-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create bogus-cryptocurrency-investment-apps.md
- Loading branch information
Showing
1 changed file
with
42 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
## Cybercriminals are convincing investors to download fraudulent mobile apps | ||
|
||
The FBI has warned that cybercriminals use fraudulent cryptocurrency investment applications to steal funds from investors. | ||
|
||
The FBI has observed cyber criminals contacting investors, fraudulently claiming to offer legitimate cryptocurrency investment services and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency. | ||
|
||
The agency identified crooks operating under several company names, such as Yibit (between October 2021 and May 2022) and Supayos aka Supay (in November 2021). | ||
|
||
They convinced multiple targets to install bogus apps and deposit funds into wallets the attackers claimed were associated with the victims' app accounts. | ||
|
||
Between 22 December 2021 and 7 May 2022, other cybercriminals impersonated a legitimate US financial institution to defraud dozens of other victims out of millions of dollars worth of cryptocurrency. | ||
|
||
They used a similar tactic, tricking victims into installing a bogus app and depositing cryptocurrency into wallets allegedly linked with the victims' accounts on the app. | ||
|
||
## Recommendations | ||
|
||
The FBI recommends financial institutions take the following precautions: | ||
|
||
* Proactively warn customers about this activity and provide steps customers can take to | ||
report it. | ||
* Inform customers as to whether the financial institution offers cryptocurrency | ||
investment services or other related services and methods to identify legitimate | ||
communications from the institution to customers. | ||
* Inform customers whether the financial institution has a mobile application. | ||
* Periodically conduct online searches for your company's name, logo, or other | ||
information to determine if they are associated with fraudulent or unauthorized activity. | ||
|
||
The FBI recommends investors take the following precautions: | ||
|
||
* Be wary of unsolicited requests to download investment applications, especially from | ||
individuals you have not met in person or whose identity you have not verified. Take | ||
steps to verify an individual's identity before providing them with personal information | ||
or relying on their investment advice. | ||
* Verify an app is legitimate before downloading it by confirming the company offering | ||
the app actually exists, identifying whether the company or app has a website, and | ||
ensuring any financial disclosures or documents are tailored to the app's purpose and | ||
the proposed financial activity. | ||
* Treat applications with limited and/or broken functionality with skepticism. | ||
|
||
## Links | ||
|
||
https://www.ic3.gov/Media/News/2022/220718.pdf |