Mobile devices have become a prime target for cybercriminals looking to scam cryptocurrency users. This trend emerged in 2017, a year that witnessed an explosive growth in the valuation of cryptocurrencies, leading to mainstream media coverage and widespread interest. However, this surge in popularity also attracted the attention of criminals who favor cryptocurrencies due to their relative anonymity, enabling them to bypass traditional banking systems and avoid regulatory scrutiny.
Smartphones are a particularly attractive target for these scammers, given that people spend more time on them than on desktops. As a result, cybercriminals have been devising sophisticated tactics to deceive mobile users and steal their cryptocurrency holdings.
To protect themselves, users can take a few steps. Firstly, they should be vigilant and avoid clicking suspicious links or downloading unverified apps. They should also enable two-factor authentication and regularly back up their wallets. By following these precautions, cryptocurrency users can safeguard their investments and stay one step ahead of cybercriminals.
Fake crypto applications
Fake Crypto Exchange Apps
Beware of fraudulent cryptocurrency exchange apps, which have become increasingly common. Poloniex is a well-known example, having been targeted by fake apps before the launch of its official mobile trading app in July 2018. These apps were designed to function like the real thing, and many users who downloaded them had their login credentials and cryptocurrencies stolen. Some fake apps even requested access to users' Gmail accounts, but only those without two-factor authentication (2FA) were compromised.
To avoid such scams, take the following steps:
- Verify that the exchange offers a mobile trading app by checking its official website and using the link.
- Read reviews and ratings carefully. Fraudulent apps often have many negative reviews complaining about scams, but be wary of apps with only positive reviews as well.
- Check the app developer information, including the company's legitimacy, email address, and website. Perform an online search to confirm their affiliation with the official exchange.
- Consider the number of downloads. A reputable cryptocurrency exchange should have a high number of downloads.
- Activate 2FA on your accounts. While not foolproof, 2FA makes it much harder for scammers to access your funds even if they have your login credentials.
Fake Crypto Wallets
Beware of fake cryptocurrency wallet apps that can steal your personal information, such as passwords and private keys. These apps provide users with public addresses that they assume are legitimate, but they do not have access to the private keys needed to access any funds sent to them. Unfortunately, many users have lost their funds due to these fake wallets, which have been created for popular cryptocurrencies.
To avoid becoming a victim, follow the precautions outlined in the exchange app segment above, such as checking the app developer information and download count and activating 2FA on your accounts. Additionally, take steps to ensure that brand-new addresses are generated when you first open the wallet app and that you have possession of the private keys or seed phrase. A legitimate wallet app allows you to export private keys, but you should use reputable software, preferably open source, to generate new key pairs to minimize the risk of compromise. Finally, verify whether public addresses can be derived and accessed from the private keys or seeds. To do this, you should perform this task on an air-gapped computer disconnected from the Internet to minimize the risks of keys and seeds being compromised.
Cybercriminals have turned to cryptojacking as an easy and cheap way to make money. Mobile devices are becoming increasingly vulnerable to this type of attack. Scammers create programs disguised as legitimate apps, such as games or utilities, which secretly mine cryptocurrencies in the background. Some apps claim to be legitimate miners, but the rewards go to the developers instead of the users. To avoid detection, these apps often use lightweight mining algorithms.
Cryptojacking can damage your device and expose it to other types of malware. To protect yourself:
- Only download apps from official stores like Google Play, as pirated apps are more likely to contain cryptojacking scripts.
- Watch out for signs of excessive battery drain or overheating, which could indicate that an app is cryptojacking. If you detect this, close the app.
- Keep your device and apps updated, as security patches can fix vulnerabilities that cybercriminals might exploit.
- Use a web browser that guards against cryptojacking or install reputable browser plug-ins, such as MinerBlock, NoCoin, and Adblock.
- Consider installing mobile antivirus software and keep it updated to protect your device from cryptojacking and other types of malware.
Fake Crypto-Mining Apps
It's common to encounter apps claiming to mine cryptocurrencies for their users, but, in fact, they only exist to display ads. These apps encourage users to keep them open by falsely reflecting increased rewards over time. Some apps even incentivize users to leave 5-star ratings in exchange for rewards, even though they do not mine any cryptocurrency, and users never receive any rewards.
It's important to know that mining cryptocurrencies usually requires specialized hardware (ASICs), making it impossible to mine them on a mobile device. Any amount of cryptocurrency mined on such apps would be insignificant at best. Therefore, it is best to stay away from such apps altogether.
To prevent becoming a victim of clipper apps, you should take some precautions when processing cryptocurrency transactions. Clipper apps are designed to replace the legitimate recipient address with those of the attacker, tricking the victim into unknowingly sending funds to the attacker.
To avoid this type of fraud, always double and triple-check the recipient address you are pasting before completing the transaction. Blockchain transactions are irreversible, so it's crucial to be careful.
It is also essential to verify the entire address instead of just parts of it since some apps can paste similar-looking addresses to the intended address. By ascertaining the complete address, you can ensure that the correct recipient receives the funds.
SIM swapping is a scam where a cybercriminal uses social engineering tactics to get a new SIM card for a user's phone number. The user may not even know that their SIM card has been swapped. Michael Terpin is an example of a victim of this scam, claiming that AT&T (an American telecommunications company) was responsible for losing tokens worth over 20 million US dollars.
Cybercriminals can bypass two-factor authentication (2FA) that relies on the phone number to access cryptocurrency wallets and exchanges. They can also monitor SMS communications to intercept the 2FA pin.
This attack is particularly concerning because users do not need to download malicious software or click on a harmful link.
To protect yourself from SIM swapping scams, it is recommended to use an app such as Google Authenticator or Authy for 2FA. Alternatively, you may use hardware 2FA like YubiKey or Google's Titan Security Key. You should also avoid revealing personal identifying information, including your mobile phone number, on social media. Do not disclose that you own cryptocurrencies on social media, and make arrangements with your mobile phone provider to protect your account.
Which WiFi Do You Use on Your Mobile Phone?
The security of mobile devices is of utmost importance to cryptocurrency users, and WiFi access can be a potential entry point for cybercriminals. Public WiFi, in particular, is known to be insecure and can put users at risk of having their data accessed by hackers. To prevent this, users should take necessary precautions before connecting to public WiFi.
As mobile phones have become an integral part of our lives, they are now closely associated with our digital identity, which makes them a prime target for cybercriminals. As a result, safeguarding your mobile devices is no longer a choice but a requirement to prevent potential security breaches. Take necessary precautions and ensure that your mobile devices are secure to stay protected from cyber threats.