The U.S. Federal Bureau of Investigation (FBI) has issued a warning about online thieves who pose as non-fungible token (NFT) creators in order to steal cryptocurrencies and other digital assets from unwary consumers.
In these fraudulent schemes, fraudsters frequently use deceptive advertising strategies to generate a sense of urgency to pull them off, either by gaining direct access to NFT developer social media accounts or by creating lookalike accounts to promote “exclusive” new NFT releases.
The FBI stated in a statement last week that the links provided in these announcements were phishing links that led users to a fake website that appeared to be an official extension of a specific NFT project.
The fake websites encourage prospective customers to link their cryptocurrency wallets and buy NFTs, but the threat actors simply syphon the money and NFTs to wallets under their control.
To disguise the path and final destination of the stolen NFTs, contents from victims’ wallets are frequently passed via a number of cryptocurrency mixers and exchanges, the agency claimed.
WATCH HOW HACKERS CREATE FAKE CRYPTO NFT SCAM PAGES
Users are advised to use due diligence and evaluate social media accounts and websites to confirm their legitimacy in order to reduce the risks presented by such scams.
The news comes about five months after the FBI issued a warning about a rise in fraudulent bitcoin investment schemes known as “pig butchering” (or shā zhū pán) that might result in $2 billion in losses by 2022.
This includes a subcategory of fraud known as CryptoRom, where crooks create false identities on social media sites and dating apps to get to know their victims romantically and earn their confidence before introducing the concept of trading cryptocurrency.
The operators are known to start a conversation with the target inside the app where they first made contact with them. The conversation is then quickly transferred to a private messaging service like Telegram or WhatsApp where they push the user to use shady cryptocurrency websites or apps and make substantial investments.
The FBI stated that criminals “coach victims through the investment process, demonstrate fictitious profits, and encourage victims to invest more.” “Victims are informed that they must pay a fee or taxes when they want to withdraw their money. Even if they pay the taxes or fees that have been imposed, they cannot get their money back.
In recent months, Sophos has identified apps on the Apple App Store and Google Play Store that use generative AI characteristics to give more legitimacy to chats with the victims on messaging apps like WhatsApp, giving a facelift to the romance-focused social engineering attacks.
“These applications are able to get past review by Apple and Google by modifying remote content associated with the apps after they are approved and published to the stores,” the cybersecurity firm claimed.
“The app can be changed from a lawful interface to a fraudulent one by simply changing a pointer in remote code, without further review by Apple or Google, unless a complaint is filed.”