FBI Issues Warning to Crypto Stakeholders About Potential Cyber Attacks
The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are increasingly targeting crypto exchanges, third-party payment platforms as well as private owners of digital assets.
In a warning first reported by Bleeping Computer, the FBI
says cybercriminals are employing various techniques such as identity theft in
order to gain access to their victim’s crypto.
“According to the FBI, attackers are using several tactics
to steal and launder cryptocurrency, including technical support fraud, SIM
swapping (aka SIM hijacking), and taking control of their targets’
cryptocurrency exchange accounts via identity theft or account takeovers.”
Per the report, the FBI recorded many cases of crypto theft
in the span of a year which involved different degrees of identity theft and
impersonation.
“Between May 2020 and May 2021, the US security service [FBI]
observed and received reports from victims regarding cybercriminals stealing
cryptocurrency after:
– gaining access to victims’ crypto exchange accounts after
bypassing two-factor authentication
– impersonating payment platforms or cryptocurrency exchange
support staff in phone calls initiated by victims of online tech support scams
– SIM swap attacks targeting the customers of multiple phone
carriers”
After SIM swapping, “criminals can log into their victims’
bank or cryptocurrency exchange accounts to steal money and virtual assets, and
lock the victims out of their accounts after changing the passwords,” according
to the report.
The FBI is advising vulnerable entities to take various
cautionary measures including enabling multi-factor authentication (MFA).
“The FBI advises financial organizations that could be
targeted in similar attacks to check for mails coming from spoofed email
addresses and keep track and monitor recently created accounts.
Cryptocurrency owners are also encouraged to enable
multi-factor authentication (MFA) on all their cryptocurrency accounts, deny
requests to download and use remote access applications, and always contact
exchanges and payment companies via official phone numbers and email
addresses.”
Comments
Post a Comment