The “clone” company has been sending emails and cold calls to investors and using the real company’s reference number under a false name, the regulator said.
A bold new scam syndicate is targeting cryptocurrency investors, mimicking a legitimate company overseen by the UK Financial Conduct Authority (FCA), the regulator said.
The “clone” company has been sending emails and cold calls to investors and posing as Gain Capital UK Limited, attaching the (legitimate) company reference number to a false name, “Blockchain Recovery Association”, says a blog post of the FCA. (To be clear: Gain Capital UK Limited is a real company authorized by the FCA to perform certain services.)
“Fraudsters are using the details of companies that we authorize to try to convince people that they work for a genuine and authorized company,” said the FCA.
“Almost all companies and individuals that carry out financial services activities in the UK need to be authorized or registered by us. [The Blockchain Recovery Association] is not authorized or registered by us, but it does target people in the UK, claiming to be an authorized company. “
The fake company listed its address and phone number as: Cambridge Court 210, Shepherds Bush Rd, Hammersmith, London; +44 555-183-726. CoinDesk contacted this number and received a message “this call cannot be completed as dialed” (555 numbers, traditionally used to assist the list, usually indicate false numbers).
Stealing the identity of legitimate organizations is an old practice and, unfortunately, often effective among scammers. In the United States, for example, mortgage fraudsters have been impersonated by public housing officials since the Great Depression until the 21st century. E-mail phishing scams can be considered a low-effort digital version of the same ruse.
Although the FCA post does not explicitly state the nature of the cloned company’s cheating, the fraud appears to be an attempt to trick cryptographers into exposing their private keys or other personal information.
‘Tis the season
The scam identified by the FCA may be a reminder that as cryptography becomes more institutionalized, scammers will find newer (and bolder) ways to steal what they can from this trillion-dollar asset class.
Traditionally, an easy attack vector for hackers and the like is phishing attacks. With these attacks, malicious agents trick encryption users into entering confidential information, such as a password or private key, on a website or via a message medium to gain access to accounts or currencies.
Alternatively, these actors can use personal contact information, such as e-mail addresses, telephone numbers and home addresses, to extort and threaten victims.
In the past, data leaks from the Ledger hardware wallet and the crypto lender BlockFi, among others, have led to phishing or extortion attempts. As bitcoin (BTC, -0.38%) and other currencies increase in price, scams and fraud are responding to market demand, with fake wallets even reaching popular app stores.
A name like “Blockchain Recovery Association” should sound the alarm anyway, as, as many cryptography users have learned the hard way, once the coins have been stolen, they cannot be recovered.