Cyber criminals exploiting interest in cryptocurrencies to scam investors and prey on British pension pots have seen their returns grow by more than half in the last 12 months, cybersecurity company NordVPN can reveal.
Total losses from UK investment fraud involving fake digital currencies, websites, apps or funds were £226,328,759 in the year to May 2022, compared with £142,962,073 for the previous 12 months — a 58.3% increase.
This year, scammers have already made off with £118 million, and currently pocket £36,250 per fraud — about three quarters of a typical pension nest egg. These fake schemes have become more profitable even while the legitimate cryptocurrency market has slumped in the past six months, with the biggest two names, Bitcoin and Ethereum, losing 59% and 75% of their value respectively.
As cryptocurrencies are not regulated by the UK’s Financial Conduct Authority (FCA), criminals are finding it easier to lure Brits to bogus investment and pension schemes with the promise of market-beating returns.
While amounts stolen are rising steeply, 2022 data shows only a small increase in the number of incidents reported, suggesting criminals could be profiling victims to extract more from their scams.
Younger people are the most likely to be targeted by cyber fraud, with those aged 20-39 reporting two in five of incidents and a fifth 18-24-year-olds having personally invested in cryptocurrencies. Often the schemes will be advertised on social media, using fake celebrity endorsements from respected finance experts like Martin Lewis, or stars of the TV investment show Dragons’ Den.
Hackers may also use phishing emails or text messages, either to persuade victims to invest in a non-existent cryptocurrency fund via a bogus website, or to encourage them to click on a link or download an app containing malware. This can then infect their devices and steal data or drain money from online accounts.
Malibot, a new and highly aggressive form of malware, which targets devices running the Android operating system, is being spread using a website and text messages offering fake links to real cryptocurrency apps, TheCryptoApp and Mining X.
Once these links are downloaded, Malibot, created in Russia, can quickly give criminals access to a victim’s phone, enabling them to harvest personal and financial data and send messages to other phones spreading the malware further.
Marijus Briedis, CTO and digital privacy expert at NordVPN, comments: “With inflation skyrocketing and traditional savings rates failing to keep up, bogus crypto investment schemes offering the prospect for high returns are the perfect bait for scammers.
“These frauds are thriving, despite the huge crash in Bitcoin and other currencies, and worryingly the clear rise in the amounts stolen per fraud shows the scammers are getting better at fleecing their victims. With huge amounts of personal and financial information for sale on the Dark Web, it could be that individuals are now being specifically targeted by hackers
“With banking and investing online a part of everyday life it is vital to take steps to keep fraudsters at bay. This includes making use of smart tech like VPNs and virus-checking software, and increasing your digital safety by creating strong passwords and checking the source of any link, site or app before you click.”