The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on the 12th

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on June 12 regarding an increase in identity theft scams, which often use “the names and titles of government employees.”

The CISA alert explained that its employees will never request money transfers, “cash, cryptocurrency, or use gift cards.”

“If you think you are being targeted by a scammer pretending to be a CISA employee, do not pay the caller; Write down the phone number that calls you; Hang up immediately (and) verify the authenticity of the connection by calling CISA.

about: Cryptocurrency Hack Losses Reach $19 Billion, Terraform Labs: Redefining Finance Closed

Crypto scams are increasing

In response to written questions from Cointelegraph, Phil Larratt, director of investigations at Chainalysis, explained that scams “remain a significant threat to the (crypto) ecosystem as a whole.”

Larratt said scams have once again become “one of the main drivers of cryptocurrency-based crime, generating at least $4.6 billion in revenue in 2023.”

“Identity theft scams, in particular, had the fourth worst impact on victims in 2023, based on an average payout amount of $948, as we found in the Chainalogy 2024 report on cryptocurrency crime.”

about: Akira Bitcoin Ransomware Extorted $42 Million From Over 250 Companies: FBI

Prevention versus mitigation

Adhering to CISA’s proposed prevention measures, Larratt said the first line of defense against large-scale fraud comes from prevention efforts that begin with public education:

“This is critical because once a crypto asset is transferred to a third party, there is no longer any control over that asset without the private keys to the third party’s funds.”

about: Ripple invokes SEC filing against Terraform, seeking lighter civil penalty

Phishing craze and crypto leak

Among the fake scams aimed at impersonating a federal employee, Larratt provided additional information on the two most prominent scam tactics, consent phishing and cryptocurrency leak:

“Approval phishing scams have historically targeted large groups of cryptocurrency users through the distribution of fake cryptocurrency apps.”

He said romance scammers, also known as pig slaughter scammers, have adopted this method, resulting in huge losses.

“(Cryptocurrency dryer operators) often promote their fake websites3 in Discord communities and on hacked social media accounts (…) to trick victims into linking their cryptocurrency wallets to the dryer and then use consent phishing techniques to trick victims into accepting the transaction. This gives the operator control of the funds contained in the wallet.

The director of investigations at Chainalysis concluded by explaining that “it is increasingly important for Web3 projects and users” to implement preventative security measures such as “Web3 security extensions” to help combat against these fraudulent tactics.

review: Deepfake AI “gang” drains OKX account worth $11 million, Zipmex attacked by SEC: Asia Express