On July 16, 2020, the Financial Crimes Enforcement Network (FinCEN) issued an alert to financial institutions emphasizing a recent scam exploiting Twitter accounts to fraudulently solicit virtual currency payments.  The cyber threat actors involved in the scam compromised accounts of various public figures, organizations, and financial institutions in an attempt to solicit virtual currency payments by claiming these payments would be doubled and returned to the senders.  FinCEN asked financial institutions not to send money or provide identifying or confidential information if they receive such a solicitation before verifying its authenticity, and reminded virtual currency exchanges and other financial institutions to identify and report suspicious transactions determined to be associated with the scam. Included in those Suspicious Activity Reports (SARs) should be any “relevant technical cyber indicators related to cyber events and associated transactions.”   Examples of possible cyber indicators include chat logs, suspicious IP addresses, suspicious email addresses, suspicious filenames, malware hashes, CVC addresses, command and control (C2) IP addresses, C2 domains, targeted systems, MAC address or port numbers.  This appears to be a reference to the types of “cyber-related information” that FinCEN previously has instructed financial institutions to include in SARs where it is available.

FinCEN included in the alert a list of “red flags” to help financial institutions identify and report suspicious activity potentially related to the scam:

  • Promises of high or guaranteed investment or donation returns for payments made to accounts with which a financial institution had no prior business relationship.
  • Communications, including social media posts, soliciting payments that have misspellings or messages out-of-profile for the counterparty, soliciting payments from individuals or organizations with whom a financial institution had no prior existing business relationship, including celebrities or public figures.
  • Solicitations requesting donations via social media where the solicitor is not affiliated with a reputable organization.
  • Social media posts that solicit donations or advertise give-aways that appear from accounts that are not “verified” through the social media platform account verification processes or that misspell the celebrity or financial institution’s name.
  • Multiple social media accounts communicating the same message soliciting funds for an unknown purpose or to an unknown account.
  • Communications, including social media posts, that provide the same CVC address across multiple celebrity or prominent financial institution social media accounts.

FinCEN directed financial institutions to include the term “FIN-2020-Alert001” in SARs reporting this activity.  Financial institutions may also reference FinCEN’s May 2019 Advisory on Illicit Activity Involving Convertible Virtual Currency for additional red flags of illicit CVC activity, and its Cyber Event FAQs for additional information on reporting cyber events.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Carlton Greene Carlton Greene

Carlton Greene is a partner in Crowell & Moring’s Washington, D.C. office and a member of the firm’s International Trade and White Collar & Regulatory Enforcement groups. He provides strategic advice to clients on U.S. economic sanctions, Bank Secrecy Act and anti-money laundering…

Carlton Greene is a partner in Crowell & Moring’s Washington, D.C. office and a member of the firm’s International Trade and White Collar & Regulatory Enforcement groups. He provides strategic advice to clients on U.S. economic sanctions, Bank Secrecy Act and anti-money laundering (AML) laws and regulations, export controls, and anti-corruption/anti-bribery laws and regulations. Carlton is the former chief counsel at FinCEN (the Financial Crimes Enforcement Network), the U.S. AML regulator responsible for administering the Bank Secrecy Act.

Photo of Caroline Brown Caroline Brown

Caroline E. Brown is a partner in Crowell & Moring’s Washington, D.C. office and a member of the firm’s White Collar & Regulatory Enforcement and International Trade groups and the steering committee of the firm’s National Security Practice. She provides strategic advice to…

Caroline E. Brown is a partner in Crowell & Moring’s Washington, D.C. office and a member of the firm’s White Collar & Regulatory Enforcement and International Trade groups and the steering committee of the firm’s National Security Practice. She provides strategic advice to clients on national security matters, including anti-money laundering (AML) and economic sanctions compliance and enforcement challenges, investigations, and cross border transactions, including review by the Committee on Foreign Investment in the United States (CFIUS) and the Committee on Foreign Investment in the U.S. Telecommunications Services Sector (Team Telecom).

Caroline brings over a decade of experience as a national security attorney at the U.S. Departments of Justice and the Treasury. At the U.S. Department of Justice’s National Security Division, she worked on counterespionage, cybersecurity, and counterterrorism matters and investigations, and gained unique insight into issues surrounding data privacy and cybersecurity. In that role, she also sat on both CFIUS and Team Telecom and made recommendations to DOJ senior leadership regarding whether to mitigate, block, or allow transactions under review by those interagency committees. She also negotiated, drafted, and reviewed mitigation agreements, monitored companies’ compliance with those agreements, and coordinated and supervised investigations of breaches of those agreements.