If you dabble in cryptocurrency, it's best to be extra vigilant if you receive a random message that purports to be from a trading app. Fake crypto app scams are proliferating, the FBI warns, and scammers are making off with millions.
A new report from the FBI said that 244 Americans have been robbed of an estimated $42.7 million by cybercrooks promoting fake crypto apps.
The agency is advising financial institutions as well as individual investors to be vigilant. They say crooks have had “increasing success” siphoning away unsuspecting investors’ cryptocurrency.
Stealing a few logos and setting up a website that mimics a well-known financial company is an old trick, and crooks today are using this scheme to swindle people out of crypto. In April, cybersecurity website KrebsOnSecurity posted about a crypto-related scam that used the name of famous portfolio manager Cathie Wood and her investment firm ARK Invest to direct victims to a fake website in order to defraud them with the promise of a cryptocurrency "giveaway."
Now, you have to watch out for fake mobile apps as well as fake websites.
The FBI says criminals often steal brand names, logos and other identifying information of real crypto trading platforms or financial institutions, then create fake apps intended to trick you into thinking you’re doing business with the real thing.
In one case, more than two dozen people were fooled by a fake that looked like a legitimate trading platform (the FBI didn't specify which one) and were convinced to deposit cryptocurrency into “wallets” there. The victims found out they had been dealing with an imposter when they tried to make withdrawals and couldn’t do so. The scammers made off with $3.7 million in that case.
In other cases, cybercriminals have used names of defunct or overseas financial services platforms to trick unaware investors into thinking that they were dealing with legitimate enterprises.
The common thread is that all the victims were convinced to download a mobile app that turned out to be a Trojan horse, which means cryptocurrency traders should be cautious about any mobile apps they download.
How to avoid crypto app scams
Here are some tips the FBI recommends to help you avoid getting suckered into a crypto app scam:
- Be suspicious of any solicitation you get to trade crypto on an unfamiliar app. Even if the solicitation appears to be from a financial institution you trust, it’s a good idea to independently verify (via a phone call or separate browser search not conducted through the app) that the communication really came from them. The FBI also suggests reading the fine print, “ensuring any financial disclosures or documents are tailored to the app’s purpose and the proposed financial activity.”
- Likewise, if a pitch from an individual who purports to know you lands in your inbox, the FBI urges people to make sure they are who they say they are. Always be leery of people you don’t know or haven’t met.
- As the victims in the crypto scam detailed by KrebsOnSecurity learned the hard way, be wary of any pitch that guarantees you an outsized return or offers a “signup bonus” or other freebie. The old adage about what seems too good to be true, probably is, still holds up when the topic is cryptocurrency.