The FBI is warning of an increase in scammers pretending to be recovery companies that can help victims of cryptocurrency investment scams recover lost assets, writes Bleeping Computer.
The bulletin mentions that the money lost to cryptocurrency investment fraud surpassed $2.5 billion in 2022, and this only concerns cases reported to the authorities. Furthermore, many people lose cryptocurrency through information-stealing malware or phishing attacks that steal wallets, likely making this number far larger.
This situation creates an opportunity for recovery scheme scammers who tap into this vast pool of victims, taking advantage of their desperation to recover their funds while only deceiving them a second time.
The FBI explains that recovery schemes aim to deceive individuals into bearing the expenses of the purported recovery, often asking for an advance fee or some form of deposit.
Once the payment is made, the scammers either cut off communication with the victims or try to solicit additional funds by presenting an incomplete tracing report, suggesting they need more resources to finalize it.
“In the past we'd seen a close correlation between cryptocurrency value and crypto-related attacks, which would follow the trend curve. Most recently this has broken a bit. While the value doesn't undergo major changes, it feels like crypto-related scams are increasing. Especially recovery scams are flooding the comment section of our (moderated) blog, for example.
Also contributing to the crypto-threat landscape is the fact that most infostealing malware families on both PCs and mobile platforms have added crypto-stealing capabilities. This includes cryptomining, stealing crypto from cold wallets, stealing recovery phrases and swapping the victim's wallet in clipboard for the one owned by the attackers.
Users are advised to make sure their assets are well protected by means such as:
- Multi-Factor-Logins
- security software on PCs and mobile devices to block any kind of crypto-malware
- password managers to create and store complex passwords to your accounts and wallets
- local and regular backups and
- only dealing with reputable crypto-service providers
In short: Do everything to avoid having to ask a third party of any kind to recover your crypto-assets!”
The latest ESET Threat Report features a whole section related to cryptocurrency-related attacks and threats.