IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FBI warns scammers are using cryptocurrency ATMs to siphon cash

Criminals will stay on phone with victims as they make payments, says advisory

Scammers are increasingly using cryptocurrency ATMs and QR codes to siphon payments from victims, according to the FBI. 

The FBI warned scammers have been instructing victims to withdraw money from their fiat accounts and then use the money to buy cryptocurrency from an ATM, in a public service announcement

When the victim uses the machine to buy virtual currency, it asks them to scan a QR code representing a destination address for the funds. The machine offers to print out a paper wallet - a QR code the victim can scan and use to store their withdrawn cryptocurrency.

However, the scammers generate a QR code representing a cryptocurrency address in their own wallet and give this to the victim to scan instead. 

"Often the scammer is in constant online communication with the victim and provides step-by-step instructions until the payment is completed," the announcement said. 

The approach works for any online scam requiring payments between victims and gives the scammer three advantages. 

First, it's relatively frictionless compared with older methods, such as sending money via Western Union or obtaining gift cards. 

Second, scammers can receive the payments anonymously anywhere in the world. 

Related Resource

The state of brand protection 2021

A new front opens up in the war for brand safety

A log-in screen with a red background - whitepaper from MimecastFree download

Finally, the payments are irreversible. "Once a victim makes the payment, the recipient instantly owns the cryptocurrency, and often immediately transfers the funds into an account overseas," said the Bureau. "This differs from traditional bank transfers or wires where a payment transaction can remain pending for one to two days before settlement." 

The FBI said criminals use this approach in scams, including online impersonation, in which they pretend to be an institution demanding payment. They also use it for romance schemes, where they build a personal relationship with the victim and ask them to send money. 

Another common attack is lottery fraud, where victims believe they won a lottery prize and send fraudulent administrative fees to the scammer in a bid to retrieve their fake prize. 

The Federal Trade Commission (FTC) warned earlier this year of an uptick in cryptocurrency fraud, with losses almost tripling in the fourth quarter last year. 

The FBI's 2020 Internet Crime Report tracked $246.2 million in fraudulent virtual currency payments last year. That was an increase of 54.5% from $159.2 million in 2019.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022