Since the advent of the technology, scammers have been leveraging the decentralized and immutable nature of blockchain to scam crypto investors.
And according to the latest FBI fraud report, fraudsters are using fake crypto apps to steal money from unsuspecting crypto investors. It highlights that US investors have lost about $42.7 million to scammers through fake apps.
The schemes are reportedly taking advantage of the heightened interest in cryptocurrencies, especially during bull market runs, to entice crypto users.
How fake crypto app scammers lure users
Fake crypto app scammers use numerous techniques to entice investors. The following is a breakdown of some of them.
Social engineering schemes
Some fake crypto app scam networks use social engineering strategies to trick victims.
In many cases, the fraudsters befriend victims through social platforms such as dating sites and then trick them into downloading apps that appear to be functional cryptocurrency trading apps.
The scammers then convince users to transfer funds to the app. However, the money is “locked up” once the transfer is made, and the victims are never allowed to withdraw money.
In some cases, the scammers lure victims with bizarre high-yield claims. The ruse comes to an end when the victims realize they can’t redeem their money.
Rick Holland, chief information security officer of Digital Shadows – a digital risk protection company – emphasized with Cointelegraph earlier this week that social engineering remains a top strategy among scammers because it requires minimal effort.
“Relying on the proven method of social engineering is much more practical and lucrative,” he said.
The cybersecurity manager added that social engineering makes it easy for scammers to target high net worth individuals.
Recognizable brand names
Some fake crypto app scammers have resorted to using recognizable brand names to push fake apps because of the trust and authority they exercise.
In one case highlighted in the FBI’s latest crypto crime report, cybercriminals masquerading as YiBit employees recently tricked investors out of some $5.5 million after convincing them to buy a fake YiBit crypto. trading app download.
Unbeknownst to the investors, the de facto YiBit crypto exchange company ceased operations in 2018. Transfers to the fake app were stolen.
In another case outlined in the FBI report, phishers using the Supay brand name, which is associated with an Australian crypto firm, defrauded 28 investors out of millions of dollars. The ploy, which ran between November 1 and November 26, caused $3.7 million in losses.
Such schemes have been going on for years, but many incidents go unreported due to the lack of proper story channels, especially in jurisdictions that shun cryptocurrencies.
Recent: How NFTs Can Increase Fan Engagement in the Sports Industry
In addition to the US, investigations in other major jurisdictions such as India have revealed extensive fake crypto app schemes in the recent past.
According to a report published in June by cybersecurity firm CloudSEK, a newly discovered fake crypto app scheme with numerous cloned apps and domains caused Indian investors to lose at least $128 million.
Distribute fake apps through official app stores
Fake crypto app scammers sometimes use official app stores to distribute untrustworthy applications.
Some apps are designed to collect user credentials which are then used to unlock crypto accounts on corresponding official platforms. Others claim to provide secure wallet solutions that can be used to store a wide variety of cryptocurrencies, but steal funds once a deposit is made.
While platforms like Google Play Store constantly review apps for integrity issues, it’s still possible for some bogus apps to slip through the cracks.
One of the latest methods used by scammers to achieve this is to register as app developers in popular mobile app stores like the Apple App Store and Google Play Store and then upload legitimate looking apps.
In 2021, a fake Trezor app masquerading as a wallet created by SatoshiLabs used this strategy to get published in both the Apple App Store and the Google Play Store. The app claimed to provide users with direct online access to their Trezor hardware wallets without connecting their Trezor dongle to a computer.
Victims who downloaded the fake Trezor app were required to submit their wallet seed sentence in order to start using the service. A seed phrase is a series of words that can be used to access a cryptocurrency wallet on the blockchain.
The details submitted allowed the thieves behind the fake app to loot user funds.
According to a statement from Apple, the fake Trezor app was published in its store through a deceptive bait-and-switch maneuver. The app developers are said to have initially submitted the app as a cryptography application designed to encrypt files but later turned it into a cryptocurrency wallet app. Apple said it was not aware of the change until users reported it.
Chris Kline, co-founder of Bitcoin IRA – a crypto retirement investment service – told Cointelegraph earlier this week that despite such incidents, major tech companies in the space were resolute in fighting fake crypto apps because of the potential damage to their integrity. He said:
“Tech companies are always looking for better education and better security for their users. Today’s most renowned players put security at the forefront of their roadmaps. Users need the reassurance that their digital assets are safe and that providers are committed to security.”
That said, the fake app problem is more common in unofficial app stores.
How to spot a fake crypto app
Fake cryptocurrency apps are designed to resemble legitimate apps as closely as possible. As a crypto investor, one should be able to distinguish between legitimate and fake apps to avoid unnecessary losses.
The following is an overview of some of the things to keep in mind when establishing the authenticity of a mobile crypto application.
Spelling, Icons and Description
The first step to determine if an app is legit is to check its spelling and icon. Fake apps usually have a name and icon similar to the legitimate ones, but something is usually wrong.
For example, if the app or developer names are misspelled, the software is most likely fake. A quick search for the app on the internet will help confirm its legitimacy.
It’s also important to consider whether the app has a Google Editor’s choice badge. The badge is an award given by the Google Play editorial team to recognize developers and apps of outstanding quality. Apps with this badge are probably not fake.
App permissions
Counterfeit apps usually ask for more permissions than necessary. This ensures that they extract as much data as possible from victims’ devices.
As such, users should be wary of apps that require off-center permissions, such as device administrator privileges. Such authorizations can give cyber criminals unfettered access to a device and allow them to intercept sensitive data that can be used to unlock financial accounts, including crypto wallets.
Intrusive app permissions can be blocked through a phone system’s privacy settings.
The number of downloads
The number of times an app has been downloaded usually indicates how popular it is. Apps from reputable developers typically have millions of downloads and thousands of positive reviews.
Conversely, apps with only a few thousand downloads require more control.
Confirm authenticity by contacting support
If you are not sure about an application, you can contact support through the company’s official website to avoid financial losses due to fraud.
In addition, authentic apps can be downloaded from a company’s official website.
Recent: Crypto Contagion Scares Short-Term Investors, But Fundamentals Remain Strong
Cryptocurrencies are backed by relatively new technology, so it’s only natural that there are teething problems when it comes to usage and adoption. Unfortunately, in recent years, black hats have targeted naive crypto enthusiasts using fake crypto apps.
While the problem is likely to persist for several more years, increased oversight by tech companies is likely to dampen the problem in the long run.