Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Cybercriminals are going low and scamming high.
Early 2023 reports from government, academia, and industry demonstrate an uptick in investment scams—a big-money tactic that’s difficult for victims to detect, given effective trust-building with targets and convincing designs from the fraudster.
“For an external party looking at one of these sites, there’s no really obvious indicators of why it’s fake. There’s no, like, bank logo,” Robert Duncan, VP of product strategy at cybersecurity company Netcraft, told IT Brew.
Investment fraud led the FBI’s list of “costliest” crimes in 2023, the agency said in their recently released annual Internet Crime Report; the pull from the phony money-making opps surpassed amounts earned from classic fraud schemes like business email compromise and tech-support scams.
Some facts from the FBI report:
- Losses to investment scams rose from $3.31 billion in 2022 to $4.57 billion in 2023.
- The age group of victims most likely to report investment-fraud losses: 30 to 49 years old.
- Investment fraud “with a reference to cryptocurrency” increased by 53%, from $2.57 billion in 2022 to $3.94 billion in 2023. “These scams are designed to entice those targeted with the promise of lucrative returns on their investments,” the report read.
The FBI warned in March 2023 of rising cryptocurrency-themed investment scams, often beginning with social engineering and fictitious identities. “Criminals target victims using dating applications (apps), social media platforms, professional networking sites, or encrypted messaging apps,” the March advisory stated.
The agency’s simple breakdown of the scheme: Approach the victim, build trust, introduce the crypto investment scheme, take the money.
A research paper from the University of Texas at Austin found that crypto scammers transferred at least $75.3 billion into suspicious accounts, between January 2020 and February 2024.
Some fraud-fighting tips from the FBI:
- Don’t take investment advice from (and don’t give personal information to) someone unknown online.
- Confirm the validity of any investment opportunity.
Duncan recommended checking license status of platforms, using the free tool on Investor.gov (and the CFTC database for coin questions).
Netcraft, in a report released on March 13, “blocked almost 13,000 fake investment platform domains across more than 7,000 IPs”—the largest number of addresses since the company began tracking platforms and a 25% growth since December 2023.
One frequent scam tactic, according to Netcraft, involves invitation to group chat of apparent experts and financial analysts who appear to be trading strategies.
“In reality, they are bots simply following scripted conversations, where various fake users ask questions and other fake users praise the analysts for their investment advice,” the company’s report read.
Given the personal connection involved, investment fraud has greater payout potential, compared to a scattershot phishing approach.
“If they do hook a victim, a single victim may invest thousands of dollars in one of these investment scams, whereas they might be expecting from a traditional phishing attack, the actual yield might be pretty low per victim,” Duncan said.