Fraudsters have been exploiting the decentralized and immutable nature of the blockchain to defraud crypto investors since the technology’s inception.
And, according to the FBI’s latest fraud report, scammers are using fake crypto apps to steal money from unsuspecting cryptocurrency investors. He points out that American investors lost about 42.7 million dollars due to fraudsters through fake applications.
The schemes allegedly take advantage of increased interest in cryptocurrencies, especially during bull markets, to defraud cryptocurrency users.
How fraudsters with fake crypto apps lure users
Fraudsters with fake crypto apps use countless techniques to lure investors. The following is an overview of some of them.
Social engineering schemes
Some fake crypto app fraud networks use social engineering strategies to lure victims.
In many cases, fraudsters befriend victims through social platforms such as dating sites and then trick them into downloading apps that look like functional cryptocurrency trading apps.
Scammers then convince users to transfer funds to the app. However, the funds are “locked” once the transfer is made, and victims are never allowed to withdraw the money.
In some cases, fraudsters lure victims using unusual, high-yield claims. The fraud ends when the victims realize that they cannot redeem their funds.
Speaking to Cointelegraph earlier this week, Rick Holland, chief information security officer at Digital Shadows — a digital risk protection company — emphasized that social engineering remains a top strategy among fraudsters because it requires minimal effort.
“Relying on the proven method of social engineering is much more practical and profitable,” he said.
The cyber security manager added that social engineering makes it easier for fraudsters to target high net worth individuals.
Some fake crypto app scammers have resorted to using recognizable brands to promote fake apps because of the trust and authority they command.
In one case highlighted in the FBI’s latest crypto crime report, cybercriminals posing as YiBit employees recently defrauded investors out of about $5.5 million after convincing them to download a fake YiBit crypto trading app.
Unbeknownst to investors, the real YiBit crypto exchange company went out of business in 2018. Fund transfers made to the fake app were stolen.
In another case cited in the FBI report, phishers using the Supay brand, which is affiliated with an Australian crypto company, defrauded 28 investors out of millions of dollars. The stunt, which ran between November 1 and 26, caused losses of $3.7 million.
Such schemes have been going on for years, but many cases go unreported due to a lack of proper recourse channels, especially in jurisdictions that shun cryptocurrencies.
Recently: How NFTs Can Drive Fan Engagement in the Sports Industry
In addition to the US, investigations in other major jurisdictions, such as India, have in the recent past uncovered elaborate fraudulent crypto application schemes.
According to a report published by cybersecurity firm CloudSEK in June, a newly discovered fake crypto app scheme involving numerous cloned apps and domains has resulted in Indian investors losing at least $128 million.
Distribution of fake apps through official app stores
Fake crypto app scammers sometimes use official app stores to distribute suspicious apps.
Some of the apps are designed to collect user credentials which are then used to unlock crypto accounts on the respective official platforms. Others claim to offer secure wallet solutions that can be used to store various cryptocurrencies, but steal the funds once they are deposited.
While platforms like the Google Play Store constantly review apps for integrity issues, it’s still possible for some rogue apps to slip through the cracks.
One of the latest methods used by fraudsters to achieve this is to register as an app developer in popular mobile app stores such as the Apple App Store and Google Play Store, and then upload apps that look legitimate.
In 2021, a fake Trezor app masquerading as a wallet created by SatoshiLabs used this strategy to publish on the Apple App Store and Google Play Store. The app claimed to provide users with direct online access to their Trezor hardware wallets without the need to connect their Trezor key to a computer.
Victims who downloaded the Trezor fake app were required to submit their wallet passphrase to start using the service. A seed phrase is a string of words that can be used to access a cryptocurrency wallet on the blockchain.
The details sent allowed the crooks behind the fake app to steal the user’s funds.
According to a statement given by Apple, the fake Trezor app was published on its store through a fake bait-and-switch maneuver. The app developers are said to have initially shipped the app as a cryptographic app designed to encrypt files, but later turned it into a cryptocurrency wallet app. Apple said it was not aware of the change until users reported it.
Speaking to Cointelegraph earlier this week, Chris Kline, co-founder of Bitcoin IRA — a crypto retirement investment service — said that despite such incidents, major tech companies in the space were determined to fight fake crypto apps due to possible damage to their integrity. . He said:
“Tech companies are always looking for better education and security for their users. The most reputable players today put security at the forefront of their plans. Users need reassurance that their digital assets are secure, and service providers care about security.”
Additionally, the fake app problem is prevalent in unofficial app stores.
How to recognize a fake crypto application
Fake cryptocurrency apps are designed to look as much like legitimate apps as possible. As a crypto investor, a person should be able to distinguish between legitimate and fake apps to avoid unnecessary losses.
The following is an overview of some things to look out for when trying to determine the authenticity of a mobile crypto app.
Spelling, icons and description
The first step in determining if an app is legitimate is to check the spelling and icon. Fake apps usually have a name and icon that look similar to the legitimate ones, but something is usually off.
If the app or developer names are misspelled, for example, the software is most likely fake. A quick search about the app online will help confirm its legitimacy.
It’s also important to consider whether the app has a Google Editor’s Choice tag. The badge is a distinction given by the Google Play editorial team to recognize developers and apps of outstanding quality. Apps with this badge are probably not fake.
Fake apps usually ask for more permissions than necessary. This ensures that they collect as much data as possible from the victims’ devices.
As such, users should be wary of apps that require permissions outside of the center, such as device administrator privileges. Such authorizations could give cybercriminals unfettered access to the device and allow them to intercept sensitive data that can be used to unlock financial accounts, including crypto wallets.
Permissions for intrusive apps can be blocked through the phone system’s privacy settings.
Number of downloads
The number of downloads of an app is usually an indicator of how popular it is. Apps from reputable developers usually have millions of downloads and thousands of positive reviews.
Conversely, apps with only a few thousand downloads require more monitoring.
Authentication by contacting support
If you are unsure about the app, contacting support through the company’s official website can help you avoid financial losses due to fraud.
Furthermore, the authentic applications can be downloaded from the official website of the company.
Related: Crypto contagion deters investors in short term, but fundamentals remain strong
Cryptocurrencies are backed by relatively new technology, so it’s only natural that there are issues when it comes to usage and adoption. Unfortunately, in recent years, black hats have targeted naive crypto enthusiasts using fake crypto apps.
Although the problem will likely persist for several years, increased oversight by tech companies will likely alleviate the problem in the long run.