The Federal Bureau of Investigation (FBI) has warned the public about a new wave of cybercriminal activity targeting victims of cryptocurrency scams. These fraudsters are posing as lawyers and law firms, offering bogus cryptocurrency recovery services to steal funds and personal information from those already defrauded. This latest cryptocurrency investment scam alert is an update to a previous warning from the FBI's Internet Crime Complaint Center (IC3), which had highlighted a surge in scams involving fake services for recovering digital assets. The updated Public Service Announcement (PSA), titled "Increase in Companies Falsely Claiming an Ability to Recover Funds Lost in Cryptocurrency Investment Scams," was originally published on August 11, 2023. Moreover, in April 2024, the FBI warned of financial risks tied to using unregistered cryptocurrency transfer services, highlighting potential law enforcement actions against these platforms. The announcement focused on crypto transfer services operating without registration as Money Services Businesses (MSBs) and non-compliance with U.S. anti-money laundering laws. These platforms are often targeted by law enforcement, especially when used by criminals to launder illegally obtained funds, such as ransomware payments.

Cryptocurrency Scam: Emerging Criminal Tactic

The FBI's announcement aims to inform the public about a new criminal tactic designed to exploit cryptocurrency scam victims further. Using social media and other messaging platforms, fraudsters posing as lawyers from fictitious law firms are contacting scam victims and offering their services. These "lawyers" claim they have the authority to investigate fund recovery cases and often assert that they are working with, or have received information from, the FBI, Consumer Financial Protection Bureau (CFPB), or other government agencies to validate their legitimacy. In some instances, victims have reached out to these scammers through fake websites that appear legitimate, hoping to recover their lost funds. The scammers use various methods to further the recovery scam, including:

• Verification Requests: They ask victims to verify their identities by providing personal identifying information or banking details.
• Judgment Amount Requests: They request that victims provide a judgment amount they are seeking from the initial fraudster.
• Upfront Fees: They demand a portion of the fees upfront, with the balance due upon recovery of the funds.
• Additional Payments: They direct victims to make payments for back taxes and other fees purportedly necessary to recover their funds.
• Credibility Building: They reference actual financial institutions and money exchanges to build credibility and further their schemes.

Between February 2023 and February 2024, cryptocurrency scam victims who were further exploited by these fictitious law firms reported losses totaling over $9.9 million, according to the FBI Internet Crime Complaint Center (IC3).

Tips to Protect Yourself

The FBI offers several tips to help individuals protect themselves from falling victim to these scams:

• Be Wary of Advertisements: Be cautious of advertisements for cryptocurrency recovery services. Research the advertised company thoroughly and be suspicious if the company uses vague language, has a minimal online presence, and makes unrealistic promises about its ability to recover funds.
• Do Not Release Information: If an unknown individual contacts you claiming to be able to recover stolen cryptocurrency, do not release any financial or personal identifying information, and do not send money.
• No Fees from Law Enforcement: Remember that law enforcement does not charge victims a fee for investigating crimes. If someone claims an affiliation with the FBI, contact your local FBI field office to confirm their legitimacy.

Victim Reporting

The FBI urges victims to file a report with the Internet Crime Complaint Center. When filing a report, try to include the following information:

• Contact Information: Details about how the individual initially contacted you and how they identified themselves, including name, phone number, address, email address, and username.
• Financial Transaction Information: Details such as the date, type of payment, amount, account numbers involved (including cryptocurrency addresses), name and address of the receiving financial institution, and receiving cryptocurrency addresses.

The FBI's announcement highlights the importance of vigilance and caution when dealing with unsolicited offers of assistance, particularly in the highly targeted and vulnerable area of cryptocurrency investments. By staying informed and following the FBI's guidelines, individuals can better protect themselves from becoming victims of these crypto scams.

A new deepfake investment scam has emerged on the internet, misusing prominent Indian figures like Asia's richest person, Mukesh Ambani, and former captain of the Indian national cricket team, Virat Kohli. These deepfake scam videos falsely depict the billionaire and cricket star endorsing betting apps, leading unsuspecting viewers into potential scams. Using advanced deepfake techniques, the video manipulates their appearances and voices to make it seem like they are endorsing the app. This deceptive tactic exploits the trust and influence these figures hold.

The Strange Case of Deepfake Scams

This deepfake investment scam also targets well-known TV journalists, manipulating footage to create a false impression of authenticity. These altered videos imply endorsements from reputable sources, exploiting public trust for illicit gains. In the video, which is widely being circulated online, Ambani is falsely quoted as saying, “Our honest app has already helped thousands of people in India earn money. There is a 95% chance of winning here.” https://www.facebook.com/watch/?v=2401849440205008 Meanwhile, Kohli is shown endorsing the app, stating, "Aviator is an investment game where you can make huge profits. For example, if you have 500 Rupees, that will be enough because when the airplane flies your stake will automatically multiply by the number that the airplane reaches. Your investment can multiply 10 times. I personally recommended this app.” Both individuals seem to be discussing the game and promising high returns, claiming minimal investments can lead to significant profits. Such false promises prey on the aspirations of viewers seeking easy financial gains, ultimately leading to financial losses for many who fall victim to these deepfake investment scams. The Cyber Express has investigated these Aviator game scams and found out most of these apps have been banned on platforms like Google Play Store and Apple App Store due to their deceptive practices. Despite this, scammers continue to circulate these apps through alternate channels, using deepfake investment scams to lend a spirit of legitimacy.

The Aviator Game Scams Leveraging Deepfake Technology 

Similar incidents involving other public figures have also come to light, including cricket legend Sachin Tendulkar. Fake videos were created to deceive the public, and Tendulkar himself spoke out against such misuse of technology. In one deepfake video, Tendulkar is depicted talking about his daughter Sara playing a particular game, falsely quoting him as saying, “I am surprised how easy it is to earn well these days." [caption id="attachment_78100" align="alignnone" width="720"] Sachin Tendulkar Deepfake Scam (Source: X)[/caption] Following this, Sachin Tendulkar himself posted a tweet explaining the deepfake investment scam behind the deepfake videos. Tendulkar tweeted, “These videos are fake. It is disturbing to see rampant misuse of technology. Request everyone to report videos, ads & apps like these in large numbers. Social Media platforms need to be alert and responsive to complaints. Swift action from their end is crucial to stopping the spread of misinformation and deepfakes.” Previously, the Indian media company The Quint decoded another instance of deepfake videos involving Mukesh Ambani's son, Anant Ambani, and Virat Kohli promoting gaming apps in viral clips circulating on social media. Concerns arose about Ambani's video due to discrepancies in lip-sync and mechanical movements, suggesting a potential deepfake. [caption id="attachment_78102" align="alignnone" width="720"] Anant Ambani Deepfake (Source: The Quint)[/caption] Investigation revealed the original context of Ambani's video related to an animal rescue program launch. Similarly, Kohli's video was traced back to a different context involving discussions on religious harmony, debunking claims of both videos promoting gaming applications as false. In all the cases combined, a single app that was heavily promoted by social media pages and deepfake videos was the Aviator game. Aviator, an online casino game developed by Spribe, has become the most controversial game on the internet. The game’s unique, “easy to make money” has been tried and tested to be too good to be true. Inside the game, players engage by flying planes to earn money, influencing outcomes through their actions—a unique feature in online gaming. The game includes bonus rounds and mini-games, accessible on desktop, mobile, and tablet platforms to reach a broad audience. However, despite its popularity, the Aviator game has garnered notoriety for its misleading promises and unfair practices. Users have reported massive financial losses after investing in what turned out to be a fraudulent scheme. Reviews and user experiences highlight consistent patterns of manipulation and rigged outcomes designed to benefit the operators at the expense of trusting players. To top it all off, these fake deepfake videos of celebrities endorsing the app adds more questions about the authenticity of the app and the intent behind this aggressive marketing strategy.  The proliferation of deepfake videos exploiting the reputations of public figures like Mukesh Ambani and Virat Kohli highlights the urgent need for stringent measures against digital deception. As consumers, vigilance and skepticism are essential in understanding an increasingly complex technological era with potential scams and misinformation.

A 22-year-old British national, allegedly the leader of an organized cybercrime group that targeted nearly four dozen U.S. companies, was arrested in Palma de Mallorca at the behest of the FBI, said the Spanish National Police. The young man allegedly orchestrated attacks on 45 companies in the United States through phishing campaigns, and subsequently gained unauthorized access to sensitive company information and cryptocurrency wallets.

Cyber Scammer Used Familiar Playbook

The modus operandi of the cybercriminal was simple: use phishing techniques to obtain access credentials from individuals,; use these credentials to infiltrate corporate work systems; exfiltrate sensitive company data that was likely monetized and put up for sale on dark web forums; and also access victims' cryptocurrency wallets to siphon them off. This modus operandi allowed the scammer to amass a significant amount of bitcoins. The Spanish police said the young cyber scammer managed to gain control over 391 bitcoins - approximately valued at over $27 million - from his victims. The arrest occurred at Palma airport as the suspect was preparing to leave Spain on a charter flight to Naples. The operation was conducted by agents of the Spanish National Police in collaboration with the FBI. The investigation, led by the Central Cybercrime Unit and supported by the Balearic Superior Headquarters, began in late May when the FBI’s Los Angeles office requested information about the suspect that they believed was in Spain. The FBI reported that an International Arrest Warrant had been issued by a Federal Court of the Central District of California, prompting intensified efforts to locate the suspect.

Laptop, Phone Seized

The suspect was carrying a laptop and a mobile phone at the time of his arrest, which were seized. The judicial authority subsequently ordered the suspect to be placed in provisional prison. The FBI did not immediately provide a response on whether the young British man would be extradited to the U.S. to be tried, nor did they release details on an indictment, but many similar cases in the recent past show the possibility of that happening soon.

Linked to Scattered Spider?

The cybercrime-focused vx-underground X account (formerly known as Twitter) said the U.K. man arrested was a SIM-swapper who operated under the alias “Tyler.” Fraudster's transfer the target’s phone number in a sim swapping attack to a device they control and intercept any text messages or phone calls to the victim. This includes one-time passcodes for authentication or password reset links sent over an SMS. “He is a known SIM-swapper and is allegedly involved with the infamous Scattered Spider group,” vx-underground tweeted. The details, however, could not be confirmed but independent journalist Brian Krebs said the accused is a 22-year-old from Dundee, Scotland named Tyler Buchanan, also allegedly known as “tylerb” on Telegram chat channels centered around SIM-swapping.

“Most notably he is believed to be a key component of the MGM ransomware attack, and is believed to be associated with several other high profile ransomware attacks performed by Scattered Spider.” - vx-underground

The initial access vector in the attack on MGM included targeting of a help desk executive with social engineering tactics. Mandiant in its latest report found Scattered Spider aka UNC3944 using the same modus operandi, and although no victim names were stated, it now suggests the possible linkage between them. *Update (June 17 5:45 AM EST): Added details on the 22-year old young cyber scammer's identity and possible links to Scattered Spider group.

The U.S. Attorney today announced charges against three UK nationals for their involvement in the “Evolved Apes” NFT fraud scheme. The United States Attorney for the Southern District of New York Damian Williams and James Smith, the Assistant Director of the New York Field Office of the FBI, announced the unsealing of an indictment charging three UK nationals: Mohamed-Amin Atcha, Mohamed Rilazh Waleedh, and Daood Hassan, with conspiracy to commit wire fraud and money laundering.

“Evolved Apes” Rug Pull Scam

The charges are in connection to their scheme of defrauding victims through the sale of non-fungible tokens (NFTs) from the “Evolved Apes” collection. According to the indictment, Atcha, Waleedh, and Hassan orchestrated a “rug pull” scam in the fall of 2021. In crypto vocabulary a rug pull is a type of exit scam in which developers first raise money from investors through the sale of tokens or NFTs and then abruptly shut down the project vanishing away with the raised funds. Evolved Apes was a collection of 10,000 unique NFTs. They advertised the NFT project in a way where the funds raised would be used to develop a related video game that would in turn increase the NFTs' value. The promised video game never materialized as the anonymous developer "Evil Ape" vanished a week after its launch, siphoning 798 ether [approximately $3 million at today's market price and $2.7 million at the time] from the project's funds. The trio then laundered the misappropriated funds through multiple cryptocurrency transactions to their personal accounts, the indictment said.

“As alleged, the defendants ran a scam to drive up the price of digital artwork through false promises about developing a video game. They allegedly took investor funds, never developed the game, and pocketed the proceeds. Digital art may be new, but old rules still apply: making false promises for money is illegal.” - Williams

Williams said thousands of people were tricked into believing in their false promises and thus bought these NFTs. But "NFT fraud is no game, and those responsible will be held accountable,” he stated. FBI Assistant Director James Smith called out the trio for "ghosting customers" and perpetrating the NFT scam "out of a selfish desire for a quick profit.”

"[This] not only reflects poor business integrity, it also violates the implicit trust buyers place in sellers when purchasing a product, no matter if that product is in a store or stored on a blockchain." - Smith

Atcha, Waleedh, and Hassan, all aged 23, are charged conspiracy to commit wire fraud and money laundering, both of which carries a maximum sentence of 20 years in prison. The actual sentences will be determined by a judge based on the U.S. Sentencing Guidelines and other statutory factors.

Rug Pulls and their Murky History

Rug pulls and cryptocurrency scams have reportedly cost people $27 billion till date. Total number of such incidents stands at 861 with the largest rug pull so far being that of OneCoin which was costed $4 billion in stolen funds. OneCoin, at its peak, was thought to have more than 3 million active members from across the globe. To date it is believed to be the most “successful” crypto scam as search continues for its perpetrator the “Cryptoqueen” Ruja Ignatova. She was added to the FBI’s ‘Ten Most Wanted Fugitive List’ in July 2022 - where she remains today.

The Missing Cryptoqueen was reported dead in unconfirmed reports but an investigation from the BBC team, whose results were published last week, said the investigating team received details on Ignatova’s various sightings and whereabout tip-offs even after her alleged murder took place. She allegedly has links with the Bulgarian underworld, whom she also entrusts with keeping her physically safe.