The U.S. Federal Bureau of Investigation (FBI) has sounded the alarm about cybercriminals impersonating legitimate NFT developers, according to a recent advisory.
Their goal? To deceptively extract cryptocurrency and other digital assets from unsuspecting individuals.
These cybercriminals take a two-pronged approach:
Some infiltrate the social media accounts of genuine NFT developers directly, while others create fake accounts that closely resemble the real ones. Once they establish these platforms, they announce “exclusive” NFT releases, often accompanied by aggressive advertising campaigns designed to create a sense of urgency.
“Links in these announcements are phishing links that direct victims to a spoofed website that appears to be a legitimate extension of a particular NFT project,” the FBI said in an advisory last week.
Once potential victims land on these bogus websites, they are asked to link their cryptocurrency wallets and purchase the advertised NFT. However, instead of acquiring a new digital asset, the funds and any existing NFTs in the victim’s wallet are transferred to different wallets under the control of these scammers.
The FBI further noted that once these assets are stolen, they don’t just lie in one location.
“Content stolen from victims’ wallets is often processed through a series of cryptocurrency mixers and exchanges to obscure the path and ultimate destination of the stolen NFTs,” the agency said.
Romance manipulation
This latest FBI warning follows the warning issued five months ago regarding an increase in “pig slaughter” schemes, another social engineering attack in which a scammer tricks unsuspecting investors into sending them their crypto assets through dating apps , social media and SMS platforms. including Telegram and WhatsApp.
According to the U.S. Department of Justice, one of the plans raised more than $10 million from five victims. In doing so, criminals created a fake identity on a dating app, entered into romantic relationships to gain the victim’s trust, and then introduced the idea of crypto trading.
“The emotional manipulation, friendly tone, and sheer length of the pre-exploitation phase allow genuine feelings to emerge, and the actor exploits that emotion for financial gain, sometimes losing millions of dollars.”
In most cases, these scammers guide their victims through the investment process, display fake profits and encourage victims to invest more. When victims try to withdraw their money, they are told that they have to pay a fee or tax – even if they pay the imposed fees or taxes, the victim is still unable to get their money back.
The fraudulent plan was from May to August 2022. In 2022 alone, plans to slaughter pigs resulted in more than $2 billion in losses.
And then there’s AI…
These romance-driven scams have also evolved. Cybersecurity firm Sophos discovered a new trend where scammers are using generative AI-based tools to make their conversations with victims through messaging apps appear more real. This tactic aims to convince victims to download dubious apps available on platforms such as the Apple App Store and Google Play Store.
Sophos highlighted how these apps evade scrutiny: “Simply by modifying a pointer in remote code, the app can be switched from a benign interface to a rogue interface without further review by Apple or Google, unless a complaint is filed.”
In 2022, investment fraud caused the largest losses of any scam reported by the public to the FBI’s Internet Crimes Complaint Center (IC3), totaling $3.31 billion. Schemes such as pig slaughter accounted for most of these scams, rising 183% last year from 2021 to $2.57 billion in reported losses.