The U.S. Federal Bureau of Investigation (FBI) has raised alarms about cybercriminals impersonating legitimate NFT developers, according to a recent advisory.
Their aim? To deceitfully extract cryptocurrency and other digital assets from unsuspecting individuals.
These cyber crooks employ a two-pronged approach –
Some directly infiltrate the social media accounts of genuine NFT developers, while others craft counterfeit accounts that closely resemble the real ones. Once they’ve established these platforms, they announce “exclusive” NFT releases, often accompanied by aggressive advertising campaigns designed to create a sense of urgency.
“Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project,” the FBI said in an advisory last week.
Once potential victims land on these fake websites, they’re prompted to link their cryptocurrency wallets and buy the advertised NFT. However, instead of acquiring a new digital asset, the funds and any existing NFTs in the victim’s wallet are transferred to several wallets under the control of these scammers.
The FBI further noted that once these assets are stolen, they don’t just lie in a single location.
“Contents stolen from victims’ wallets are often processed through a series of cryptocurrency mixers and exchanges to obfuscate the path and final destination of the stolen NFTs,” the agency said.
Romance manipulation
This latest warning by the FBI follows its warning five months ago regarding a rise in “pig butchering” schemes, another social engineering attack in which a scammer lures unsuspecting investors into sending them their crypto assets through dating apps, social media, and SMS platforms, including Telegram and WhatsApp.
One of the schemes, according to the U.S. Department of Justice, reeled in over $10 million from five victims. This involved criminals creating a fake identity on a dating app, establishing romantic relationships to gain the victim’s trust, and then introducing the idea of crypto trading.
“The emotional manipulation, friendly tone, and sheer duration of the pre-exploitation phase allows genuine feelings to develop, and the actor exploits that emotion for financial gain, to the loss of sometimes millions of dollars.”
In most cases, these scammers will coach their victims through the investment process, show them fake profits, and encourage victims to invest more. When victims attempt to withdraw their money, they are told they need to pay a fee or taxes – even if they do pay the imposed fees or taxes, the victim still is unable to get their money back.
The fraudulent scheme operated from May to August 2022. In 2022 alone, pig butchering schemes led to over $2 billion in losses.
And then, there’s AI…
These romance-driven scams have also evolved. Cybersecurity firm Sophos identified a new trend where scammers employ generative AI-based tools to make their conversations with victims on messaging apps appear more genuine. This tactic aims to persuade victims to download dubious apps available on platforms like the Apple App Store and Google Play Store.
Sophos shed light on how these apps bypass scrutiny: “By simply changing a pointer in remote code, the app can be switched from a benign interface to a fraudulent one without further review by Apple or Google, unless a complaint is filed.”
In 2022, investment fraud caused the highest losses of any scam reported by the public to the FBI’s Internet Crimes Complaint Center (IC3), totaling $3.31 billion. Schemes such as pig butchering, represented most of these scams, increasing 183% from 2021 to $2.57 billion in reported losses last year.