Privacy Tip #337 – FBI Issues Warning About Cryptocurrency Apps

On July 18, 2022, the FBI issued an Alert advising consumers that fraudulent cryptocurrency apps have caused more than 244 victims to lose nearly $43 million.

The fraudulent apps that cyber criminals used to steal funds from consumers were presented as banking institutions asking investors to deposit funds, and then not allowing them to withdraw the funds until they paid taxes. After paying the taxes, the investors were unable to access the funds.

The criminals reached out to U.S. investors and convinced them to download fraudulent mobile apps that use legitimate bank names and logos or other apps offering crypto wallets. The customers deposited funds, then the threat actors froze the assets. The named apps include YiBit and Supayos, aka Supay.

The FBI issued the following recommendations and precautions to financial institutions and investors:

“The FBI recommends financial institutions take the following precautions:

  • Proactively warn customers about this activity and provide steps customers can take to report it.
  • Inform customers whether the financial institution offers cryptocurrency investment services or other related services along with methods to identify legitimate communications from the institution to customers.
  • Inform customers whether the financial institution has a mobile application.
  • Periodically conduct online searches for your company’s name, logo, or other information to determine if they are associated with fraudulent or unauthorized activity.

“The FBI recommends investors take the following precautions:

  • Be wary of unsolicited requests to download investment applications, especially from individuals you have not met in person or whose identity you have not verified. Take steps to verify an individual’s identity before providing them with personal information or relying on their investment advice.
  • Verify that an app is legitimate before downloading it by confirming the company offering the app actually exists, identifying whether the company or app has a website, and ensuring any financial disclosures or documents are tailored to the app’s purpose and the proposed financial activity.
  • Treat applications with limited and/or broken functionality with skepticism.”