Published: April 28, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
For many of us, understanding what cryptocurrency is, can be difficult to wrap your head around. But when the FBI announces cryptocurrency scams are on the rise, it’s helpful to know what the mystery is about. In particular, the FBI says BEC (business email compromise) scams or “spoof emails” are spiking, and massive amounts of funds, often converted to cryptocurrency, are at risk. The 2020 Internet Crime Report finds last year alone saw over $1.8 billion in losses to BEC crimes. The report also observed an increase in the money stolen in BEC scams being converted to cryptocurrency and deposited directly into the scammer’s crypto account.
What is Cryptocurrency?
Most simply, cryptocurrency is a virtual currency as opposed to the tangible, paper currency that we use every day. Cryptocurrency is digital money and exists solely on the internet… It’s not secured or backed or even managed by an authorized third party like a bank or government. It’s a currency community that “polices” itself and if you lose your cryptocurrency password, you lose all that’s in it and there is no getting it back. Knowing this, it’s easy to see why cybercriminals prefer cryptocurrency as their method of financial exchange, especially for money they’ve stolen. Cryptocurrency allows anonymity through encrypted exchanges that traditional currency can’t offer and authorities can’t trace.
What are BEC Scams?
BEC’s are sophisticated email scams that target businesses and the individual employees tasked with making fund transfers as part of their job. Legitimate business email accounts are compromised or “spoofed” using social engineering tactics. Information gleaned from the dark web, social media, LinkedIn, and other platforms provide the fuel for socially engineered BEC’s. It can help determine who to target, and the stolen details add legitimacy to the BEC, helping the fraudster manipulate an individual into making a wire transfer. BEC requests for payment are always “urgent,” putting pressure on the recipient to act quickly. The sender can pose as a high-level staffer, a trusted vendor, or other provider. A scammer changes payment account details in the email, and unknown to the employee, ensures the transfer goes directly into their personal account.
Preventing Cryptocurrency BEC Scams at Home or Work
Overall, the sure sign of a scam is anyone demanding cryptocurrency as payment
Emails requesting your PII (personally identifiable information) can appear legitimate, so don’t give up your login information or other PII in an email
Monitor your financial accounts regularly for odd transactions, especially for missing deposits
Make sure the email sender is absolutely who they claim to be and don’t use information provided in the email to verify
Requests for changes in account information should use 2FA (two-factor authentication) or MFA (multi-factor authentication) for verification
Verify requests for wire transfers with at least one other employee and directly with the person claiming to make the request
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org