Fraudsters posing as banks took $43 million from investors
Observations from FinTechECH
SnarkYEAR
Tank
A new alert from the FBI is warning investors of fraudulent activity regarding cryptocurrency investments. According to the FBI:
“Cybercriminals [are] contacts US investors, fraudulently claims to offer legitimate cryptocurrency investment services, and convinces investors to download fake mobile apps, which cybercriminals have used with increasing success over time to defraud investors of their cryptocurrency.”
Examples of the fraudulent activity include:
- Fake banking apps. According to the alert, scammers convinced victims to download an app that used the name and logo of an actual US financial institution and deposit cryptocurrency into wallets linked to the victims’ accounts on the app. When victims tried to withdraw money from the app, they received an email saying they would have to pay taxes on their investments before making withdrawals. After paying the supposed tax, the victims remained unable to withdraw money.
- YiBit. Cybercriminals, operating under the company name YiBit, tricked victims into downloading an app and depositing cryptocurrency into wallets linked to victims’ YiBit accounts. After the deposits, the investors received an email requiring them to pay taxes on their investments before they could withdraw funds, which they were unable to do.
- Supayos. In this scam, victims were asked to download an app and make cryptocurrency deposits. Scammers told a victim that he was enrolled in a program that required a minimum balance of $900,000. Upon attempting to cancel the subscription, the victim was asked to deposit the requested funds or have all assets frozen.
What should investors do?
The FBI advises investors to take the following precautions:
- Be wary of unsolicited requests to download investment applications. As the FBI warns, this is especially true for individuals or purported companies the investor has not met in person or already knows.
- Verify that an app is legitimate before downloading it. This is easier said than done for many consumers, but Googling the name of an app before downloading it is likely to turn up fraud reports if the app is not legitimate.
- Treat apps with limited and/or broken functionality with skepticism. This advice applies after someone has already downloaded the app, so hopefully potential victims won’t need to rely on this advice if they don’t download the app in the first place.
What should the banks do?
The FBI also made recommendations for what financial institutions should do:
- Proactively alert customers to this activity and provide steps customers can take to report it.
- Inform customers about whether the bank offers cryptocurrency investment services and how to identify legitimate communications from the institution to customers.
- Inform customers if the financial institution has a mobile application.
- Conduct regular web searches for the bank’s name, logo and other information to identify fraudulent or unauthorized activity.
Banks must do much more than just warn and inform
Some of this is good advice, but it does not underline the importance of the fake crypto activity to the banks.
Do the math here: The FBI identified 244 victims who were defrauded of $42.7 million. That’s an average of $175,000 per victim.
The victims cannot all be low-income consumers with a low level of financial literacy. Instead, they are likely to be the banks’ best customers – those with money to invest.
The FBI’s advice to “inform customers about whether the financial institution offers cryptocurrency investment services” is well-intentioned, but few banks offer these services today — which is why consumers are turning to other sources (like fake banks) to invest in crypto.
Banks should offer crypto investment services – because consumers want crypto from their banks.
The importance of the fraudulent crypto activity – from a banking perspective – is about the financial health and safety of consumers.
Today, “financial health” is synonymous with “financial literacy” and “financial well-being.”
But, as the FBI’s alert shows, financial health is also about financial security. And not just for the financially illiterate, but for consumers who have money to invest.
Banks must redefine financial health to include financial security
Banks’ definition of financial health should be redefined to include financial security, and not just be limited to literacy and well-being.
And financial security is broader than just crypto fraud prevention. It includes other threats such as identity theft and data breaches.
The banks’ typical approaches to preventing fraud and identity theft are not particularly effective:
- Credit monitoring is not a panacea. Many people lock their credit because they have no plans to borrow. For some other consumers, their exposure to data breaches may put them at greater risk of fraudulently opening a checking account, not credit. Credit monitoring won’t help either group—credit monitoring isn’t helpful for checking account fraud or existing account fraud, which make up the lion’s share of all ID theft and fraud.
- Identity theft insurance does not pay out. Regulators have found that ID theft insurance — which often ranges from $1 million to $10 million — rarely pays out. A study by the US General Accounting Office (GAO) revealed, “Some identity theft service providers acknowledged that identity theft insurance is of limited value to a consumer and that it was difficult to imagine covered losses approaching the $1 million mark.”
- Dark web monitoring has limitations. A recent audit of the dark web estimated that there are 15 billion stolen logins from 100,000 breaches available on the dark web. But not all data that is breached finds its way to the dark web (the Anthem breach is a good example). And what you find there on a Monday may not be there on Tuesday.
Capabilities to help consumers manage their financial security threats can give a financial institution a competitive advantage in today’s market.