On July 18, 2022, the FBI issued an Alert advising consumers that fraudulent cryptocurrency apps have caused more than 244 victims to lose nearly $43 million.

The fraudulent apps that cyber criminals used to steal funds from consumers were presented as banking institutions asking investors to deposit funds, and then not allowing them to withdraw the funds until they paid taxes. After paying the taxes, the investors were unable to access the funds.

The criminals reached out to U.S. investors and convinced them to download fraudulent mobile apps that use legitimate bank names and logos or other apps offering crypto wallets. The customers deposited funds, then the threat actors froze the assets. The named apps include YiBit and Supayos, aka Supay.

The FBI issued the following recommendations and precautions to financial institutions and investors:

“The FBI recommends financial institutions take the following precautions:

  • Proactively warn customers about this activity and provide steps customers can take to report it.
  • Inform customers whether the financial institution offers cryptocurrency investment services or other related services along with methods to identify legitimate communications from the institution to customers.
  • Inform customers whether the financial institution has a mobile application.
  • Periodically conduct online searches for your company’s name, logo, or other information to determine if they are associated with fraudulent or unauthorized activity.

“The FBI recommends investors take the following precautions:

  • Be wary of unsolicited requests to download investment applications, especially from individuals you have not met in person or whose identity you have not verified. Take steps to verify an individual’s identity before providing them with personal information or relying on their investment advice.
  • Verify that an app is legitimate before downloading it by confirming the company offering the app actually exists, identifying whether the company or app has a website, and ensuring any financial disclosures or documents are tailored to the app’s purpose and the proposed financial activity.
  • Treat applications with limited and/or broken functionality with skepticism.”
Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.