Transcript
CFPB FinEx Webinar:  Spotting and Avoiding Financial Fraud
April 13, 2023
Presenters:  Dan Rutherford, Associate Director, U.S. Commodities Futures Tradition Commission (CFTC); M. Owen Donley III, Chief Counsel, Office of Investor Education and Advocacy, U.S. Securities and Exchange Commission (SEC); and Brian Martin, U.S. Consumer Financial Protection Bureau (CFPB)
Facilitator:  Heather Brown, Ed.D., CFPB Office of Consumer Education, FinEx Program Lead
 
>>Ms. Tracey Wade:  Good afternoon.  I'm Tracey Wade from the Bureau's Events Management Team.  I'll go over some quick logistics before we begin.  For Webex-generated close captioning, click the CC button at the lower left corner of the Webex window.  Please be aware that this webinar is being recorded and will capture webcam images and the voices of all speakers.  The recording will be shared in a way that the Bureau deems appropriate.  Your attendance here is construed as your consent to these terms.  If you are having any issues with your audio, click on the Audio button located at the bottom of the Webex window.  There you will receive guidance on switching your audio to your telephone.  To participate in Q&A, you can type your question into the chat box in the two fields, select All Panelists, type in your question, and click Send.  For technical support during this webinar, send a message in the chat box to the host, and I'll provide assistance.
 
And now we'll turn the webinar over to Heather Brown from the Bureau's Division of Consumer Education.
 
>>Dr. Heather Brown:  Thank you so much, Tracey, and thank you to Isabel and all the Events Team for all your help getting this webinar and all webinars going.  Welcome, everybody.  We're happy for you to attend our webinar today on "Spotting and Avoiding Financial Fraud."  My name is Heather Brown, and I'm the program lead for the CFPB FinEx program, and I'll be your facilitator for today's webinar.
 
CFPB FinEx is a place where financial educators, practitioners, counselors, researchers, and other advocates for financial education to adults can learn from one another, advance their work, and receive updates on what the CFPB is doing to help others.  A copy of the slide deck is going to be sent to everyone who registered for the program following the webinar.  So if you gave us your email, then feel free to—you don't have to take a lot of notes because we will get you a copy of the slide deck.  For those of you that maybe didn't put—somehow got on board or watching with someone else or didn't register with your email, if you would like to receive a copy of the slide deck, you can just simply email CFPB_FinEx@cfpb.gov, and I will send a copy to you.  But everybody that registered with their email will get a copy.
 
So as time allows, we'll answer questions at the end of the webinar, and so put your questions in the chat, and we will get to as many as possible at the conclusion of the webinar.  I would like to now take a moment and read disclaimers for the agency.  This presentation is being made by a Consumer Financial Protection Bureau representative on behalf of the Bureau.  It does not constitute legal interpretation, guidance, or advice of the Consumer Financial Protection Bureau.  Any opinions or views stated by myself or the other presenters are our own and do not represent the Bureau's views.  And also, we just have a little message that lets people know if you hand this slide deck off or share yours, which we welcome you to do, that people that read it may not get the full breadth of what we discussed just from reading the slides.  Finally, the inclusion of links or references to third-party sites does not necessarily reflect the Bureau's endorsement of the third party, the views expressed on the third-party site, or products or services offered on the third-party site.  The Bureau has not vetted these third parties, their content or any products or services they may offer.  There may be other possible entities or resources that are not listed that may also serve your needs.
 
I'd also like you to be aware of CFPB's mission.  We are a 21st century agency that implements and enforces federal consumer financial law and ensures that markets for consumer financial products are fair, transparent, and competitive.  We're here to protect consumers' financial rights and to—as part of that, the CFPB FinEx program tries to work with practitioners to provide the materials, information, and engagement with others that's needed for them to leverage our resources as part of their role in helping to serve their clients when teaching them or coaching them or counseling them on financial issues.
 
So now I'd like to take a minute and introduce our presenters for today.  First, I'd like to introduce Dan Rutherford.  Dan is an associate director for the Commodities Future Trading Commission.  He's also part of the outreach program there.  He designs and administers education initiatives to help market consumers protect themselves from fraud or other violations of the Commodity Exchange Act, which governs what they do.  Prior to joining the CFTC in 2016, Mr. Rutherford developed educational materials and a financial education program for the CFPB and FINRA and served as an online editor for a national personal finance magazine.
 
Our next speaker will be Owen Donley.  Mr. Donley serves as Chief Counsel of the United States Securities and Exchange Commission in the Office of Investor Education and Advocacy, where he manages a team of subject-matter experts in providing public-facing educational content for retail investors on a broad variety of issues arising under federal security laws.  He's especially focused on investor engagement through the lens of financial technology and media, particularly where digital and social communication intersect with retail investing.  He has managed national advertising campaigns focused on investor education, including the SEC's Howey Coin's crypto-asset campaign, and speaks regularly on issues related to social media and investor protection, fraud, and the interest of retail investors.  He's been cited in numerous publications and media, including the Financial Times, New York Times, Washington Post, CNN  Money, Market Watch, and, many others.
 
And finally, we have our own Brian Martin, who serves as a senior litigation counsel in the Consumer Financial Protection Bureau's Office of Enforcement in Washington, D.C.  Brian is on assignment to CFPB's Office of Markets, and he's focusing on distributed technology and crypto assets.  Since joining the Office of Enforcement in 2016, Brian has successfully led investigations and enforcement actions to address consumer harms such as student loan debt relief scams, international remittance providers who fail to provide required funds, mortgage lenders who engage in deceptive advertising, and debt collectors who employ unlawful and deceptive tactics to collect from consumers.  Brian began his legal career in Vermont as an assistant general counsel and special assistant attorney general at the Department of Financial Regulation, and he also has served—he was the first-ever associate general counsel to the Green Mountain Care Board, Vermont's health care cost and quality regulator.  He graduated from Dartmouth College and Vermont Law School.
 
So I welcome our three distinguished speakers.  I'm so grateful for them coming and sharing the information they have with you all, and with that, I'm going to go through a couple of intro slides for the FinEx, and then we'll let them get started.  If you'd like to join the CFPB FinEx network and if you're not sure if you're a member, basically, if you did not get a direct email to your box inviting you to this webinar, then that means that you probably are not on our list, and so this page, the bottom link shows you.  You can just go to that page and enter your email address, and you can join.  We have over 60,000 financial practitioners.  We share updates through emails, about two to three a month, research tools, webinars, and other events happening, both for specifically practitioners but sometimes other events that you might be interested in as well.  And you can also reach out to our program if you need to get presenters for your organization, and we have a LinkedIn discussion group, which you can join without joining our subscriber list if you choose, or you can do both.  And the link is there, and you'll get that on your slides when you receive them.  And finally, the last bullet shows you where the link you can click to look at all of the publications we offer.  You can order bulk publications on financial literacy topics.  There are hundreds of different topics, and you can get those free of charge mailed to your work or home.  You can also download them as a PDF if you need something quickly. 
 
This is the page you'll land on that I had given you earlier to join the CFPB FinEx program, and you just drop your email into the box on the right here.  And with that, you'll have joined our subscriber list.  If you have a client that needs to submit a complaint, you can go to our webpage, and at any page in the top right corner, you can click a link that says "Submit a Complaint," and you will be taken to this page.  You can call in and submit the complaint with your client.  Your client can do it on their own.  If they feel nervous about it, you can help them do it online.  It only takes about a few minutes, depending on the level of detail that they need to provide, and we have 180 languages available for that.  So that's another way that we also—to protect consumer financial rights.
 
Okay.  With that, I'm going to turn this over to our next speaker today, who is Dan Rutherford, who was previously introduced.  And, Dan, you should have the control now.

>>Mr. Dan Rutherford:  Okay.  Thank you very much, Heather, and thank you to the CFPB for inviting us here today, and thank you to all of you for joining.  We're going to jump right in, and like Heather, I have my own sort of disclaimer to provide here.  Let's see.
 
So this is a presentation.  It's being provided for general informational and educational purposes and does not provide legal or investment advice, guidance, or interpretation to any individual or entity.  Views presented herein are the speaker's own and do not necessarily reflect the views of the Commodity Futures Training Commission or the Commissioners.  References to any product, services, or resources, or the use of any entity, organization, trade, firm, or corporation name do not constitute or imply endorsement, recommendation, or favoring by the CFTC or the United States Government.  The CFTC does not guarantee the accuracy or completeness of any information contained in third-party resources or websites referenced herein.
 
That was fun, and I'm sure we'll all have a comparative analysis of our various disclaimers after the webinar, so let's jump right into it.
 
So the first thing that I'd like to touch on is talk a little bit about the CFTC's authority when it comes to crypto assets.  The first thing to really keep in mind is that when we talk about commodities, we really talk about two different markets.  One is the derivatives market, which is a financial market, and one is the spot market or the what's known as the "physical market."  The difference between the two is when you're trading on the derivatives market, you're trading financial products.  You're trading standardized contracts that are very easily traded.  When you buy and sell on the spot market, you're buying something for typically cash for immediate delivery or getting it on the spot, as it were.  And so the thing to keep in mind is when we talk about commodities and the relationship to derivatives is that each of those derivative contracts draws its value from the underlying commodity.
 
So the two markets are linked, but really they're two separate markets.  And when Congress created the CFTC in 1974, they gave us full regulatory authority over the derivatives market.  So we can write rules.  We could supervise trading and examine intermediaries and participants in the market, and we can bring civil enforcement actions when we find wrongdoing.  But our authority is limited on the spot market, mainly to the degree that we have a limited enforcement authority, only when there are cases involving fraud or manipulation.  So when we talk about things like trading platforms, online trading platforms that trade crypto, for example, we don't have the opportunity to look in and examine the trading book or the trading activity on that platform or examine those books and records.  But we do have that authority in the derivative space. 
 
So for an example or so you can kind of get it, sort of distinguish the two markets, again, if you're buying Bitcoin or Ether or something on the cash market from an online trading platform, you're typically dealing on the cash market.  If you're buying a Bitcoin future or an Ether future, you're doing so on a regulated—CFTC-regulated exchange, and those products are fully regulated.
 
So why crypto assets popular with fraudsters?  Very easy.  They're easily transferrable.  So it's just like sending an email.  You can send cash virtually to anybody in the world.  It obscures real-world identities, and this really makes it attractive for fraudsters for obvious reasons.  I could create a fake profile on Facebook, lure people into my scam, have them send me money, and no one really knows my true identity.  All transactions are final.  Once a transaction is made on the blockchain and basically verified or confirmed by the addition of additional blocks, you can't go back and change those transactions.  And so if I'm a scammer and I want to be sure that an intermediary like a Visa, MasterCard, or something along those lines can't call that money back, I'm going to be more drawn to crypto than anything else.  And there really are no customer protections, especially when you're dealing with self-custody or when you're dealing with your own sort of non-custodial digital wallet.  There's nothing there that really protects you.  If you make a mistake, if you lose your private key, you lose your seed phrase or someone steals it, once your money's gone, it's gone.  And there's limited regulation, and we'll talk a little bit about that in a bit.  But as I mentioned on the spot market, there's not a lot of oversight there, and these platforms and some of the players are required to register with the Financial Crimes Enforcement Network, or FinCEN, and follow Know Your Customer regulations. But if they're operating offshore or if it's a decentralized exchange or something along those lines, they really don't play by the rules.  And so these are all things to keep in mind in terms of why fraud is so prevalent in this space.
 
The real connection and probably the most significant one is that most crypto frauds originate on social media.  The data here is from the FTC's Consumer Sentinel  Database, and it shows basically the number of reports connected to social media and the amount of losses.  And keep in mind that these numbers are probably low because most frauds don't get reported.  The best we can do is use this as an indicator of the growth or expansion of these frauds, but do keep in mind that the actual losses and the actual number of frauds are probably much, much higher.
 
The common frauds that we tend to see at the CFTC involve romance or friendship scams.  You may also have heard the phrase "pig butchering scams."  And these are very similar to prior or traditional, if you will, romance scams, but they tend to be skewing younger in terms of the victim's age.  Whereas we used to see romance scams targeting primarily older Americans, more recently, these newer versions or these online versions tend to be targeting young professionals, graduate students, students.   And the reason is because of the interests in crypto.  There's generally more interest in younger generations than there are in older generations.
 
We also see a lot of fraudulent trading platforms, and these are platforms that generally operate offshore or outside the United States or they just pop up and disappear just as quickly.  As they come up, they go down.  So they're really kind of hard to identify.  But they have a lot of telltale signs, and I'll cover that in a minute.  But that's another big area in terms of fraud, and a lot of times, they're connected back to the romance scams that we see.
 
DeFi projects or DeFi—decentralized finance, generally has seen a lot of hacks and a lot of fraud connected with some of those projects as well. 
 
Pump-and-dumps very similar to what, we used to see with penny stocks and that sort of thing.  Now we see people organizing on messaging programs or messaging apps and organizing pumps of newly created or lightly traded crypto assets, and just like the traditional pump-and-dumps, those people who tend to come late to the game or get out late tend to be the ones who get burned, investing high and then getting stuck with a worthless token at the end of the game.
 
And then lastly are giveaway scams, and you've probably seen or heard about these quite a bit recently, but basically, someone fakes being a rich celebrity or multi-billionaire or what have you, and they're giving away tokens for some reason, and generally these are connected with some form of urgent urgency or some sort of demand that requires people to act now, which sort of gets them off their rational thinking and makes them—it tends to be more emotionally based and that sort of thing.  So those are the common ones that we see.
 
And let's kind of jump in and drill in a little bit more into romance scams.  So here what we're talking about—and again, these target basically all genders and all sexual orientations.  It's not really limited to one specific group.  As I mentioned, the ages tend to skew a little younger due to the interest in crypto, and they're typically introduced via social media and dating apps.  We started seeing this last year, and it was really initiating on dating apps.  And then it sort of transitioned to Instagram and Facebook.  It then transitioned to LinkedIn where the scammers were able to identify victims, where they went to college or the type of career that they had, and they were able to target their victims using that information to identify who might have more money to invest and that sort of thing.
 
And more recently what we tend to see—and you may have seen some of these on your own phone—are these random text messages that you might get.  In fact, I got one over lunch just this afternoon that said, "Hey, are you coming to the party tomorrow?"  Just a random wrong number.  And what they'll do is they put out these questions as sort of a lure to get people to respond, and once you respond, they start to engage you in conversation and strike up a relationship.  And what you see these criminals do, some of them, especially when they were working on dating apps and on social media, is they'll create these extensive profiles.  So they really look real, right?  That's their goal, and they typically pose as wealthy business owners or executives or people who travel frequently, and they're always in—they're never home.  And so they can never get together in person, but they'll text you multiple times a day.  And these relationships can go on for weeks or months, but again, they never meet in person.  And they're always talking about how well they've done in the market.  Even though the markets have really been down quite a bit over the last year and a half or so, they always tend to be making money.  And of course, the reason for it is they know someone or they have an uncle who's advising them or they've used the special platform that no one else knows about, and that's the trap. 
 
And typically, the way these relationships work—and you think about someone who might be getting involved in a relationship or wanting to be.  They're hopeful.  They want to be friendly with this person and get them to like them, right?  And so they're typically—they tend to be agreeable and let their defenses down, and that's really sort of how these frauds get going.
 
Again, I talked a little bit about once the introduction is made, this grooming can go on for several weeks or months.  They really start to talk about "our future together," like "what it will be like when we're married" or "getting involved with this investment will help us get married sooner" or "help you take care of that debt" and "help us build our lives together" and that sort of language.  And so they're really trying to show that you're in this together, if you will.
 
The victims are regularly encouraged to start small.  So just put a couple hundred dollars in at first.  If you don't believe me, just try a couple hundred dollars.  And then, of course, on the back end, the trading platform is being manipulated by the fraudsters, and they are shown a huge return and then allowed, told, "Well, take a little bit of money out and go spend it on yourself.  You deserve it."  But then it really starts to pour on and people are encouraged to cash out their retirement savings, turn to friends and family and borrow money, take out a mortgage on their house, and literally people are losing hundreds of thousands to millions of dollars on these scams at a whack.  They're really horrible, horrible things that people are getting involved in, and something you need to be sort of on the lookout for.  If someone approaches you and says that they're curious about crypto, that they've met someone online who's encouraging them to trade, that should raise an immediate red flag for you that maybe you should be digging in and trying to find out more about this relationship and what's interesting them in getting involved in crypto and maybe talking about or sharing some of the information that's available on our website.
 
If you suspect fraud and you think you might be involved in one of these scams, the first thing to remember is don't spend any more money.  Typically, the way these evolve is once the victim starts to become suspicious or wants to try to withdraw at least some of their profits or maybe a little of their principal, they're told they can't.  You have to pay a tax, they're told, or an income tax or an import tax or what have you.  It's all made up.  Once you pay that, then you're hit with another fee and another fee and another fee, until you finally realize, okay, I'm being duped, and all they're doing is taking more and more of my money.  So again, if you think you're being—if you suspect you're involved in one of these frauds, just stop paying any money because they're just trying to draw more money out of you.
 
End the communication, especially with the person that's involved with the relationship with you, the scammer who got you into this mess.  A lot of times, victims have reported extortion, threats, and intimidation that, again, sort of prompts them or encourages them to give over more money.  And so, really, the best thing to do is not believe them.  Just end the communication and save yourself a lot of that suffering. 
 
And next, report it, report it, report it.  First, ic3.gov, that's the FBI's Internet Crime website that you can report it to.  You can report it to CFTC.gov/Complaint.  You can report it to the FTC, SEC, CFPB, whoever.  Really, when it comes to reporting fraud, I like to say flood the zone.   Report it to your state regulator, your attorney general, local law enforcement.  The more that you report it, the more the public could be informed about these things and made aware of it.   Truthfully, it's very difficult to recover funds lost from fraud, and so really the best defense is public awareness.
 
Signs of a fraudulent site.  I mentioned a lot of these sites operate offshore.  If it's a centralized trading platform—and what I mean by that, if it's a company, they should have a headquarters somewhere, right?  But typically, these websites will show no physical address, and that should be a major warning sign.  If they're not telling you where they're based, then they don't want you to know where they are essentially.  And truthfully, people should only be trading on sites that are headquartered in the U.S. to make sure that you have at least the fullest protection under the law.  If they're operating offshore or outside the United States, chances are it would be much more difficult to make sure that they're abiding by our laws or prosecute them if they violate our laws.  If it's an offshore address, same thing, that should be a red flag.  Fake addresses are also very common.  Do a street-view map search, and if an address is provided, take a look.  Do a virtual visit and see if it actually looks like a real place of business.  You'd be surprised how many of them are vacant lots and ramshackle houses somewhere.  Another warning sign is no landline, no 800 customer service number.  Instead they use WhatsApp or other phone apps and live chat, email, or contact-us forms.  But the thing to remember is those app phone numbers could be easily changed and easily faked.  The live chats, the email, and web forms, once the fraud is discovered, they'll take the site down, and if they take the site down, then any way of communicating it with them is gone.  So those should be major red flags.
 
Check the domain registration.  If the website's age doesn't match its claims, then you know somebody's lying.  Typically, you'll see sites that claim to have been in business for five years or ten years, but when you check the domain, it's only two weeks old.  A lot of times, you'll see sites that claim to have billions of dollars trading daily or thousands of customers around the world.  But again, if it's only a few weeks old, it would be very difficult to grow that size business in that amount of time.  So it really pays to do that next level of check and check that domain registration date. 
 
They've won tons of awards.  This is very common.  You'll see trophies that say things like Best Website or Customer Service or Secure, and they're just very generic-sounding trophies or awards that are stuck on their site.  That's just to build credibility, and if you look closely at them, you can easily tell that they're faked.  And if you don't know who gave it or what it's for, don't trust it.  Same with on-site testimonials.  Again, if you really want to get a sense for how well a site performs, do a search.  Search for the site's domain name plus the word "scam" or "fraud" or "reviews," and see if other people have reviewed that site on a third-party site.  And also, look for scam detection websites to see if that name pops up.  Those would be good clues to check the validity, is it a legit side or not.
 
And then lastly, broken links, poor spelling and grammar.  Like I mentioned earlier, a lot of these sites will come down as soon as the fraud is discovered, but they'll pop back up under a different brand or a different name, and really all they do is just change the web template and pop it back up.  But a lot of these scams, again, operating overseas, will use machine translation services to run their scams in a number of different countries.  And so if the syntax of the language sounds odd or there's a lot of sloppy errors, that's a really telltale sign that the site is probably a fraud.
 
Again, I mentioned FinCEN.  So before making a trade, you want to make sure that the site is registered with FinCEN, and many states also require that they register with the state and abide by state rules in terms of being a money service business.  And so you'll want to check those registrations just to verify that they are based in the U.S., that they're qualified to do business in your state and that sort of thing.  Now, relying on registration alone won't protect you from fraud, but most scams involve unregistered entities and people. 
 
I mentioned DeFi scams, rug pulls, and giveaways.  Just real briefly, a rug pull scam is—a lot of times these DeFi platforms will require staking or locking up some of your assets with that program, or you may have to deposit money if you're moving from one DeFi program to another.  You might have to use a bridging application to do that, and all of these are targets for potential hacks and scams.  So in a rug pull scam, typically, people will stake a lot of money into a project, and once that money pool gets deep, then the scammers will sneak in a back door, drain all the money, and you're left with a worthless token.
 
In a pump-and-dump, I kind of explained that already, but generally, they're coordinated on message groups.  They target thinly traded coins.  They pump up the price as high as they can, and the last one out is left holding the bag.
 
Giveaways, again, rich celebrities giving away crypto on social media, you can't get something for nothing.  It doesn't matter how rich the giver is.  They generally are not going to give their money away. 
 
The bottom line is analyze projects and promises.  If you don't understand the technology, then you probably have no business getting involved with it, and be mindful of FOMO, the fear of missing out.  If there's a lot of hype, that should be a warning sign, especially when you're involved with thinly traded tokens or something that can be easily manipulated.  You want to be able to check the websites and the white papers and make sure you understand what's being said.  If you don't understand the technology, again, invest in what you know, not in what you don't know. 
 
The other thing is that a lot of this technology is new and very novel, and it's been untested.  Ad so if the software hasn't been audited by a third party or tested for security, it's very likely that it could be vulnerable to hacking.
 
Again, only get involved with projects that you can understand.  That involves the tokenomics or the incentives involved with how the tokens are created in terms of is there proof of work, proof of stake, are there tokens being burned, are there tokens being added to the mix, and so all of those things in influence supply and demand, which influence the price.  And so you want to be able to understand not only the technology but also the economics underlying.
 
We have a flyer on our website.  The URL is there below.  It goes over these risks and more, so I would welcome anyone to come by and download that.  And we also have a number of other resources that will be available in the slide, so I hope you get a chance to stop by and download some of those things.  I also wanted to point out that recently MyMoney.gov, which was operated by the U.S. Treasury, combined a lot of the crypto-asset resources from a number of agencies, including all of those here today, on one page.  So you have a nice one-stop shop there for a lot of good information around what crypto assets are and how to protect yourself from fraud.  And I'll leave you with my email address.  Please feel free to reach out to me individually if you'd like to plan a program on your own or have additional questions or would like to get some of our materials sent to you.  I'd be happy to help you out.  And with that, I am going to pass this down to Owen.

>>Dr. Brown:  While Owen is getting ready to get his slides up, I just wanted to say that you had a question, Dan, on what is a DeFi scam, I think the rug pull scam you referred to, and so maybe you could be prepared to answer that in a little more detail.  I know it is a fairly detailed thing, but just to at least give them a general idea when we come back for questions.

>>Mr. Rutherford:  Sounds good. 

>>Dr. Brown:  Okay.  Owen, are you all set?

>>Mr. M. Owen Donley III:   I am.  I think so.  Thanks for my colleagues for inviting the SEC.  I'm going to talk about spotting and avoiding investment fraud.  At the SEC and in my office, we talk a little more generally.  We will discuss and have a great deal of content around crypto assets, but I'm going to talk about investment fraud more generally, mostly focused at retail investors.
 
As Dan mentioned, I am required to cite a slightly smaller disclaimer, and that is my office is providing this information as a service to investors.  It is not a statement of official SEC policy, a legal interpretation, or advice. 
 
One more point.  This is Investor.gov.  This is the website that the SEC maintains for retail investors.  I saw one of the questions in the chat is, could we use these this deck of these materials?  And on behalf of the SEC, you may use anything and everything you see.  You don't even have to give us credit.  None of this is copyrighted.  Feel free to explore the site.  Almost everything, I'll say today, comes from the site, so feel free to use it, and if you have any questions to reach out to me after. 
 
I'd like to talk a little bit about retail investors, and by that, what we focus on are not institutional investors or what we call "high net-worth investors," but regular—we'll say mom-and-pop, Main Street.  And over the last two, two and a half years, there's been a real increase in retail trading.  A couple data points that I find interesting, in January 2021 alone, 6 million Americans downloaded a trading app.  Similarly, in early 2021, retail investors, that smaller group, generated about as much equity trading—and that primarily means stocks—as mutual funds and hedge funds combined.  And without getting to a real market analysis, a mutual fund, which many of you know, is a company that invests in a bucket of stocks.  It's one way that a retail investor might find exposure to a more diverse set of securities, and it's a huge part of the securities industry and the stock industry in this country.  Retail investors were trading as much for a period in 2021.  So retail investing has really exploded recently.
 
What do we know about these investors?  There's a Deutsche Bank survey from last year that half of retail investors were completely new to the markets.  So we know that if we're talking about our customers, our clients, our constituents, many of them are not experienced, and that gives a real opportunity for those of us in investor education but also, pertinent to today's discussion, does make them targets for fraud.  
 
We know a little bit more, and there's actually—this is a little dated data, and if any of you are interested, feel free to reach out after.  Of the novice investors who opened their brokerage account in 2020 and forward, they tend to be more racially diverse, have smaller account balances, and trade frequently.  That's really in interesting information we can talk about later, but as an educator, I think about using that data as a way to reach more people and people sometimes that the SEC or my office haven't reached as well.  So we know they're new investors, they're more diverse, and they're trading a lot.  So that's who we're—that's one of the audiences we're really concerned about.
 
Why are we concerned about it?  Because of fraud, what we're talking about today.  As background—and again, I work at the SEC, and we are limited to our jurisdictions around securities and investments, but of those matters, my office looks at every case we bring, and the states bring many cases as well.  And their data, to the best of my knowledge, mirrors or even exaggerates this trend.  The vast majority of retail frauds in the United States are conducted by someone who is not licensed.  That is, they are an unregistered financial professional and/or they promise a high unrealistic return.  and those are the two most important things I'm going to talk about today.  Most people that commit retail frauds in this country are not licensed and registered.  There are, of course, frauds and other issues at registered firms, but the vast majority of the frauds we're talking about are not being conducted by licensed folks.
 
How many people are being approached with frauds?  I saw something in the chat, one today.  FINRA, a self-regulatory organization for brokers, did a study I think two years ago, and 80 percent their respondents had been solicited.  I bet if we were in person and we're in a room where we could raise hands, I'd say, "Who's been solicited this week by a scam?" And many of those are investment frauds.  So we know it's widespread.  In 2021, social media fraud of the investment space was about $770 million, and that's an 18-fold increase per the FTC.  And finally, the total dollar amount—and this is actually dated—is between 20- and $50 billion, with a B.  So we know this is a real problem, and those of us in investor education are focusing very much on fraud right now.
 
So who gets scammed?  Everyone.  I'll go through some of these later, but any group you can think of, there are frauds targeting seniors and older investors.  There are frauds targeting ethnic communities.  There are fraudsters—and we see cases every year—targeting the military, athletes, religious groups.  I'll talk a little bit about what we call "affinity fraud," and you've probably read about these cases where a member of a church, a synagogue, or a mosque or that community will target other members of their community.  And even for those of you who are federal employees,—I know there are state ones too.  Federal employees get targeted as well. 
 
Here is a takeaway, and again, this is on our site.  You can have it.  Five easy signs to make one wary.  One, as I mentioned, unregistered sellers.  Two, promises of high guarantees with little risk.  Three, pressure to buy quickly.  Anytime an investor has pitched something, "You need to do this now, " it's very suspect.  There's very few legitimate investments that a retail investor, a trade needs to make very quickly to be successful.  Free meals, this is a little tricky.  All of you have probably seen free meal seminars, and we at the SEC participate in some, so they're not all fraudulent.  But we do see there are a good number of cases every year where a fraudster will have—they'll reach out to seniors with a free meal, and really it's just trying to get their retirement into self-directed IRA or something, higher risk or even fraudulent.  And finally—I'm going to talk a little bit about this next—doing background checks.  One of the things I'm going to talk about is how important it is to do a background check with any person, an investor wishes to work.  And red flags, including they've been terminated, they've been sued before, are things that investors need to keep in mind.
 
Okay.  How do we do this?  Ask questions, research, and background checks, sort of a redundant slide.  I should also mention, just for expectation setting, I've got about 10 more minutes.  I'm going to move very quickly.  Again, all this content is available.  I'm happy to reach out on a personal basis or you can look at our site or email me later, but I'm going to move quickly.  But these are the key points.
 
All right.  How do you do a background check?  Investor.gov, the site that I manage, has on it a place where you can type someone's name in, and if that person is a licensed broker dealer or investment advisor, they will pop up.  If someone is soliciting you or a customer or a client or your constituent in investment and they are not licensed, that is a huge red flag of fraud.  It is very easy to do this.  You literally just type their name in.   Again, if we were in a room together, I'd ask you to get at your phones and type someone's name in.  In addition to seeing if they are licensed, you can get a lot of information.  What are they licensed to sell?  What firms have they worked for?  Any other important disclosures, potential violations of law.  So it will give the investor a better sense of who they're working with.  Similarly, with public companies. with public trading, whether it's a stock or a mutual fund, an ETF, there's a database called EDGAR, and it's on SEC.gov or through Investor.gov, and you can type in the name of the company and get its public reports.  You've probably heard of an annual report, a 10-K, or a quarterly report, an 8-K—or 10-Q—excuse me—8-K, a report of material change.  There's a great deal of data you can get, and this is part of investigating before you invest.
 
This is what EDGAR looks like.  It's got a great little interface.  We helped.  We worked on it.  It's got good UX, good user experience.
 
So what are fraudsters doing to get you to not do background checks and not do your research?  There's a great deal of behavioral, economic, and other related data on how fraudsters work, and they usually use one of these tricks.  One is phantom riches.  They say they're rich.  You'll see pictures of sports cars or whatever it happens to be.  Dan was talking about a lot of this stuff on social and digital.  Almost all of it has promises of great wealth.  Source credibility.  Usually, the person will pretend, purport to be reputable.  A background check can easily dispel much of that, including, as Dan mentioned, a Google search.  Scarcity.  There's often a "You got to get in now.  The time is running out. There's not much of this."  Again, for retail investors, that is almost never true and is indicia of fraud.  Finally, reciprocity.  Sometimes the fraudster will report to do you a favor.  We'll see something called "advanced fee fraud," where the fraudster will send a small check for like a hundred dollars to say, "Oh.  Hey, here's the first deposit.  Give me more money, and I'll give you even more money," things like that.  Anytime someone, especially unsolicited, which I'll talk about next, sends an investor a gift or a small amount of money, it's exceptionally suspicious.  And finally, social consensus, and this is common sense, "Everyone's doing it."  This especially applies to the affinity frauds I mentioned with.  "Everyone in your church group, your community group is doing this."  We unfortunately see a lot of victims who fall prey to fraudsters using that technique. 
 
This is my favorite one because it's so easy, an unsolicited offer; that is, if an investor did not seek information, someone reaches out to them, email, call, text, social, definitely on social, that's a huge red flag.  There are cold calls.  Brokers and advisors do make cold calls, but it's rare.  And you should always, of course, do a background check.  Our number one tip is to ignore unsolicited offers. 
 
Dan mentioned this, and I'm not going to focus too much on crypto currency or crypto assets, but often fraudsters seek to be paid not in traditional dollar, bank account forms.  They'll ask you to pay in crypto or in gift cards—paying gift cards is an incredibly—is a huge red flag—or overseas wires.  Almost no legitimate firm will require you to wire money overseas or in a gift or a gift card, and again, there are bogus payment apps that some of these folks will use.  So only use a payment app that you're very comfortable with and have a history with. 
 
In some of the scams, you can't figure out who the person is.  So aside from doing a background check to make sure they're licensed, there are scams where people pretend to be from the government, including from the SEC.  There's actually been people impersonating me and other folks at the SEC.  We tell investors to always verify the person reaching out who they are, not through the number or contact information that they give you but independently.  For example, you can call the SEC—and I'll give you the number at the end—if someone purports to be from the SEC.  Very few government agencies, if any, whether state, federal or local level, are soliciting investments.  So that's a red flag.  And as I mentioned, one thing we always tell folks, never, never, never pay an up-front fee.
 
Affinity fraud, I talked about briefly.  These are frauds targeting members of identifiable groups.  I mentioned religious groups.  We've seen frauds targeting a Haitian community in Miami, the Korean community in Los Angeles, a Christian community in Texas.  These are all in the last 18 months.  I mentioned this just because this just seems to never go away.  Unfortunately, often the fraudster is a member or purports to be a member of that group.  And so, again, even with someone that you think you have a lot in common with—this is advice that you should give your constituents or clients, and we give—even if you think you have a common bond with someone, when it comes to turning over your hard-earned money, you got to ask questions.
 
Another favorite of mine is online accounts.  Almost everyone, the vast majority of investors are using online accounts now, not just trading apps but through traditional firms.  I strongly recommend paying attention to passwords, strong passwords.  Two-step verification, I hope most of you know what that is.  You provide a secondary contact point, usually a text or can be a text.  So once you log on, a text will come to you with a code.  It is a great way to stop online fraud, and of course, not having universal passwords.  There are many more tricks like this.  I focus a lot of my career talking about social and digital media.  Privacy settings on social are so key.  Unfortunately, we see a lot of both.  It's interesting.  Older Americans, older investors and younger investors aren't particularly great with their privacy settings, and fraudsters can gain information about you, where you went to school, where your kids go to school, where you like to go to vacation, and use that information to get into you.  So really advice we give is securing your online accounts with these and other tools.
 
Very quickly, resources.  We've got tons.  Again, you can email me.  Go to our site and take them.  You don't have to give us credit.  This is Investor.gov.  We have this really fun thing.  If we had more time, I'd show you.  We made this last year.  It's essentially a parody of what we've seen on YouTube and Facebook of these videos saying you're going to get rich.  We have a fake video—it's about three minutes long—and then an educational video explaining all the red flags.  And we've actually been distributing it to teachers in the D.C. area and hope to expand it as a learning tool.  But if you have time and you're interested in online frauds, take a look at this.  It's called "How We Trade."
 
Everything on our site is mobile friendly.  There's tons of tools, compound interest calculators, required minimum distribution.  That's our most popular function.  So outside of fraud, if you're in a legitimate investment, feel free to look at these tools.
 
One of the things that I personally manage is a production of investor alerts and bulletin.  We have an alert out on cryptocurrency that came out two weeks ago.  If you're interested in crypto, I highly recommend you check it out and sign up to get more.  We issue, I think, about three or four months of the latest frauds and sometimes broader discussions of investing.  But if you're interested in investor education, it's a good resource.
 
And finally, this is our phone number.  My name's Owen Donley.  My email is not on here, but it's D-o-n-l-e-y-o at SEC.gov.  You can google me and find me.  Please feel free to reach out or call.  Thank you for your time.  Thanks for your interest in investor education.  Look forward to answering some questions at the end of the presentation, and I think now I'm going to turn it over to Brian.

>>Mr. Brian Martin:  Thanks, Owen.  There we go.  Hi, everybody.  Hope you can all hear me.  My name is Brian Martin, and I am an attorney at the Consumer Financial Protection Bureau.   And I'm going to, just like my colleagues on the panel today have, reiterate and fully adopt the disclaimer that was made by Heather at the outset of today's presentation.  This presentation is being made by a CFPB representative on behalf of the Bureau.  It does not constitute legal interpretation, guidance, or advice of the CFPB.  Any opinions or views stated by the presenter are the presenter's own and may not represent the Bureau's views. 
 
I'm going to talk about consumer financial fraud generally, some CFPB action and engagement.  I'm going to describe some examples of scams, what to do.  Then I'm going to turn my focus to crypto scams, some of the complaints that the CFPB has received, describe some scam examples, and again, what to do.  If you would like any further information about specific slides or anything I say today, at the very bottom of each slide, the publicly available source materials located will often provide direct links to the reports or the press releases or the actions that are relevant.  I'm not going to repeat verbatim everything on each slide.  In several instances, I'll provide some more information, but it will probably be unnecessary for me to read it all out loud.  Some of the slides have a lot of information on them, and knowing that these are going to be distributed, I was hopeful that these might be useful to some of you down the road. 
 
Some of the material today is probably going to sound a little similar to what Owen and Dan have already shared.  So I'll try to work through that more quickly.  So the CFPB'S responsibility for protecting consumers has led the Bureau to highlight some key concerns related to consumer financial products and services scams.  And again, Owen's slide relating to investment fraud hit on some of these same red flags.  It's kind of clear just how pervasive they are for consumers and investors.
 
So some red flags to mention at the outset, people who want you to pay up-front fees to help you claim services, benefits, or get loans.  Contractors selling repairs door to door, especially, they asked to receive payment up front, or they're offering some sort of magical, deep discount.  Con artists, namely those posing as government employees, insurance adjusters, law enforcement officials, bank employees, it is easy nowadays to fake credibility, fake uniforms, fake letterhead, fake websites, fake email addresses.  Consumers should not give out personal information to people they don't know.  And Dan and Owen have done a great job of explaining some ways to vet and verify those kind of people.  Limited-time offers.  Anyone who offers you something and tells you that it is for a very limited time may be trying to pressure you into something that you could later regret.  You should never be pressured to decide on the spot or to sign anything without having some time to review it, take time, reading, understanding anything presented, and again, it's always helpful if you can ask a trusted friend, relative, or even an attorney before acting on consumer financial products.
 
So I'm going to talk about a couple of examples of the things I just described.  First, it's one that the CFPB has repeatedly and recently addressed, and that's impersonation of government agencies.  Please note I'm just merely picking a couple of these scams, these examples of recent scam activity, because covering any and every aspect of these types of scams or the Bureau is working, that would take a long time, much more than we have today.
	
The first impersonation example that I want to talk about and where the Bureau has done work has been in May 2022.  The CFPB publicly issued a circular addressing prohibited practices on claims about FDIC insurance, specifically that entities cannot misuse the name or logo of the FDIC or make deceptive representations about deposit insurance.  And by publishing this circular, the Bureau is making three particular points in addition to other information.  First, that misrepresenting the FDIC logo or name will typically be a material misrepresentation, and material misrepresentations are deceptive practices that violate one of the major laws that the CFPB enforces, the Consumer Financial Protection Act.  Second, that a misrepresentation or misuse of the FDIC name or logo harms consumers, puts consumers at significant risk of unexpected losses.  Customers could be at risk of loss if they discover their assets are not insured at the time of financial distress.  Notably, because of their relatively recent entrance to the consumer marketplace, this is implicating financial products and services such as digital assets, crypto assets, and there may be particularly acute risks for consumers there.  Claims that a financial product or service is regulated by the FDIC or insured by the FDIC or eligible for FDIC insurance, these are likely to be deceptive if those claims expressly or implicitly indicate that the product or services FDIC insured when is, in fact, not the case.
 
Misuse of the FDIC name or logo harms honest companies.  So a firm that deceptively advertises that its products or services are FDIC-insured may convince individuals to purchase those firms' products or services when the individuals may have otherwise selected better, safer, similar products or services from a competitor that's engaged in actual honest advertising and marketing.
 
Another example of CFPB work in this space in the government agency impersonation space is the enforcement actions.  The Bureau has brought actions against entities for variously purporting to be associated with the Department of Education, the VA, the FHA.  For one particular example, the Bureau issued an order against a mortgage lender who was sending advertisements to military families that led those recipients to believe that the company was affiliated with the U.S. Government, a series of repeated offenses and millions of mortgage ads that used fake VA seals, fake federal housing administration seals and other language and design elements to imply that, oh, yeah, this is part of the government.  And in February 2023, the Bureau issued an order that banned that lender from mortgage lending industry permanently.  They're forever prohibited from engaging in mortgage servicing, lending activities, receiving remuneration from mortgage lending, and they have to pay a penalty that's going to be deposited into the Bureau's victims' relief fund.
 
Again, we've talked a little bit about red flags already today.  If you are worried about potential exposure to a scam, there are some ways to protect yourself.  Dan offered great advice on his slide that I'd like to readopt here.  Don't pay any more money.  End the communication.  And then he gave examples of how to report it.  If a person is trying to sell you a product or service and they can't or won't answer your questions, this is a red flag that you may want to look for someone else to do business with.  Take your time reading and understanding anything presented to you.  Again, it's always good to be able to ask somebody that you trust to help you understand or review things.  And again, you can also submit complaints to the CFPB and elsewhere, if you are worried that you may be spotting a scam.
 
There's other things you can do if you're the victim, actually become the victim of a scam.  You can contact your local police, sheriff's office.  You can contact your state attorney general, and you've got resources in the slideshows today about how you can locate those people.  But the National Association of Attorneys General website has that information.  If the person is an older person or person with a disability, we suggest contacting local Adult Protective Services.  Using the online Eldercare Locator can provide information about that.  And if someone you care about is the victim of a scam or fraud, you can report that fraud or scam to the FTC or to the Bureau.  Again, you're not limited to one of these recourses.  These are not just one choice here.  There's many options, and in many circumstances, some or all of them may be the things that you need to pursue.
 
I will focus now on crypto-asset financial fraud and scams since we've covered sort of the lay of the land on the general issues.  I'm going to focus in particular on the Bureau's 2022 bulletin, which highlighted consumer complaints related to crypto assets.  Crypto assets are, as we've talked about today, very attractive to fraudsters and scammers.  They are increasingly offered and marketed to consumers, and they're getting incorporated into a wide range of other products.  As many people here today are already well aware of, even large financial firms have begun offering and marketing crypto asset services to certain customers.  As these offerings have increased, so too have consumer complaints to the CFPB and elsewhere about crypto assets.  Scammers often target crypto assets since it could be difficult to determine the person or people behind many crypto-asset addresses.  And there are large—there are a number of techniques that scammers use to obscure the movement of crypto assets to other accounts.  This is going to make tracing those kind of crypto assets stolen by fraudsters and scammers much more time consuming for regulators and law enforcement.  It's a challenge.
 
As noted, the Bureau has identified a rise in complaint volume in this area.  You saw Dan show in his slide the rise in complaint volume in these areas.  We've got a few notable observations about some of the common themes that the Bureau has identified among consumer complaints.  There's a difficulty for consumers obtaining restitution.  In situations where consumers have been defrauded, had their accounts hacked, consumers often say that there's nowhere that they can turn for help.  In addition, even where there is somewhere to turn for help, crypto-asset platforms and service providers are increasingly and commonly requiring mandatory arbitration, and they limit class action suits in order to use their service, which it may challenge consumers trying to obtain restitution.  Consumers often learn later on that the important terms for using a service are buried in the terms and condition.  It can be very difficult for the consumer to find on the platform.  On fraudulent transactions., complaints show that there are some crypto-asset platforms appear only to be taking steps to verify the person, the authority of a person to act on behalf of a customer after receiving a complaint from the customer, so someone can impersonate them, often only after several escalations by that customer.  We're seeing complaint patterns, such as a scammer, making hundreds of small transactions to the same wallet, suggesting that scammers are aware of and purposefully evading controls to prevent a lot of common fraud.  This is helping to avoid, set off automated alarm bells that the system may have tried to put in place to protect consumers or limit those kind of fraud complaints.  As for risk of identification, believe it or not, some users of blockchain technology are still unaware of the public nature of the ledger that records every transaction of a crypto asset.  This means that malicious actors may be able to link transactions and crypto assets with a consumer's identity and other transactions, and that kind of linkage where you're associating the identity of the consumer with their transactions, it's obviously fraught with the bevy of consumer risks.  The higher asset volatility, we're seeing crypto assets have sometimes had significantly more fluctuation in value than currency backed by governments, often referred to as "fiat currency."  Some crypto assets have gone to zero or had assets frozen by exchanges, and again, consumers are losing out in those circumstances.  Many of the circumstances, they're losing out opportunities, flexibility with their assets.  And as for romance scams and the so-called "pig butchering," we can talk about that on the next slide.
 
Dan gave a great overview of pig butchering—of romance scams generally, and I think I'll adopt his observations there.  Crypto assets are often targeted in these romance scams.  Scammers play on a victim's emotions to extract money.  It's not new, as Dan pointed out.  This has been going on in various forms for a long time.  This is just now happening with crypto assets more and more.  We're seeing fraudsters pose as financial successes.  They're coaching victims into setting up crypto-asset accounts.  Scammers try to use social media posts by influencers and celebrities to trick victims.  And again, that point before about a lack of customer service, that's going to create opportunities for social media scams where attackers pretend to be the customer service reps to gain access to consumer wallets and steal crypto assets.
 
So this is an actual consumer experience collected by the Bureau, an actual published complaint.  Just to summarize it briefly, this is what a consumer told the Bureau:  "I connected with someone who later went on to say that he was being sent overseas by the CIA on an undercover assignment for our country.  He also said that his handler would text me information to send to him once he was in Kazakhstan so that he could access an account and send money through to my credit cards so I could take out cash advances and send them to him via Bitcoins.  Money started showing up in some of my credit card accounts, and I was even eventually sent a promissory agreement on what appeared to be real CIA letterhead.  So I went ahead and started sending the Bitcoins to him, thinking I was helping not only him but our country.  Eventually, I realized it was a scam after all the money sent through to my credit card accounts was sucked back out after I sent him the funds.  I am stuck with approximately $100,000 in debt."  And when you go through the database of complaints, you see more than a few that look like that.
 
Again, we've talked a little bit about scammers impersonating customer service reps, the shockingly prevalent problem in the space.  Lack of customer service options for many crypto-asset platforms and wallets creates these opportunities.  Attackers pretend, pose as actual bona fide customer service reps.  That helps them gain access to customer wallets and steal the assets.  For example, on certain social media sites, if you just mention certain crypto-asset wallet names in a post, it will actually lead to a bunch of bot-type accounts that will respond with false offers to help.  In reality, these are just scam attempts to lure the user to engage and enter, follow information, and provide access to their wallets and their accounts.  And again, this is the lack of dedicated support is likely contributing to a plethora of scams. 
 
On this slide here, you'll see that there's a specific actual example of a scam already published by the CFPB.  A consumer reported a risk of loss of nearly $40,000 when they were contacted by a scammer who claimed to be an employee of a crypto platform who needed help to unlock the account.
 
So some particular advice on these crypto scams, beware of common scams.  In addition to the romance and pig butchering scams, there are other tricks that are used by malicious actors ranging from the merchant scams to many of the other ones covered today by Dan and Owen. Continue to cultivate information and develop, I think, an earned wariness about these scams and how attractive they can be to consumers.  Report the types of fraud or scam concerns that you see.   One important point is that no government agency or financial regulator is ensuring crypto assets.  Consumers can submit complaints to the CFPB.  The Bureau and its other peer regulators are highly interested in addressing scams and frauds, and we look forward to getting those complaints and trying to help consumers where we can.
 
My name is Brian Martin.  Thank you very much for the opportunity to speak with you all today.

>>Dr. Brown:  Okay.  Thank you so much, Dan, Owen, and Brian for all that great information.  I really appreciate it.  I've learned a lot of things myself.  I thought we'd jumped into some questions here, and we could still probably get people out within the next five or six minutes for those that want to stick around and ask questions.  For those that need to go, we understand, and that's fine too.
 
So let's just start.  First, somebody asked about the decks and whether you could use the slides.   Yes.  It's public information that we're providing you, and you are free to use our slides.  And that's what we want you to do is to use the information to build your own slides.  Just take our logos off if you do that.  If you use the slide exactly as it is, you can keep the logo on.  Either way, we're fine just as long as you don't change what we have and keep our logos on.  Then you're free to use that information to build your own product for your clients.
 
We had a question about what DeFi stood for, and that was when Dan was presenting.  Dan, would you like to talk about that for a little bit?

>>Mr. Rutherford:  Sure.  So when we talk about DeFi, it's short for "decentralized finance," and this is really sort of an outgrowth of the Bitcoin and Ethereum developments, particularly Ethereum.  When the Ethereum network was developed, its inventor, if you will, a young man at the ripe age of 19, I might add, Mr. Buterin, he developed the idea that if we have all of these computers running all over the world, storing all of this information about transactions, why can't these computers also run programs?  He invented or came up with the idea of allowing the network computers that run or store the blockchain data to also run applications called "smart contracts."
 
Now what happened or how this developed was essentially these smart contracts or small programs or applications are sort of like the app store, if you will, but they can also be put together as components in a bigger sort of application, right?  So they're kind of like Legos in a way, that you can snap together a number of different protocols and create a different application.  And so DeFi is sort of the universe of what are fully automated things like exchanges, lending platforms, places where you could play games.  And the way it works generally—and I know—I think the question about rug pulls came up.  So let's say I create a lending platform.  Well, the way it works is you can borrow tokens from me, right?  But you have to put up collateral, right? And usually, the loans are over-collateralized, and that creates a pool of money, right?  So most of these rug pulls involve some forms of money pools.   It could be deposits, could be—I mentioned staking, which is a way of sort of getting involved in the governance of a token.  There are other ways to do this.  And essentially, what you do is you essentially are buying that platform's token in exchange for the money that you're locking away.  When that money pool gets deep enough or big enough, the scammers will basically go in and sell or take all of your money.  It's really quite that simple. 
 
There's usually a lot of hype involved around new DeFi applications.  So you might see a lot of hype on social media about this hot new token or this hot new application.  That draws people in, and literally, these rug pulls take tens of millions of dollars in a whack, and they're really quite common.
 
Another sort of common application or common hack these days is what's known as a "bridging attack," and typically, that occurs when you use—stablecoins are used quite frequently in DeFi applications because they're more stable in value than other forms of tokens.  So to transfer from one application or protocol to another, so you want to move from Solana to something else, you use a bridging application that allows you to transfer those funds from one blockchain essentially to another.  Well, that money that you put in is locked up, and new coins are minted on the other.  So your money is still hanging out there in this money pool that I mentioned earlier, and those are getting attacked by hackers.  So there are really many different forms of these types of things, but the main thing to remember is because this is all open-source software, it's all available to anyone who wants it.  And again, it's new, and if anybody knows anything about software, once you find one bug, you're likely to find more.  And hackers always are trying to exploit the weakest link with the most money.  So keep that in mind.

>>Dr. Brown:  That's great.  Thank you so much.  And I see that you answered the question—and several people chimed in as well—about what to do when there's somebody that a banker recognizes maybe being a victim of fraud.  Maybe they're pulling out large amount, sums money frequently that they hadn't done before or something like that.  I'm not sure what the signal was.  But there was some good feedback, Dan, that you gave, and I think some others chimed in as well.  But I love the idea of having some materials on—[audio break].

>>Mr. Rutherford:  Oh, we lost you, Heather.  I think we lost Heather.

>>Dr. Brown:  Oh, sorry about that.  I think having materials on hand to share is a great idea.  Did anyone else want to chime in on that one real quick?
 
Okay.  All right.  So then there's a question that says how do people—well, somebody asked about what you all think of services that offer one password for all your accounts, including reputable companies.  I think they're talking about LastPass kind of thing where you have one master password, and then you store lots of passwords in there, and it changes for you, so you don't have to use each password separately.  Did anybody want to comment on that? 

>>Mr. Donley:  I think that might have been a response to our general guidance not to use the same password.  I am not a technologist, and I do understand that there are companies, legitimate companies that do this.  The practice that concerns me the most is not using a legitimate platform and just using the same password for everything without—so I don't know much about that technology.  I do understand that there are legitimate, secure companies.  I think like my Apple phone does that.  But the practice that is at most risk is using the same password, and so you're on a public computer.  Someone gets that password and, they use it for all your accounts.  So I don't know much about that technology, but the concern we have is more just sort of the casual use of the same password, not using one of those companies. 

>>Dr. Brown:  Thank you, Owen.  I appreciate that.  Okay.  And then we had a question that asked, how do people such as ourselves who have public profiles protect ourselves from fraudsters?

>>Mr. Donley:  Oh, golly.  I am regularly solicited by—it shocks me—regularly solicited via work for fraud.  So I don't know the good answer to that.  I ignore unsolicited offers.  Notwithstanding this group, I'm pretty private with my email and contact information, especially personal information, and very private with my financial information.  That's the best advice I can give you. 

>>Dr. Brown:  That sounds like great advice.  Well, we have someone else that asked about materials, and a lot of people shared links, including our speakers and myself, on where some products are.  And hopefully, that will help that person take care of that.

>>Mr. Rutherford:  Heather, if I can jump in real quick, just to add to what Owen was saying.  Again, limit what you can.  If you're out there on LinkedIn and you have a professional profile, information up there, great.  Maybe keep the vacation photos or other personal information—limit it as much as you possibly can.  And the same with Facebook.  Be careful about—just like you would be careful about saying you're going on vacations to not alert burglars that you're going to be out of town.  You want to have the same sort of care with your information in terms of where you work, what you do, how much you make, where you went to school, all those sorts of things that could tip off a potential fraudster for things that could be exploited.
 
The other thing is if you're doing like regular streamings or anything like that on Facebook, be sure you keep an eye out on anyone who might be out there impersonating you after the fact, maybe with a fake profile or something along those lines, because I have heard a lot of stories about that occurring as well.  So imposters will take over your identity and ask your followers to follow them or to contact you or DM them or something along those lines.  So you just need to be conscious and let your followers know that you would never do this sort of activity.  You would never DM them about X or Y, and if they hear or see of anything, to let you know.  So a lot of times feedback from your followers is a good way to take care of that.

>>Dr. Brown:  Excellent.  Thank you so much.  I think we're going to wrap it up with that answer.  I appreciate the speakers' time again and thank the Events Team.  It sounds like it's all good for us all to have a good, healthy dose of paranoia.  It's getting difficult to trust, but it's very important to stay vigilant because there's nobody that's going to be spared being hit with one of these attempts.  And the more sophisticated we get and the more we learn, the better we can protect ourselves.  So thank you all again, and we're planning to do an identity theft and scams event in June.  So stay tuned for that if you didn't get enough this time, and I hope you all have a great rest of your day. 
 
I did put the email in, CFPB_FinEx@CFPB.gov so that you all can email, if you did not register and want a copy of the slides.  Take care, everyone.  Have a great day.

>>Mr. Rutherford:  Thanks, Heather.

>>Mr. Donley:  Thanks, everybody.

>>Mr. Martin:  Thanks.