The FBI warns that criminals are actively targeting virtual assets through fraud attacks on cryptocurrency holders, exchanges, and third-party payment platforms.
The FBI has issued a TLP:GREEN Private Industry Notification (PIN) about ongoing attacks against commercial entities and individuals. The agency noted that these incidents are very similar to the ones that occurred last year.
The FBI has identified several methods that attackers are using to steal and launder cryptocurrency. These include SIM hijacking aka SIM swapping, account takeovers, identity theft, and technical support fraud.
The alert noted the increased financial loss from such attacks. The complexity of recovering stolen cryptocurrency assets makes it hard for law enforcers to track down the stolen funds.
Over the last year, the US security service received reports from individuals about hackers stealing cryptocurrency after bypassing two-step authentication or after gaining access to their accounts through phishing attacks. The attackers also used tactics like impersonating payment platforms or cryptocurrency exchange support staff and SIM swap attacks on multiple phone carriers.
The FBI advises financial institutions to be on the lookout for suspicious emails that appear to come from spoofed addresses.
Cryptocurrency owners are also urged to prevent fraud and phishing by setting up multi-factor authentication on their accounts.
The FBI issued another alert in March 2019 following an increase in SIM hijacking cases. The FTC also provides helpful information on how to safeguard your phone and personal information.
SIM swap fraud is a type of account takeover fraud that occurs when attackers steal the victim’s phone number. This technique works by convincing employees of the victims’ mobile providers to change the number to the one associated with the SIM card of the attackers. The attackers will then be able to steal the victim’s messages containing MFA codes.
After gaining access to the victims’ accounts, the criminals can also steal their money and other virtual assets.