Recommendations
- The NJCCIC recommends users educate themselves and others on this and similar scams to prevent future victimization.
- Avoid clicking links, responding to, or otherwise acting on unsolicited text messages or emails.
- Users can search for and report the bitcoin addresses included in the scam email to the Chainabuse Database.
- Protect your digital assets by refraining from sending funds or installing wallets through unverified websites.
- Refrain from providing sensitive information—including your seed phrase or passphrase—to any entity requesting it, including websites, apps, giveaways, and browser extensions.
- Avoid storing the seed phrase online, entering it into any online applications without due diligence, or losing the recovery seed.
- Use strong, unique passwords and enable MFA for all accounts where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- Only download applications from reputable sources.
- These scams can be reported to the Federal Trade Commission (FTC), the FBI's IC3 and the NJCCIC.
- During the hiring process, consider developing unique methods to verify a contact's identity using separate, unconnected communication platforms.
- Do not store any information regarding cryptocurrency wallets, such as logins, passwords, wallet IDs, seed phrases, and private keys, on Internet-connected devices.
- Avoid taking pre-employment tests or executing code on company owned laptops or devices. If a pre-employment test requires code execution, insist on using a virtual machine on a non-company connected device, or on a device provided by the tester.
- Require multiple factors of authentication and approvals from several different unconnected networks prior to any movement of your company's financial assets. Regularly rotate and perform security checks on devices and networks involved in this authentication and approval process.
- Limit access to sensitive network documentation, business or product development pipelines, and company code repositories.
- Funnel business communications to closed platforms and require authentication — ideally in person — before adding anyone to the internal platform. Regularly reauthenticate employees not seen in person.
- For companies with access to large quantities of cryptocurrency, the FBI recommends blocking devices connected to the company’s network from downloading or executing files except specific whitelisted programs and disabling email attachments by default.
- Disconnect the impacted device or devices from the Internet immediately. Leave impacted devices powered on to avoid the possibility of losing access to recoverable malware artifacts.
- File a detailed complaint through the FBI Internet Crime Complaint Center (IC3) at www.ic3.gov.
- Provide law enforcement as many details as you can regarding the incident, including screenshots of communications with the malicious cyber actors. If possible, take screenshots of (or otherwise save) identifiers, usernames, online accounts, and any other details about the actors involved.
- Discuss options for incident response and forensic examination of impacted devices with law enforcement. In some situations, law enforcement may recommend taking advantage of private incident response companies.
- Share your experience with colleagues, if appropriate, to raise awareness and broaden the public's understanding of the significant malicious cyber threat emanating from North Korea.
- Never click on links or respond directly to unexpected calls, messages, or computer pop-ups. If you think it could be legit, contact the company or agency, but look up their number or website yourself. Don't use the one the caller or message gave you.
- Slow down. Scammers want to rush you, so stop and check it out. Before you do anything else, talk with someone you trust.
- Never withdraw cash in response to an unexpected call or message. Only scammers will tell you to do that.
- Don’t believe anyone who says you need to use a Bitcoin ATM, buy gift cards, or move money to protect it or fix a problem. Real businesses and government agencies will never do that – and anyone who asks is a scammer.
- Additional recommendations to avoid scams can be found at ftc.gov/scams. Report scams to the FTC at ReportFraud.ftc.gov.
