warning to be wary of fake cryptocurrency investment apps that have been used to defraud hundreds of people, with losses over the last few months estimated to be around $42.7 million.
The FBI cyber division's alert states that cybercriminals have been contacting US investors and claiming to offer legitimate crypto investment services. The scam involves convincing someone to download a fraudulent mobile investment app that's used to steal victims' crypto.
The apps use the names, logos, and other identifying features of real financial institutions to make them appear more legitimate. Victims then deposit crypto into wallets associated with their accounts via the apps.
Many of the 244 people who downloaded the apps and made deposits received emails claiming they had to pay taxes on the investments before being allowed to make withdrawals. After paying the fake tax, they found they still couldn't access their funds.
Between October 4, 2021, and May 13, the cybercriminals used the company name YiBit—a real crypto exchange that closed down in 2018—to convince investors to download the app. It must have worked; four victims were defrauded out of about $5.5 million.
Scammers also hijacked the name Supayos, aka Supay, an Australian currency exchange, to fool victims. One was told he had been enrolled in a program without his consent that required a minimum balance of $900,000. He was also told that all his assets would be frozen if the money wasn't deposited.
The FBI advises people to be wary of downloading investment applications and verify their legitimacy with the companies offering the apps, assuming the firms exist.
The millions of dollars stolen using these fake investment apps illustrate just how effective high-tech scams have become. The FBI recently warned of criminals using deepfakes in remote interviews for jobs with the goal of being hired and gaining access to sensitive customer information.