Scammers have been taking advantage of the decentralized and immutable nature of blockchain to dupe crypto investors since the advent of technology.
And, according to the latest FBI fraud report, fraudsters are using fake crypto apps to steal money from crypto investors. This highlights that US investors have lost around $42.7 million from swindlers through fake apps.
The schemes take advantage of the increased interest in cryptocurrencies, especially during bull run runs, to defraud cryptocurrency users.
How Fake Crypto App Scammers Lure Users
Fake crypto app scammers use a myriad of techniques to lure investors. The following is a breakdown of some of them.
Social Engineering Schemes
Some fake crypto app scammers use social engineering strategies to lure network victims.
In many cases, fraudsters befriend victims through social platforms such as dating sites and then trick them into downloading apps that appear to be functional cryptocurrency trading apps.
The scammers then convince the users to transfer funds in the app. However, once transferred the funds are “locked in”, and the victims are never allowed to withdraw the money.
In some cases, scammers lure victims by using extremely high-yield claims. The trick ends when the victims realize that they cannot redeem their money.
Speaking to Cointelegraph earlier this week, Rick Holland, chief information security officer at Digital Shadows — a digital risk protection firm — outlined that social engineering is a top strategy among crooks because it requires minimal effort.
“It is far more practical and appealing to rely on the tried-and-true method of social engineering,” he said.
The cybersecurity manager said that social engineering makes it easier for scammers to target high-net-worth individuals.
recognizable brand name
Some fake crypto app scammers use recognizable brand names to promote fake apps because of their trust and authority.
In a case highlighted in the latest FBI crypto crime report, cybercriminals posing as WiBit employees recently defrauded investors of some $5.5 million after convincing investors to download the fake YiBit crypto trading app.
Unbeknownst to investors, the genuine YiBit crypto exchange firm ceased operations in 2018. Fund transfers done in the fake app were stolen.
In another case mentioned in the FBI report, phishers using the Supay brand name, which is linked to an Australian crypto company, duped 28 investors into millions of dollars. The move, which ran between November 1 and November 26, resulted in a loss of $3.7 million.
Such schemes have been going on for years, but many incidents go unreported due to the lack of proper recourse channels, especially in jurisdictions that eschew cryptocurrencies.
RECENT: How NFTs Can Increase Fan Engagement in the Sports Industry
Apart from the US, investigations in other major jurisdictions such as India have recently uncovered elaborate fake crypto app schemes.
According to a report published in June by CloudSEK cyber security company, a newly discovered fake crypto app scheme involving multiple cloned apps and domains resulted in losses of at least $128 million to Indian investors.
Distributing fake apps through the official app store
Fake crypto app scammers sometimes use official app stores to distribute dodgy applications.
Some apps are designed to collect user credentials which are used to unlock crypto accounts on the respective official platforms. Others claim to provide secure wallet solutions that can be used to store a variety of cryptocurrencies, but once deposited the funds are stolen.
While platforms like the Google Play Store constantly review apps for integrity issues, it’s still possible for some fake apps to slip through the cracks.
One of the latest methods used by scammers to accomplish this is by registering as app developers on popular mobile app stores such as the Apple App Store and Google Play Store and then uploading legitimate-looking apps.
In 2021, a fake Trezor app in the form of a wallet created by SatoshiLabs used this tactic to get published on both the Apple App Store and the Google Play Store. The app claims to provide users with direct online access to their Trezor hardware wallet, without requiring them to connect their Trezor dongle to a computer.
Victims who downloaded the fake Trezor app were forced to submit their wallet seed phrase to begin using the service. A seed phrase is a string of words that can be used to access a cryptocurrency wallet on the blockchain.
The details presented allowed the thieves behind the fake app to launder user money.
According to a statement made by Apple, the fake Trezor app was published on its store through a deceptive bait-and-switch maneuver. The app developers are alleged to have initially submitted the app as a cryptography application designed to encrypt files, but later changed to a cryptocurrency wallet app. Apple said that it was not aware of the change until users notified it.
Speaking to Cointelegraph earlier this week, Chris Kline, co-founder of Bitcoin IRA – a crypto retirement investment service – said that despite such incidents, major tech companies in the space were determined to fight fake crypto apps because of their integrity. Due to potential damage to . he said:
“Tech companies are always looking for better education and security for their users. The most iconic players today put safety at the forefront of their roadmap. Users need assurance that their digital assets are secure and that providers are putting security first.”
That said, the problem of fake apps is more prevalent in non-official app stores.
How to Detect Fake Crypto App
Fake cryptocurrency apps are designed to be as similar to legitimate apps as possible. As a crypto investor, one must be able to differentiate between legitimate and fake apps to avoid unnecessary losses.
The following is a breakdown of some of the things to consider when trying to ascertain the authenticity of a mobile crypto application.
Spelling, Symbols and Description
The first step in finding out if an app is legit is checking the spelling and icon. Fake apps usually have a name and icon that looks similar to legitimate, but usually something off.
For example, if the app or developer names are spelled wrong, the software is most likely to be counterfeit. A quick search about the app on the internet will help to confirm its validity.
It’s also important to consider whether the app has a Google Editor’s Choice badge. This badge is a distinction awarded by the editorial team of Google Play to recognize developers and apps with excellent quality. Apps with this badge are unlikely to be fake.
application permissions
Fake apps usually request more permissions than necessary. This ensures that they collect as much data as possible from the victims’ devices.
Thus, users should be wary of apps that require off-center permissions such as device administrator privileges. Such authorization can give cybercriminals access to a device and allow them to intercept sensitive data that can be used to unlock financial accounts, including crypto wallets.
Intrusive app permissions can be blocked through the privacy settings of the phone system.
number of downloads
The number of times an app has been downloaded is usually an indicator of how popular it is. Apps from reputable developers usually have millions of downloads and thousands of positive reviews.
In contrast, apps with only a few thousand downloads require more scrutiny.
Verifying authenticity by contacting support
If unsure about an application, contacting support through the company’s official website can help avoid financial losses due to fraud.
Apart from this, the authentic apps can be downloaded from the official website of the company.
Recent: Crypto transition stuns investors in the near term, but fundamentals remain strong
Cryptocurrencies rest on relatively new technology, so it is natural that beginners have problems when it comes to usage and adoption. Unfortunately, in recent years, Black Hats have targeted gullible crypto enthusiasts using fake crypto apps.
While the problem is likely to persist for many years, increased scrutiny by tech companies is likely to compound the issue in the long run.
