UTAH (ABC4) – Scammers are getting creative and tapping into as many aspects of our lives as possible.
The Federal Bureau of Investigation says they are seeing a rise in the use of “Cryptocurrency in business email compromise schemes.”
What is this scam?
FBI says the business email compromise/email account compromise (BEC/EAC) is a sophisticated scam that targets both businesses and people who perform legitimate transfer-of-funds requests.
The scam usually happens when a person taps into approved business or personal email accounts through social engineering or computer intrusion to transfers funds illegally.
Officials have received an increased number of BEC complaints involving the use of cryptocurrency, according to the FBI.
What is cryptocurrency?
The FBI defines cryptocurrency as a form of virtual asset that uses cryptography (the use of coded messages to secure communications) to secure financial transactions and is popular among illicit actors due to the high degree of anonymity associated with it and the speed at which transactions occur.
Two types of BEC scams were identified through IC3 complaint information, which officials say was a direct transfer to a cryptocurrency exchange (CE) or a “second hop” transfer to a CE.
In both situations, the victim is unaware that the funds are being sent to be converted to cryptocurrency, according to officials.
The FBI says a CE is an entity in the business of exchanging fiat currency (government-issued currency not backed by a commodity) to cryptocurrency.
CEs routinely hold custodial accounts with traditional financial institutions (FIs) that are used for easy trading/exchanging for customers.
Official say these scams are so identical to the real deal that they are hard to detect.
Another scam is known as the second hop transfer. This type of BEC/cryptocurrency scam uses victims of other cyber-enabled scams such as extortion, tech support, and romance scams.
Usually, these scammers will provide copies of identifying documents such as driver’s licenses, passports, etc., that are used to open cryptocurrency wallets in their names. Once the scammer receives it, the victim’s bank account can be used to receive BEC funds that are then instructed to transfer to a CE custodial account or even directly to the exchange itself.
While the use of cryptocurrency is regularly reported in other crime types seen at the IC3 (e.g., tech support, ransomware, employment), officials say it was not identified in BEC-specific crimes until 2018. Even then, there weren’t may reports.
By 2019, there were more reports resulting in the highest numbers in 2020. Officials say with the information gathered so far, this trend is expected to continue into 2021.
How can you protect yourself according to FBI?
- Use secondary channels or two-factor authentication to verify requests for changes in account information.
- Make sure the URL in emails is associated with the business/individual it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Refrain from supplying login credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
- Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
- Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
Anyone who finds that they are the victim of a fraud incident, is asked to immediately contact their financial institution to request a recall of funds.