Cryptocurrency features, such as having no central regulating authority, being immutable, and having relative anonymity, makes it a high-profile target of hackers. And these days, more people own and spend time on mobile phones than they do on PCs. Crypto hackers are well aware of this and have mastered the art of targeting user funds using deceptive mobile apps.
In this writeup, we’ll highlight the most prevalent ways crypto fraudsters are targeting mobile phone users. When you identify the red flags, it’s easier to protect yourself and your crypto. We’ll also list a few steps that you can follow to protect yourself against every type of scam.
1. Fake Crypto Exchange Apps
Fake cryptocurrency exchange apps are one of the ways scammers can target crypto holders. Such apps, either on a dedicated website or app store, are designed to steal user data. Victims of such fraud will have their data compromised, and they could lose their funds as a result.
A famous example of this scam is the several fake versions of the Poloniex exchange app that were released before the legitimate app’s release in July 2018. Many of these apps were listed on Google Play. People that downloaded these apps had their information massively compromised, and they lost money in the process.
Below are ways in which you can protect yourself from a cryptocurrency exchange scam:
- Check the app’s official website to see if they have an app after all. If so, use the official link provided by the website to download the app.
- Check reviews. Reviews can be a reliable way to identify a scam app. If the review section is full of negative reviews and ratings, you might want to steer clear. In the same vein, watch out for an app with nearly all-perfect reviews. A legitimate product will at least have some negative reviews.
- Confirm whether the developer is legit by looking at their online presence. See if their information is related to a legitimate exchange.
- Check how many times the app has been downloaded. A popular and legitimate app will likely have a substantial amount of downloads as opposed to a fake one.
- Enable two-factor authentication on your accounts. It’s harder for a scammer to get past this.
2. Fake Wallet Apps
These are scam wallets that are designed to trick users into sharing personal information, send funds to attacker-specified addresses, and so on. Apps like these are created all the time. In the past, cryptos like Bitcoin, Ethereum, and Neo have been targeted, causing users to lose funds.
Below are tips to avoid this scam:
- Apply the precautions for fake crypto exchange apps highlighted above
- Ensure that completely new addresses are generated the first time you open the app and that both private keys and/or mnemonic phrases are in your hands
- Check whether the app allows you to generate public addresses.
3. Cryptojacking Apps
Cryptojacking is when a malware uses your device’s processing power to mine cryptocurrency. Although mobile phones have way less computing power than computers, that hasn’t dissuaded cybercriminals from using them for cryptojacking.
A cryptojacking app will often be disguised as a legitimate app for gaming, educational, or other legit use. In reality, such an app will surreptitiously use your phone’s processing power to mine crypto in the background. Other prepaid checking apps will be advertised as legit mining apps, but any rewards will go to the developer and not the user. Usually, such an app will employ an extremely lightweight mining script to avoid detection.
Cryptojacking is harmful because it degrades your phone’s performance and causes it to wear and tear quicker. In some cases, cryptojacking apps can even be hiding Trojan horses for even more malicious software.
This is how to prevent against cryptojacking apps:
- Only download apps from legit sites like Apple’s App Store and Google’s Play Store. Ensure the app is marked as ‘Verified.’
- Check if your phone is draining the battery too quickly and remove any apps responsible.
- Regularly update your apps, so any security bugs are fixed.
- Use browsers that have anti-cryptojacking software in place. Also, use browser plugins such as MinerBlock and NoCoin.
- Install and regularly update your anti-malware software
4. Fake Mining Apps
These are apps that purportedly mine crypto, but all they do is display ads. The apps trick users into keeping the app by a supposed increase in rewards that increase over time. However, these apps are not actually mining crypto. Instead, the developers are profiting from your watching of the ads.
The best way to steer clear of this scam? Understand that for the majority of cryptocurrencies. Mining is done with specialized computers known as ASICs. Any mining proceeds from mobile mining are extremely trivial and not worth the effort.
5. Clipper Apps
These are apps that hijack your transactions and replace your address with that of the hacker. With these apps, when you copy the right address, the one you paste is actually that of the attacker.
To avoid this scam, take these precautions when processing a transaction:
- Double-check the address before you hit ‘Send.’
- Check not just portions of the address, but the whole thing. Some hackers are smart enough to use an address that resembles yours.
6. SIM Swapping
This is one of the most serious threats. A SIM swap is a scam in which an attacker gains control of your phone number. They do this by convincing your service carrier that you want to transfer your phone number to a new SIM. Once the transfer is done, the attacker can now access all kinds of data that are related to your phone – from calls to text messages to various accounts’ details. It also means any personal and financial info tied to those accounts is in their possession. This includes crypto wallets and exchanges.
Crypto entrepreneur Michael Terpin’s SIM swap saga should illustrate this very well. Terpin alleged that he lost over $20million worth of crypto as a result of AT&T’s recklessness with the handling of his phone number.
Here’s how to avoid falling prey to a SIM swap scam.
- Don’t use your mobile number for two-factor authentication. Instead, use an authenticator like Google’s Authenticator or Authy. Other alternatives are hardware authentication devices YubiKey or Titan Security Key by Google.
- Never reveal your phone number in places like social media. Imposters will readily use such info to impersonate you.
- Be discreet about your possession of cryptocurrency on social media. This can make you a target. And if folks already know you own crypto, don’t reveal info such as the exchange or wallet you use
- Talk to your SIM service provider about adding an extra layer of protection, such as a PIN or password to your phone number.
7. Public WiFi
Public WiFi is another entry point for crypto scammers to gain access to your phone and steal funds. Public WiFi is usually open for everyone, and this makes any device using it vulnerable to hacking. For this reason, employ extra precautions every time you use public WiFi. Even better, avoid using public WiFi at all.
Mobile phones are now involved in every aspect of our lives. From entertainment to work to finances, the mobile phone is nearly indispensable. But that everywhere presence is also a vulnerability. And this can’t be truer for crypto holders. Now that you’re aware of the loopholes that crypto swindlers can exploit, you’re better set to protecting yourself and your funds.