Most Common Crypto Scams on Mobile Devices

And again, let’s go back to 2017, which was an excellent year for the cryptocurrency industry. The rapid price rise attracted media attention, which generated huge interest from both the general public and cybercriminals. The relative anonymity of cryptocurrency has made it a very interesting option for those who use it to bypass traditional banking systems and avoid financial oversight by regulators.

Considering that people still spend most of their time using their smartphones, not their PCs, it is not surprising that cybercriminals and scammers have focused their attention on it. Let’s take a look at how scammers use cryptocurrency holders’ smartphones and tell you about a few steps you can take to protect yourself.

Fake apps

Fake cryptocurrency exchanges

The most famous example of such software is the mobile application for accessing your Poloniex account. Prior to the launch of the official version in July 2018, Google Play already had several fake apps designed to be indistinguishable from the original.

Many users who downloaded and installed these programs compromised their login credentials, and their cryptocurrency was stolen. Some apps went further and started asking for a Gmail account. It is important to note that all of the victims’ accounts were without two-factor authentication (2FA).

You can ensure your safety by doing the following:

  • Visit the official website of the crypto exchange to make sure they actually have a mobile app. If so, use the link provided on their website.
  • Read reviews and ratings. Fake apps often have many bad reviews from scam victims, so be sure to check this before installing. However, it would be best if you were also skeptical about apps with only positive ratings and comments.
  • Check the information about the app developer, company, email address, and website. You need to make sure that the application is indeed associated with the crypto exchange.
  • Activate 2FA in your account. This will not protect your account 100%, but it will be much more difficult for crypto scammers to access it, and it can significantly help protect your funds.

Fake crypto wallets

There are many different fake apps out there. The idea is to get personal information from users, such as wallet passwords and private keys. In some cases, such applications provide previously generated public addresses, and they assume that users can make a deposit to them. However, they do not get access to the private keys and therefore do not own the funds they could send.

Such fake wallets were created exclusively for the most popular cryptocurrencies such as BTC, ETH, ADA, and unfortunately, many users became victims of this fraud.

What can be done to avoid these scams:

  • When working with wallets, you should consider that when you first start, you should receive a new public address and a private key (or mnemonic phrases).
  • A real wallet application allows you to export private keys, but you should also make sure that the generation of the new key has not been compromised. Therefore, you should use software with an excellent reputation and preferably open source.
  • Even if the app provides you with a private key, you must make sure that you can access your wallet with it. For example, some Bitcoin wallets allow users to import their private keys or phrases to visualize addresses and access funds. To minimize the risk of keys and phrases being compromised, you can do this on a PC with a disconnected network.

Cryptojacking

Cryptojacking is the unauthorized use of someone else’s PC or a smartphone to mine cryptocurrency. Hackers do this by either forcing the victim to click a malicious link in an email that downloads the crypto mining code on the device or by infecting a website or online ad with JavaScript code that is automatically launched after being downloaded in the victim’s browser.

Cryptojacking can be incredibly dangerous for your mobile devices as it can ruin your processor and battery. What is more, it can act as a Trojan in addition to other viruses.

Follow these steps to protect your mobile device and your cryptocurrency:

  • Only download apps from official sources like Google Play and Apps Store. Illegal software is not pre-checked and most likely contains a script with cryptojacking.
  • Pay attention to the performance of your smartphone in case of rapid battery discharge or overheating. Did you notice something like this? First of all, you should quit all open applications.
  • Update your device and apps regularly.
  • Install particular extensions such as MinerBlock, NoCoin, and Adblock.
  • If possible, install an antivirus on your smartphone and update it regularly.

Fake mining apps

Some of the programs that “mine cryptocurrency” for their users actually do nothing but display advertisements.

To protect yourself from such fraud, it should be understood that mining requires highly specialized equipment (ASIC), which means that it is impossible to mine on a mobile device. Whatever amounts you get there, they are worthless and mean nothing. Stay away from apps like this; never download something like that.

These are programs that change the address that you copy and replace it with another. Thus, although the victim can copy the correct recipient address to process the transaction, it is replaced with the scammer’s address.

What can be done?

  • Always double-check the address you insert in the recipient field. All transactions on the blockchain are irreversible, so you should always be careful.
  • It is best to check the full address, not just parts of it. Some apps use addresses that are very similar to your recipient address.

SIM swap scam

A SIM card is a small plastic chip that tells your device which cellular network to connect to and which number to use. We rarely think about SIM cards, except maybe when we get a new phone, and that’s the point.

Scammers always try to find a new way to get your attention and trick you into handing over sensitive data. For example, at the onset of the Covid-19 pandemic, phone calls and text messages offered cures and access to test kits, but in the end, all the scammers wanted was personal information.

SIM swap scam occurs when someone contacts your wireless carrier and can convince the call center employee that they are, in fact, you and use your sensitive data.

Once cybercriminals gain access to your number, they can use it to bypass any 2FA, after which they access your wallets and accounts on crypto exchanges.

What should be done:

  • Don’t use your primary mobile number for SMS 2FA. Instead, use apps like Google Authenticator or Authy to protect your account. In this case, cybercriminals will not gain access to information even if they have your phone number.
  • Do not share your personal information on social media. It can always be used against you.
  • Do not advertise on social media that you have cryptocurrency, as this will immediately make you a target.
  • Talk to your mobile provider about how you can protect your mobile number. It can be a pin code or password, indicating that only those who know it can make changes to your account. In addition, you can agree that changes should only be made in your presence.

WiFi

Cybercriminals and crypto scammers are constantly looking for weak points in your mobile devices. One such weak point is accessing the internet using WiFi. Public Internet hotspots are insecure, and you must be careful before connecting. Otherwise, you risk providing access to your device’s data.

Mobile phones have long been an integral part of our lives. They are so strongly associated with a digital identity that they can become your weak point. Cybercriminals and crypto scammers are aware of this and will continue to look for new ways to steal your cryptocurrency. Protecting your mobile devices has become a necessity. You should always be on the lookout!