The US security agency, FBI (Federal Bureau of Investigation) has issued a warning today that overseas investors (specifically US-based) have been targeted by cybercriminals who are stealing funds using fraudulent cryptocurrency investment applications.
It is estimated that approximately $42.7 million has already been stolen from 244 victims to date by cybercriminals, as per the US federal law enforcement agency.
There were several company names used by the criminals in order to disguise their activities such as:-
- Yibit (between October 2021 and May 2022)
- Supayos aka Supay (in November 2021)
In order to capitalize on legitimate businesses’ names, logos, and identifying information, threat actors are misusing the information. In an attempt to attract potential investors, and make them invest they are creating fake websites.
Several targets who were targeted were lured into downloading the fake apps and placing funds in the wallets of these fake apps. A number of accounts that were claimed to be associated with the victims’ app accounts were attacked by the attackers.
There have been previous warnings from the FBI in regards to fraudsters targeting cryptocurrency owners by impersonating staff from crypto exchanges and payment platforms and targeting digital assets.
It was also reported by the FBI SEC that fraudsters were impersonating financial advisors and brokers in the stock market in July 2021.
Recently, fraudulent businesses masquerading as legit US financial firms have duped 34 victims out of about $10 million by using YiBit and Supayos (also known as Supay).
Recommendations for financial institutions:-
- Customers should be notified about this activity in a proactive manner and provided with information on how to report it if it occurs.
- Identify legitimate communication from institutions to their customers, such as whether they offer cryptocurrency investment services.
- Provide customers with information regarding the existence of mobile applications provided by the financial institution.
- In order to identify if your company’s name, logo, or other information is associated with fraudulent or unauthorized activity, you are advised to conduct periodic online searches for your company’s name, logo, or other information.
Recommendations for investors:-
- You should be cautious about downloading investment applications from unsolicited individuals.
- Provide personal information or rely on investment advice from individuals whose identity has been verified.
- Before downloading an app, you should confirm the legitimacy of the app by verifying the validity of the company that offers it.
- Be skeptical when it comes to applications that have limited functionality or are damaged.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.