Besides leveraging various intrusion techniques, cybercriminals use different tactics to receive payments from victims and evade detection. Cryptocurrency criminals are forcing victims to use crypto ATMs and QR codes to complete their payments, the FBI warned in its latest Public Service Announcement (PSA).
The FBI has seen a rise in fraudsters maliciously using cryptocurrency ATMs and QR codes to receive payments from victims in various online scams, including impersonation schemes, romance schemes, and lottery schemes. In these scams, the attacker impersonates a legitimate entity from the government, law enforcement, a legal office, or a company and asks users to transfer the money via physical crypto ATMs and QR codes. The scammer then directs the victim to a physical cryptocurrency ATM to insert their money, purchase cryptocurrency, and use the provided QR code to auto-populate the recipient address.
In some cases, the fraudsters provide a malicious QR code linked to the attacker’s crypto wallet to the victim to use during the transaction. The scammers often maintain the communication online with the victim to provide step-by-step instructions until the payment is completed.
What is a QR Code?
A QR code is a barcode that allows a user to access information instantly by a digital device. QR codes store data as a series of pixels in a square-shaped grid and are primarily used to track details of a particular product in a supply chain.
What is a Crypto ATM?
A cryptocurrency ATM is a connected kiosk that allows users to purchase cryptocurrencies with deposited cash. The crypto ATMs rely on blockchain-based transactions that send cryptocurrencies to the user’s crypto wallets via QR codes.
Why Criminals Use Crypto ATMs and QR Codes
Receiving money illicitly via crypto wallets, transfers, and QR codes helps cybercriminals skip the security scans. Unlike bank transfers, the money sent via QR codes and crypto wallets immediately gets credited to the recipient’s account.
“Cryptocurrency’s decentralized nature creates challenges that make it difficult to recover. Once a victim makes the payment, the recipient instantly owns the cryptocurrency and often immediately transfers the funds into an account overseas. This differs from traditional bank transfers or wires, where a payment transaction can remain pending for one to two days before settlement. It can also make law enforcement’s recovery of the funds difficult and can leave many victims with a financial loss,” the PSA said.
What the FBI Suggests
While several users and businesses have legitimately used QR code payments, threat actors distributed malicious QR codes for cryptocurrency payments. The malware embedded in the QR code could automatically initiate fraudulent payments from the victim’s device by connecting to a malicious network. The FBI suggested specific security tips to prevent such payment threats, including:
- Do not send payment to someone you have only spoken to online, even if you believe you have established a relationship with the individual.
- Do not follow instructions from someone you have never met to scan a QR code and send payment via a physical cryptocurrency ATM.
- Do not respond to a caller who claims to be a representative of a company, where you are an account holder, and who requests personal information or demands cryptocurrency. Contact the number listed on your card or the entity directly for verification.
- Do not respond to a caller from an unknown telephone number who identifies as someone you know and requests cryptocurrency.
- Practice caution when an entity states they can only accept cryptocurrency and identifies as the government, law enforcement, a legal office, or a utility company. These entities will likely not instruct you to wire funds, send checks, send money overseas, or make deposits into unknown individuals’ accounts.
- Avoid cryptocurrency ATMs advertising anonymity and only require a phone number or e-mail. These cryptocurrency ATMs may be non-compliant with US federal regulations and may facilitate money laundering. Instructions to use cryptocurrency ATMs with these specific characteristics are a significant indicator of fraud.
- Suppose you are using a cryptocurrency ATM and the ATM operator calls you to explain that your transactions are consistent with fraud and advises you to stop sending money. In that case, you should stop or cancel the transaction.