Fraudsters Deploy Couriers for In‑Person Cash Pickups in Crypto Investment Scams
What Happened — The FBI disclosed that criminal groups are now using couriers to collect cash from victims of cryptocurrency “pig‑butchering” scams. After victims are convinced to send money to fraudulent accounts, scammers arrange in‑person cash hand‑offs, authenticating couriers with passwords or specific bill serial numbers. The scheme cycles repeatedly, extracting additional funds under the guise of taxes or penalties.
Why It Matters for Compliance & Audit Readiness —
- SOC 2 Security – A.2.1 (Logical and Physical Access Controls) requires documented procedures to prevent unauthorized physical cash collection and to verify identities before asset hand‑off.
- Continuous‑compliance programs must capture evidence of security‑awareness training and policy enforcement to demonstrate due diligence against social‑engineering attacks.
- Verisq’s Security Awareness Training capability provides audit‑ready proof that staff have been educated on recognizing and reporting such scams.
Who Is Affected — Financial‑services firms, cryptocurrency exchanges, fintech SaaS platforms, and any organization that handles client cash or crypto assets.
Recommended Actions —
- Review and tighten physical‑cash handling policies; require multi‑factor verification for any in‑person cash receipt.
- Deploy or refresh security‑awareness training focused on social‑engineering, romance‑baiting, and “pig‑butchering” tactics.
- Document training completion and policy adherence as part of SOC 2 evidence collection. Source: [FBI PSA]
Technical Notes — Attack vector: social engineering → phishing → physical cash pickup; no known software vulnerability. Victims lose cash, not data. Source: [BleepingComputer]