Analysis Summary

The FBI warned job seekers nationwide today about scammers who pose as recruiters for reputable organizations and use fake remote work ads to steal cryptocurrency. These work-from-home scams are made to entice victims by offering simple tasks like service optimization or internet business rating.

Scammers may approach victims by phone or message, posing as reputable companies like staffing or recruiting agencies. The bogus job is designed by scammers with an unclear reward system that demands victims to spend Bitcoin to unlock work or earn more money; the money paid goes straight to the fraudster. The scammers will also request that victims utilize a fake webpage that displays their earnings, even though they are unable to cash out any money, in an attempt to strengthen the credibility of their fraudulent schemes.

According to the FBI, job descriptions that involve simple tasks, the requirement to make cryptocurrency payments to the employer as part of a work task, and the lack of a request for references from prior employers during the hiring process are red flags that should alert those targeted by these scams that fraudsters are after their money. The FBI offers jobless Americans seeking employment the following advice to protect themselves from such scam attempts:

• Avoid opening attachments, downloading data, or clicking links in unsolicited job offer messages. Be wary of these messages.
• Never transfer money to a supposed employer.
• Services that promise to be able to recover any lost Bitcoin funds should not be paid for.
• Sending money or personally identifying information to someone who makes an unsolicited job offer is not appropriate.

The FBI requested that victims report any fraudulent or suspicious activity they may have been the target of to the FBI Internet Crime Complaint Center (IC3). They also requested that victims provide transaction details related to the scam, such as cryptocurrency addresses, the quantity and kind of cryptocurrency, the date and time of the transaction, and the transaction ID (hash). This P.S.A. from August 2023 offers more reporting instructions to anybody who might have been duped using cryptocurrencies.

The FBI has also cautioned users that using unlicensed Bitcoin transfer services may result in financial loss should these platforms be taken down by law enforcement since the beginning of the year. Additionally, the FBI's IC3 published its 2023 Internet Crime Report, which showed a 22% rise in reported losses over 2022—a record $12.5 billion lost to online crime in a single year.

Impact

• Cryptocurrency Theft
• Financial Loss

Remediation

• Ensure all operating systems and software are up to date with the latest security patches.
• Employ reliable antivirus and antimalware software to detect and block known threats.
• Regularly update these tools to maintain the latest threat intelligence.
• Implement IDPS to detect and prevent unusual network activity, system behavior, or similar threats.
• Enabling two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
• Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
• Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
• Use email filtering solutions to block malicious attachments and links that may deliver malware to users via phishing emails.
• Segment your network to limit lateral movement for attackers.
• Employ application whitelisting to only allow approved software to run on systems, reducing the risk of unauthorized applications being executed.
• Implement robust monitoring solutions to detect any unusual or suspicious activities, such as unauthorized access attempts or data exfiltration. Establish an effective incident response plan to quickly respond to and mitigate any potential breaches.
• Make sure all of your software, including your operating system and applications, is up-to-date with the latest security patches. This can help prevent vulnerabilities that could be exploited by info-stealers and other types of malware.