And, according to the latest FBI fraud report, scammers are using fake crypto apps to steal money from unsuspecting crypto investors. He points out that US investors have lost about $ 42.7 million to scammers through fake apps.
The schemes are reportedly taking advantage of the increased interest in cryptocurrencies, especially during bull market rides, to fool cryptocurrency users.
How Fake Crypto App Scammers Attract Users
Fake crypto app scammers use a myriad of techniques to entice investors. The following is a breakdown of some of them.
Social engineering schemes
Some fake crypto app scammer networks use social engineering strategies to entice victims.
In many cases, scammers make friends with victims through social platforms such as dating sites and then trick them into downloading apps that appear to be functional cryptocurrency trading apps.
The scammers then convince users to transfer funds to the app. Funds are, however, “frozen” once the transfer is made and victims are never allowed to withdraw money.
In some cases, scammers lure victims by using outlandish, high-yielding claims. The ploy ends when the victims realize they cannot redeem their funds.
Speaking to Cointelegraph earlier this week, Rick Holland, chief information security officer at Digital Shadows, a digital risk protection firm, stressed that social engineering remains a top strategy among criminals because it requires minimal effort. .
“Relying on the proven method of social engineering is much more practical and profitable,” he said.
The head of cyber security added that social engineering makes it easy for scammers to target high net worth individuals.
Some fake crypto app scammers have resorted to using recognizable brands to push fake apps because of the trust and authority they exercise.
In a case highlighted in the FBI’s latest crypto crimes report, cybercriminals posing as YiBit employees recently duped investors for about $ 5.5 million after convincing them to download a fake cryptocurrency trading app. YiBit.
Unbeknownst to the investors, the current cryptocurrency exchange company YiBit went out of business in 2018. Fund transfers made on the fake app were stolen.
In another case outlined in the FBI report, phishers using the Supay brand, associated with an Australian crypto company, defrauded 28 investors for millions of dollars. The ploy, which took place between November 1 and November 26, resulted in losses of $ 3.7 million.
Such schemes have been running for years, but many incidences are not reported due to the lack of adequate redress channels, especially in jurisdictions that avoid cryptocurrencies.
Recent: How NFTs Can Increase Fan Engagement in the Sports Industry
In addition to the United States, investigations in other major jurisdictions such as India have uncovered elaborate fake crypto app schemes in the recent past.
According to a report released by cybersecurity firm CloudSEK in June, a recently discovered fake crypto app scheme involving numerous cloned apps and domains caused Indian investors a loss of at least $ 128 million.
Distribution of fake apps via official app stores
Fake crypto app scammers sometimes use official app stores to distribute deceptive apps.
Some of the apps are designed to collect user credentials which are then used to unlock crypto accounts on the corresponding official platforms. Others claim to offer secure wallet solutions that can be used to store a wide range of cryptocurrencies, but they steal funds once a deposit is made.
While platforms like the Google Play Store constantly examine apps for integrity issues, it’s still possible for some fake apps to escape the cracks.
One of the latest methods used by scammers to achieve this is to sign up as an app developer on popular mobile app stores such as the Apple App Store and Google Play Store and then upload legitimate looking apps.
In 2021, a fake Trezor app disguised as a wallet created by SatoshiLabs used this strategy to be published on both the Apple App Store and the Google Play Store. The app claimed to give users direct online access to their Trezor hardware wallets without having to connect their Trezor dongle to a computer.
Victims who downloaded the fake Trezor app were forced to submit their initial wallet phrase to start using the service. A seed phrase is a string of words that can be used to access a cryptocurrency wallet on the blockchain.
The details sent allowed the thieves behind the fake app to rob users’ funds.
According to a statement provided by Apple, the fake Trezor app was posted on its store through a deceptive bait-and-switch ploy. It is assumed that the app developers initially sent the app as an encryption application designed to encrypt files, but later converted it into a cryptocurrency wallet app. Apple said it was unaware of the change until users reported it.
Speaking with Cointelegraph earlier this week, Chris Kline, co-founder of Bitcoin IRA, a cryptocurrency retirement investment service, said that despite such incidents, the major tech companies in the space were adamant in fighting apps. false cryptographs due to the potential damage to their integrity. He said:
“Technology companies are always looking for better education and security for their users. The most renowned players today put safety first on their roadmaps. Users need to be reassured that their digital assets are safe and suppliers keep security first. “
That said, the problem of fake apps is more prevalent in unofficial app stores.
How to spot a fake crypto app
Fake cryptocurrency apps are designed to resemble legitimate apps as closely as possible. As a cryptocurrency investor, you should be able to discern between legitimate and fake apps to avoid unnecessary losses.
The following is a breakdown of some of the things to watch out for when trying to ascertain the authenticity of a mobile crypto application.
Spelling, icons and description
The first step in ascertaining if an app is legitimate is to check the spelling and icon. Fake apps usually have a name and icon similar to the legitimate ones, but something is usually wrong.
For example, if the app or developer names are misspelled, the software is most likely fake. A quick search of the app on the internet will help confirm its legitimacy.
It’s also important to consider whether the app has a Google Editor Choice badge. The badge is a distinction provided by the Google Play editors to recognize developers and apps with exceptional quality. Apps with this badge are unlikely to be fake.
Counterfeit apps usually require more permissions than necessary. This ensures that they collect as much data as possible from victims’ devices.
Therefore, users should be wary of apps that require decentralized permissions, such as device administrator privileges. Such permissions could provide cybercriminals with unrestricted access to a device and allow them to intercept sensitive data that can be used to unlock financial accounts, including crypto wallets.
Intrusive app permissions can be blocked via a phone system’s privacy settings.
The number of downloads
The number of times an app has been downloaded is usually an indicator of its popularity. Apps from reputable developers typically have millions of downloads and thousands of positive reviews.
Conversely, apps with a few thousand downloads require more control.
Confirming authenticity by contacting support
If you are unsure about an application, contacting support via the company’s official website could help you avoid financial losses due to fraud.
Additionally, authentic apps can be downloaded from a company’s official website.
Related: Cryptocurrency Contagion Deters Investors in the Short Term, But Fundamentals Remain Strong
Cryptocurrencies are backed by relatively new technology, so it’s only natural that there are teething problems when it comes to usage and adoption. Unfortunately, in recent years, black hats have been targeting naive cryptocurrency enthusiasts using fake crypto apps.
While the problem is likely to persist for several years, more scrutiny by tech companies is likely to mitigate the problem in the long run.