Some channel names on encrypted messaging service Telegram were more subtle than others—“Fraud Market” and “Fraud University” being among the most brazen.
But there is nothing subtle in some of the messaging on these channels, where users blatantly offered to sell driver’s licenses or Social Security cards to help others bypass identity verification on cryptocurrency exchanges.
“I will do everything for you to make money,” one user wrote on a page for the group “FAKE ID SHOP”.
In the last few years, there has been a surge in discussions on encrypted messaging apps about bypassing ID checks, a key step in stealing cryptocurrencies or money laundering via digital assets.
Some scammers post price lists for different services or fraudulent documents, such as scannable passports, Social Security cards, birth certificates or pay stubs. Others even offer to create a digital face rendering that could help an individual bypass more intensive crypto exchange ID checks.
Encrypted messaging apps like Telegram can keep the identity of users protected, making the platform a relative safe zone for discussions about illegal activity. Rarely are channels about fraud removed from the platform, says Brittany Allen, a trust and safety architect at anti-fraud company Sift. Allen has tracked conversations across Telegram channels like “FRAUD WORLD 2021” or “BitcoinBandits” for a year.
“As far as the protections that alternate apps like Telegram and even Signal offer, I think that is too much for [fraudsters] to pass up,” she says, mentioning another encrypted messaging service where users can send one-to-one or group messages.
Advocates of digital currencies tout how cryptocurrencies offer decentralization: They aren’t tied to any government or institution, which is said to increase their stability and transparency. But that very feature has also helped make currencies ripe for misuse.
Bitcoin and other digital currency theft accounted for 80% of almost $2.5 billion in attempted thefts in 2020. Funds that are stolen can be difficult to retrieve, although it is possible.
During the coronavirus pandemic, cryptocurrency exchanges have experienced a significant rise in attempted fraud as prices for Bitcoin and its close cousins soared, according to Sift. The number of fraudulent orders placed on these platforms increased more than 46% in 2020, the company said.
Some fraudsters try to bypass rules, known as “Know Your Customer”, meant to prevent money-laundering and theft. The Financial Industry Regulatory Authority mandates that companies, including crypto exchanges, retain information about their customers and know who can legally act on their behalf.
Exact requirements depend on jurisdiction. But in general, crypto exchanges collect information to verify users like names, dates of birth, and addresses, and in some cases, Social Security numbers, driver’s licenses and passports. During registration, or when moving currency, users may be asked to provide proof of identity.
There’s a host of reasons fraudsters want to bypass ID verification steps. For one, they may have access to stolen bank accounts and want to convert that money into crypto to launder it into a private offline wallet that they control. Additionally, they may have fraudulently gained access to others’ accounts on an exchange and are looking to make a withdrawal.
For help with carrying out their crime, many fraudsters are chattering on Telegram, an app already popular for conversations about crypto. Between June 26 and 27, users of one channel, “Dark Fraud World”, posted more than 5,000 messages, Allen found.
After Fortune requested comment from Telegram about the presence of groups focused on identity fraud and bypassing Know Your Customer protections, a spokesperson said the company reviewed them and then took them down. All the channels Sift had been monitoring appear to have been removed except “F University,” which was still active the afternoon of July 7 and “FRAUD WORLD 2021,” which is no longer available on Android devices, but seems to still be active on others, according to Allen.
Telegram didn’t respond to multiple requests for comment about how the company monitors behavior on its platform and the policies it has in place. It also did not explain why these groups had been allowed on its platform for months.
“It is frustrating to see the activity in the conversations go unabated for so long and at such a high volume,” Allen says. She added, however, that financial institutions or crypto exchanges can learn a lot from observing the strategies discussed on messaging apps so they can better develop protections for their customers.
Previously, fraudsters would have posted their discussions about theft on password-protected parts of the dark web or in private Facebook groups, according to Allen. Increasingly, however, they’re willing to enter public channels on Telegram, which is where she has observed this activity.
Allen says crypto exchanges must walk a thin line between offering an easy user experience and fighting fraud. She suggested that exchanges request additional verification when users attempt to add new payment methods or funding sources in an account.
One crypto exchange, Gemini, says it uses “several methods to verify customer identities and flag potentially fraudulent activity during its account opening process,” and said it works with “industry leaders, regulators and third-parties” to improve its controls and further address issues of identity fraud, according to a spokesperson, who didn’t respond to a request for comment about whether the company monitored Telegram groups.
As fraud becomes more complex and the fraud economy continues to grow, this “is something that businesses need to prioritize,” Allen says.
