Cyber criminals exploiting interest in cryptocurrencies to scam investors and prey on British pension pots have seen their returns grow by more than half in the last 12 months, cybersecurity company NordVPN has told us.
Total losses from UK investment fraud involving fake digital currencies, websites, apps or funds were £226,328,759 in the year to May 2022, compared with £142,962,073 for the previous 12 months — a 58.3% increase.
How big is the problem?
This year, scammers have already made off with £118 million, and currently pocket £36,250 per fraud — about three quarters of a typical pension nest egg. These fake schemes have become more profitable even while the legitimate cryptocurrency market has slumped in the past six months, with the biggest two names, Bitcoin and Ethereum, losing 59% and 75% of their value respectively.
As cryptocurrencies are not regulated by the UK’s Financial Conduct Authority (FCA), criminals are finding it easier to lure Brits to bogus investment and pension schemes with the promise of market-beating returns.
While amounts stolen are rising steeply, 2022 data shows only a small increase in the number of incidents reported, suggesting criminals could be profiling victims to extract more from their scams.
Younger people more likely to be targeted
Younger people are the most likely to be targeted by cyber fraud, with those aged 20-39 reporting two in five of incidents and a fifth of 18-24-year-olds having personally invested in cryptocurrencies. Often the schemes will be advertised on social media, using fake celebrity endorsements from respected finance experts like Martin Lewis, or stars of the TV investment show Dragons’ Den.
Hackers may also use phishing emails or text messages, either to persuade victims to invest in a non-existent cryptocurrency fund via a bogus website, or to encourage them to click on a link or download an app containing malware. This can then infect their devices and steal data or drain money from online accounts.
Malibot, a new and highly aggressive form of malware, which targets devices running the Android operating system, is being spread using a website and text messages offering fake links to real cryptocurrency apps, TheCryptoApp and Mining X.
Once these links are downloaded, Malibot, created in Russia, can quickly give criminals access to a victim’s phone, enabling them to harvest personal and financial data and send messages to other phones spreading the malware further.
“With inflation skyrocketing and traditional savings rates failing to keep up, bogus crypto investment schemes offering the prospect for high returns are the perfect bait for scammers. These frauds are thriving, despite the huge crash in Bitcoin and other currencies, and worryingly the clear rise in the amounts stolen per fraud shows the scammers are getting better at fleecing their victims. With huge amounts of personal and financial information for sale on the Dark Web, it could be that individuals are now being specifically targeted by hackers.”
Marijus Briedis, CTO and digital privacy expert at NordVPN
With banking and investing online a part of everyday life it is vital to take steps to keep fraudsters at bay. This includes making use of smart tech like VPNs and virus-checking software, and increasing your digital safety by creating strong passwords and checking the source of any link, site or app before you click.
NordVPN recommends the following steps to avoid investment scams:
- Beware dodgy downloads. Don’t click on suspicious download links, even if they appear to be for a real app. Always use official digital marketplaces like Google Play or Apple’s App Store.
- Don’t be rushed. Whatever the promised returns, no genuine investment scheme will put you under pressure to hand your money over immediately.
- Do your homework. Talk through any significant investments with friends or an adviser and do an online search on any potential scheme.
- Celebrity suspicion. Many fraudulent schemes feature well-known figures in their online and social media advertising but be wary of any celebrity endorsements. More than 1,000 fake schemes claiming to have the backing of finance expert Martin Lewis were reported to Action Fraud.
- Use a VPN service. As well as encrypting your traffic so hackers won’t be able to see what you do online, NordVPN will also check files you download for malware and its built-in threat protection software will delete it before it harms your device.