This is a guest post by Johnny Lyu, CEO, KuCoin
With the growing popularity and value of cryptocurrencies, there has been a corresponding increase in crypto scams – and mobile devices are certainly not left out of the mix. These scams can take many forms, but they all have one goal: to steal your hard-earned cryptocurrency.
What are – scams on mobile devices?
According to bankmycell.com, the number of smartphone users stands at around 6.64 billion, representing a smartphone penetration rate of 83.72%, or 83.72% of the world’s population owns a smartphone (via the phone numbers).
Some scams on mobile devices will try to trick you into giving them your personal information, such as your crypto exchange account or wallet keys. Others will try to get you to install malware on your device. Some will even just try to trick you into sending them cryptocurrency.
What are the different types of crypto device scams?
Cell phones are almost considered part of our bodies these days, and cybercriminals certainly know that. We always have our mobile devices with us and use them to access everything from cat videos to our most private data. We have tied bank and crypto exchange accounts, emails, and other sensitive data to our phones, making them an ideal target for crypto theft and fraud.
Mobile virus scams
A mobile virus is a type of malware that can infect your mobile device like a computer virus. While visiting certain websites on your phone, you may have seen a page alerting you that a scan of your phone revealed a virus infection, prompting you to take immediate action to download an antivirus application.
However, this app is actually malware or spyware that tries to infect other devices or hijack yours. This can cause scammers to gain access to all your passwords and accounts, including your crypto exchange accounts and crypto wallets.
The easiest way to protect yourself against these types of attacks is to ignore web pop-ups, but also to have cybersecurity on your phone.
Phishing and vishing
Phishing is a type of scam where the attacker tries to trick you into giving them your personal information by impersonating a legitimate website, app, or service. To do this, they create a fake login page that looks like the real one.
Phishing scams also happen via SMS messages, and they are also known as “smishing”. These scams try to get you to act on the sent text messages because they send the malicious links. If you open the link, your device is infected with malware or spyware.
Vishing is similar to phishing, but instead of using a fake website, the attacker will use a fake phone call or text message to try to trick you. These types of scams are becoming more and more common, as they can be very difficult to spot.
The best way to protect yourself from phishing scams is to make sure you’re using trusted websites and bookmark those that contain your sensitive information so you can access them quickly. When it comes to vishing attacks, the key is to never give out your personal information, even if the person or website appears legitimate.
Fake crypto apps
There are many types of fake crypto mobile apps created for the purpose of stealing your cryptocurrency. Some of the most important releases are:
- Fake exchange apps
- Fake wallet apps
- Fake Earning Apps
Fake exchange apps
Fake exchange apps are exactly what they sound like – mobile apps that scam crypto investors into thinking they are the real thing.
When it comes to protecting your crypto investments from such scams, there are several things you can do, namely:
- Use two-factor authentication (2FA) – it is important to say that in our example above, crypto was only stolen from accounts that did not have 2FA enabled. Although 2FA is not impenetrable, it is a great help because scammers will have a hard time circumventing it even if they have your exchange login credentials.
- Check the validity of the application you download. You can do this by checking the number of downloads, reviews, and ratings — fake apps either have reviews where people complain they’ve been scammed, or perfectly flawless ratings. Moreover, legit apps are developed by legit companies and you can check the developers in the information provided on the app store. Moreover, you can go to the official website of the exchange and check if the app they offer matches the app on the mobile app store.
Fake wallet apps
Another category of crypto-related mobile apps that are often used to scam investors are fake wallets. Although there are many types of cryptocurrency wallets, the most popular are mobile wallets because they offer more convenience.
As crypto values have risen in recent years, scammers have taken advantage of this and created many fake versions of popular cryptocurrency wallets such as MetaMask, Exodus, Jaxx, Coinomi, and Ledger.
To avoid being scammed by a fake wallet app, you must:
- Check if the wallet app generates new addresses before importing yours – if and once a new address is generated, you can check if the generated wallet exists (most fake apps also simulate the creation part of wallet).
- Use all the tips highlighted in the fake exchange apps section.
Fake Earning Apps
Another category of malicious cryptographic mobile apps are so-called money-making apps. The premise of these apps is usually that they offer users a way to earn cryptocurrency by performing certain tasks. These apps usually pose as giveaways or fake high-yielding apps.
In reality, however, most of these money-making apps are simply scams created for the sole purpose of stealing people’s crypto.
To avoid being scammed by a fake earning app, you should look for red flags, such as high rewards in exchange for no work. You can also check the validity of the app by checking its ratings, developers, etc.
Another category of malicious crypto apps that we will mention are cryptojacking apps. Cryptojacking is a type of attack where the attacker uses your device to mine cryptocurrency without your knowledge or permission.
Although most commonly associated with websites, cryptojacking can also be done through mobile apps. For example, there was an incident involving the popular game Fortnite where a cryptojacking script was injected into the game.
To avoid being scammed by a cryptojacking application, you must:
- Check the permissions requested by the application. For example, an app that wants to mine cryptocurrency will most likely need access to your device’s CPU and GPU.
- Check if your mobile device is overheating because mining is a very power-intensive task.
- Install a mobile antivirus that will help you detect malware.
Lawn mower applications
The next category of malicious crypto mobile apps are clipper apps. Clipper apps are designed to replace your cryptocurrency wallet address with the attacker’s address. For example, if you copy and paste your Bitcoin address to send BTC to a friend, a clipper app will replace that address with the attacker’s address instead.
To avoid being scammed by a clipper application, you must:
- Check the address you are sending your cryptocurrency to.
- Install a mobile antivirus that will help you detect malware.
SIM card swap apps
SIM swapping is a type of attack where the attacker tricks your mobile service provider into transferring your phone number to a SIM card they control. Once the attacker has your phone number, they can use it to reset your passwords and access your online accounts.
To avoid being scammed by a SIM card swap app, you must:
- Use two-factor authentication (2FA) whenever possible. However, one thing to note is that you should avoid using a 2FA mobile phone. Instead, you should rely on apps such as Google Authenticator, as they are much more secure.
- Avoid sharing your phone number on social media, as cybercriminals could use the information they find to impersonate you and steal your crypto.
- Be aware of any suspicious activity on your mobile device, such as unexpected text messages or calls.
While not exclusive to the cryptocurrency space, another thing to consider are WiFi breaches. Wi-Fi breaches occur when a criminal gains access to your Wi-Fi network and uses it to eavesdrop on your traffic.
If you are using a public WiFi network, it is especially important to be aware of this, as criminals could use it to intercept any crypto transactions you make.
To avoid being a victim of a Wi-Fi scam, you must:
- Avoid using public WiFi networks to transact cryptocurrency. Also, you should avoid connecting to unsecured WiFi networks if you hold a lot of cryptocurrency in your cell phone wallets.
- Use a Virtual Private Network (VPN) whenever possible to encrypt your traffic and prevent criminals from intercepting your data.
- Be aware of any suspicious activity on your network, such as unexpected devices or traffic.
Protect yourself in the tough world of crypto scams
As you may have noticed, each scam has its unique quirk or feature, but they all share a common goal and similar modes and methods of operation. New types of scams appear regularly, so you’ll need to be prepared – however, the use of standard security practices doesn’t change all that often.
Make sure you are aware of what information you have on your phone, who you share it with (directly or indirectly), and avoid apps or websites that you are not 100% sure are not scams.