Here are scams that retail investors need to watch out for:
Social media pump-and-dump schemes
Warnings about social media pump-and-dumps date back almost 10 years, but the new mixture of anti-Wall Street, populist ideology demonstrated in the WallStreetBets rally gives this a dangerous new appeal that criminals can take advantage of.
Scammers often create dedicated channels to stage a pump-and-dump. This could be in Telegram, Reddit, Discord, or other platforms.
While the founder of the channel may claim to be an expert, insider, or some kind of altruistic person with a larger mission in mind, in reality they are just manipulating others to drive up the price on a stock or altcoin they already own, and which they will sell as soon as it hits the right price.
Prominent figures may be used in these schemes, either wittingly or unwittingly. For instance, celebrities are often paid to publicly support new altcoins, and hackers also hijack the accounts of well-known personalities and trusted sources in order to spread false information to either pump or short a security.
Clone company scams
The UK’s National Crime Agency recently warned of a surge in a new type of investment scheme known as the “clone firm” scam.
A clone company scam is when criminals impersonate legitimate investment firms in order to defraud their victims. It’s sort of like identity theft in reverse. By using the stolen identity of a genuine investment firm, the criminals will trick victims into making the investment with them, instead of the real company.
Clone firm scams have been increasing around the world, including cases in the UK, Malta, and Hong Kong. It’s only a matter of time before the trend takes off here as well.
Phony investment apps
You’ve heard of romance scams that steal your money, but now cybercriminals are combining “catfishing” with a more costly type of investment fraud.
Another way scammers will steal money from investors is through an attack known as phone jacking, or SIM swapping.
The way this works is the criminal will trick a phone company into “porting” a person’s phone number to a SIM card that is under their control. S/he is then able to hijack any online accounts that use that phone number as the two-factor authentication (2FA) protection.