The Federal Bureau of Investigations (FBI) published a new advisory regarding a group of fraudsters who used fake applications to defraud investors. Recent reports reveal that threat actors use fake cryptocurrency investment applications to steal from US-based investors.
Unfortunately, the fraudsters have swiped more than $40 million of funds from approximately 240 victims.
Furthermore, the threat actors persuade the investors to download their phoney mobile applications. However, these applications are just a vector of the attackers to deceive these investors into giving away their funds.
A separate incident of the threat actors from December last year to May this year has defrauded many targets by impersonating a legitimate United States financial firm. The attackers also stole millions of dollars worth of cryptocurrency from its victims.
The same attack may connect those threat actors with the earlier mentioned fraudster as they deployed a similar strategy. Both entities fooled their victims by convincing them to install a fake app that deposits cryptocurrency into unknown wallets. The attack deceived most victims since their accounts appeared to be associated with the fake application.
The federal law enforcement agency stated that the fraudsters have several firms.
The FBI also included in their advisory that the fraudsters were utilising several company names, such as Supayos and Yibit, to convince their target that their companies are legitimate.
In addition, these fraudsters personally contacted United State investors and endorsed their site as a legitimate cryptocurrency investment service. According to the law enforcement agency, the Yibit company has defrauded four victims of roughly five and a half million dollars.
On the other hand, the Supayos company has also defrauded a couple of victims, but it is still unknown whether the company gained millions from the two investors.
The bureau suggested that investors should be cautious in selecting companies that offer to be true investing schemes. Experts also recommend that cryptocurrency owners verify such apps if they are genuine by visiting their official website.
Lastly, users should always enable the MFA feature and reject all requests for remote accessing apps.