Scammers have taken advantage of blockchain’s decentralized and immutable nature to scam crypto investors since the advent of the technology. And according to the latest FBI scam report, scammers are using fake crypto apps to steal funds from unsuspecting crypto investors. Highlights that US investors lost an estimated $42.7 million to scammers through counterfeit apps. The schemes reportedly use the heightened interest in cryptocurrencies, particularly during the bull market runs, to entice crypto users.
How fake crypto app scammers lure users
Fake crypto app scammers use numerous techniques to lure investors. Below is a breakdown of some of them.
Social engineering schemes
Some fake crypto app scam networks use social engineering strategies to lure victims. In many cases, scammers befriend victims through social platforms such as dating sites and trick them into downloading apps that appear to be working cryptocurrency exchange apps. The scammers then convince users to transfer funds to the app. However, the funds are “locked” once the transfer is made, and victims can never withdraw any funds. In some cases, scammers lure victims with extravagant performance claims.
The ruse ends when the victims realize they cannot redeem their funds. Rick Holland, director of information security at Digital Shadows, a digital risk protection firm, emphasized that social engineering remains a top strategy among criminals because it requires minimal effort. “It’s far more practical and lucrative to rely on the best practice of social engineering,” he said. The cybersecurity manager added that. Social Engineering makes it easier for scammers to target high-net-worth individuals.
Recognizable brand names
Some fake crypto application scammers have resorted to recognizable brands to distribute fake apps due to the trust and authority they exercise. of about $5.5 million after convincing them to download a fake YiBit cryptocurrency exchange app. Unbeknownst to investors, the actual cryptocurrency exchange YiBit ceased operations in 2018. Money transfers to the phony app were stolen.
In another case detailed in the FBI report, phishers scammed 28 investors out of millions of dollars using the Supay brand associated with an Australian cryptocurrency company. The trick was performed between November 1st and November 26th and caused $3.7 million in losses.
These systems have been in place for years, but many incidents go unreported due to a lack of appropriate recourse, particularly in cryptocurrency-avoiding jurisdictions. Besides the US, investigations in other major jurisdictions, such as India, have previously uncovered sophisticated fake crypto application schemes. According to a report delivered in June by cyber-security organization CloudSEK, a recently discovered fake crypto app scheme with numerous cloned apps and domains caused. Indian investors to lose at least $128 million.
Distributing fake apps through official app stores
Fake crypto app scammers sometimes use official app stores to distribute shady apps. Some apps are designed to collect user credentials which are then used to unlock crypto accounts on their respective official platforms. It is used to store a variety of cryptocurrencies, but it steals funds once a deposit is made. While platforms like the Google Play Store constantly check apps for integrity issues, it’s still possible for some fake apps to slip through. One of the latest methods scammers use to achieve this is registering as an app developer with popular mobile app stores like Apple App Store and Google Play Store and then uploading legitimate-looking apps.
In 2021, a fake Trezor app created by SatoshiLabs posing as a wallet used this strategy to get released on both Apple App Store and Google Play Store. The app claimed to give users direct online access to their Trezor hardware wallets without having to plug their Trezor dongle into a computer. Victims who downloaded the fake Trezor app were required to submit their wallet seed phrase to use the service. A seed phrase is a string of characters that can be used to access a cryptocurrency wallet on the blockchain. The submitted details allowed the crooks behind the fake app to plunder users’ funds.
According to a statement from Apple, the fake Trezor app was released to its store through a deceptive bait-and-switch scheme. It is claimed that the app developers initially presented the app as a crypto app for encrypting files and later turned it into a cryptocurrency wallet app. Apple said it was not aware of the change until users reported it.
How to spot a fake crypto app
Fake cryptocurrency apps are designed to look like legitimate apps as much as possible. To avoid unnecessary losses, one must differentiate between legitimate and counterfeit apps for cryptocurrency investors. To consider when attempting to determine the authenticity of a mobile cryptographic application.
Spelling, icons, and description
The first step in determining if an app is legitimate is to check the spelling and icon. Fake apps often have a similar name and icon to legitimate ones, but something is often wrong. For example, if the app or developer names are misspelled, it is most likely a fake. A quick search of the application on the Internet will help confirm its legitimacy. It’s also important to consider whether the app has a Google Editor’s Choice badge.
Fake apps often request more permissions than necessary. This ensures they collect as much data as possible from victims’ devices. Therefore, users should be wary of apps that require licenses outside the center, such as B. Device administrator rights. The authorizations could give cybercriminals unrestricted access to a device and allow them to intercept sensitive data that can be used to unlock financial accounts, including crypto wallets. Intrusive app permissions can be blocked via a phone system’s privacy settings.
Confirming authenticity by contacting support
If you are unsure about an app, contacting support through the company’s official website can help prevent financial loss due to scams. Also, authentic apps can be downloaded from the company’s official website. Relatively new technologies support cryptocurrencies, so it is only natural that there will be teething troubles in usage and acceptance. Unfortunately, black hats have targeted naïve crypto enthusiasts with fake crypto apps in recent years. It will likely mitigate the problem in the long run.