FBI warns of rising NFT scams & evolving crypto fraud tactics; here’s how you can keep safe
FBI warns of NFT scams where criminals pose as developers, tricking victims via fake endorsements and urgency.
Highlights
- Cybercriminals posing as developers to steal crypto assets
- Fraudsters pose as romantic connectiononline, con victims into crypto investments
- FBI warns of AI-used scams luring victims via trusted app stores
The FBI has issued a cautionary alert concerning cybercriminals disguising themselves as authentic non-fungible token (NFT) developers to steal cryptocurrencies and digital assets from unsuspecting victims. Within these deceitful schemes, culprits either gain direct access to NFT developer social media accounts or create imitation accounts to endorse "exclusive" new NFT releases.
These scams frequently employ deceptive advertisements that induce a sense of urgency.
FBI warns of phishing scams targeting NFT investors through fake sites
Victims are directed to phishing links contained in these announcements, which then steer them to counterfeit websites meticulously designed to resemble legitimate extensions of specific NFT projects. These replica sites prompt potential victims to link their cryptocurrency wallets and buy NFTs, but the malicious actors behind the scenes drain funds and NFTs into their control.
Types of scam you should be aware of
The agency noted that stolen contents from victims' wallets typically undergo a series of cryptocurrency mixers and exchanges to obscure the route and ultimate destination of the purloined NFTs.
To mitigate threats posed by such fraudulent activities, users are strongly advised to exercise prudence, and thoroughly vet social media accounts and websites to verify their authenticity.
This alert follows an earlier caution from the FBI, issued nearly five months ago, regarding a surge in deceptive cryptocurrency investment schemes known as "pig butchering" (shā zhū pán), which resulted in $2 billion in losses in 2022.
'CryptoRom' scams exploiting romantic connections
The FBI also highlighted a distinct type of scam called CryptoRom, wherein criminals fabricate personas on dating apps and social media platforms to cultivate romantic connections and foster trust with victims.
These perpetrators initiate conversations on the platform through which they made initial contact and then shift to private messaging apps like Telegram or WhatsApp. Here, they coax victims into using deceitful crypto platforms or apps for substantial investments.
The criminals guide victims through the investment process, showcase fabricated profits, and drive them to invest more. When victims seek to withdraw their funds, they are coerced into paying fees or taxes, with no recourse for retrieving their money, even if the levied fees or taxes are paid.
AI-powered romance scams exploit trusted app stores
Romance-focused social engineering attacks have evolved recently, as noted by cybersecurity company Sophos. They've identified a new tactic employed by threat actors involving the utilisation of generative AI tools.
These tools enhance the authenticity of conversations on messaging platforms, making it easier to convince victims. The attackers manipulate victims into downloading questionable applications from reputable sources like the Apple App Store and Google Play Store.
Sophos also said, "These applications can get past review by Apple and Google by modifying remote content associated with the apps after they are approved and published to the stores,"
