With billions of dollars held by cryptocurrency exchanges, it’s no surprise they’ve become prime targets for scammers. The FBI has recently issued a warning about a new scam where fraudsters impersonate cryptocurrency exchange employees to steal funds from unsuspecting users.
The Scam:
The scam is alarmingly straightforward. Victims receive an unexpected call or text from someone claiming to be an employee of a cryptocurrency exchange. The scammer warns the victim of an issue with their account, such as a potential theft or fraud, and suggests that immediate action is needed. To “resolve” the issue, the scammer either requests login credentials directly or provides a login link. Once the victim complies, the scammers misuse the information to access and drain the victim’s account.
A Familiar Tactic:
While the FBI has not provided details of a specific campaign, this is the latest example of a socially engineered scam that relies on the principle of calling many and fooling a few. The simplicity of the scam is deceptive, and it plays on the victim’s fear of losing their funds.
Most people would likely recognize the scam for what it is and refuse to disclose sensitive information. However, it’s crucial to remember that legitimate financial institutions, including banks and cryptocurrency exchanges, will never request your login credentials. They will always instruct you to log in through their official channels.
Stay Vigilant:
If you receive a call from someone claiming to be from a cryptocurrency exchange—or any financial institution—it’s best to assume the caller is a fraudster unless they can provide undeniable proof of their identity. Always insist on calling back using the official contact numbers found on the institution’s website.
FBI’s Advice:
The FBI has provided clear guidance on how to handle such calls:
- Do Not Respond: If you receive a call or message about an account problem or compromise, do not respond, even if the message seems official and urgent.
- Hang Up and Verify: End the call immediately. Contact the cryptocurrency exchange using its official phone number to verify the situation. Do not use any number provided by the caller.
- Avoid Clicking Links: Do not visit websites or click on links sent by the caller. Instead, navigate to the official exchange website directly.
- Never Share Login Information: At no point should you share your account login details.
- Be Wary of Recovery Services: Be cautious of services that claim they can recover lost cryptocurrency funds.
- Report Fraud: If you believe you’ve been defrauded, contact the exchange immediately. You can also report the incident to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
Ongoing Threats:
This warning comes just three months after the FBI’s last alert about a more sophisticated token impersonation scam. In comparison, the current scam may seem rudimentary, but it’s no less dangerous.
The rise in call scams is not limited to cryptocurrency. The “State of the Call” report by Hiya, published earlier this year, highlights that threats to the security and trustworthiness of voice calls in the U.S. have worsened over the past year.
As scams continue to evolve, it’s more important than ever for individuals to remain vigilant and informed.