2017 is a special year for the global cryptocurrency market. For the first time the general population became interested in them. Alas, people still have pretty bad computer competence and often neglect their network security. So it is not surprising that the number of those who decided to cash in on the risen number of users has rapidly increased. And as one of their main goals, these individuals have chosen smartphones.
There were quite a few reasons for this. The main one: if a person is interested in cryptocurrency, then he/she must have a smartphone, but computer competence is not necessary. And yes, these gadgets are far more vulnerable to direct hacker attacks. However, the main reason for the loss of savings is not targeted hacking, but their own negligence. That is why you need to know about the exact techniques used by scammers, as well as how to resist them.
Applications for cryptocurrency exchanges
For a long time, access to them was provided exclusively through PCs and laptops. But recently, it has become possible to monitor the situation using specialized smartphone apps. And this was precisely the main problem.
Fraudsters created websites that thoroughly imitate official ones. The quality of these fakes was high enough to make it almost impossible to distinguish them. But the email was different, albeit very similar. Careless users registered on false websites, entering their information and providing access to wallets, and naturally lost their savings. Alas, such fakes were repeatedly found even in the official Google Play store. Some even requested Google account information. However, those whose accounts were protected by two-factor authentication almost never became victims.
What to do to avoid it:
- Always use only the verified official website of the exchange. Download all additional apps only from there.
- If you download from other sources — always check the rating and reviews. Deceived people do not hesitate to express everything they think about the fake and its creators. At the same time, you better not trust applications with only positive reviews since they can be bought. But the number of downloads is a fairly objective indicator since it is quite difficult to fake it.
- Always check the information specified in the app. If it does not match the indicated on the official exchange website, this is a fake. Do not be afraid to write to or call the specified contacts to verify their authenticity.
- Always protect your account with 2FA. This won’t guarantee you an absolute security, but it will seriously complicate the work of scammers.
Crypto Wallet Apps
Some applications specialize in stealing passwords for crypto wallets and private keys. As a rule, they use public keys entered somewhere else before to simulate authenticity, so you can deposit money to them. But when you try to withdraw, nothing comes out, and the private key and password go to scammers. Such false wallet apps are created for almost all popular cryptocurrencies, such as Ethereum or Neo.
What to do to avoid it:
- All recommendations regarding apps for cryptocurrency exchanges are relevant.
- An authentic wallet generates new public and private keys at the first launch and does not require entering existing ones. Of course, you can import already existing data afterwards, but before that you should make sure that the keys issued are really valid.
- Even if the provided private key seems to be valid, one more check is needed. To do this, you have to disconnect the gadget from the Internet, which automatically puts the wallet into “cold” mode. But at the same time, it should be possible to log into your own existing wallet through a private key since, as you know, each node stores data about the entire cryptocurrency network. If you can go offline, then you’re good. If not, the application is fake.
It is the most common cryptocurrency fraud method today. Software that seem to perform the declared functions, while mining in the background. Yes, the computing power of smartphones is still lower than that of standard computers, but they still provide a long-term and stable, albeit small, income to scammers due to their quantity. Dangerous not because of the direct theft of funds, but due to the fact that mining devices wear out faster.
Fakes of official mining apps that do not allow you to withdraw earned money is another interesting alternative. Only “developers” have access to such apps.
What to do to avoid it:
- Download all applications only from official websites — only there you can be sure that the app is checked for hidden miners.
- If the phone starts to discharge too fast or overheats — this is a sign that the app is possibly used for cryptojacking. Open the system tray to check what exactly consumes a large amount of your system resources.
- Quickly update the device and services — antiviruses prevent cryptojacking quite well. Mining can even be done with browsers, so use extensions that will guarantee your protection — MinerBlock, NoCoin and Adblock.
Fake Mining Applications
Despite the fact that the power of smartphones is constantly growing, using them for mining is still inefficient. This, however, did not stop fraudsters from creating fakes that imitate the process very accurately. They also make users leave positive feedback because this is supposedly the only way to withdraw funds. Of course, it’s all lie. It’s easy to avoid — do not download such apps. So far, profitable mining from smartphones, even the latest generation, is impossible.
Programs that change the address that you copy and paste. They work not only with emails but also with transaction keys. It’s easy to avoid: always re-check the entered text, do not rely on copy-paste and auto-complete. And check it completely, as advanced clippers can use addresses and numbers similar to the ones you enter.
SIM card swap
It’s not necessary to get physical access to the SIM card, though it is also possible. But much more often, attackers using social engineering methods convince mobile operators to issue new SIM cards in exchange for allegedly lost ones. And, of course, transfer all available useful data. This allows you to deceive the two-factor identification system and gain access to crypto wallets.
The most famous example of such fraud is the case of Michael Turpin, who lost cryptocurrency for a total value of $20 million due to such a SIM card swap.
It also includes the direct interception of SMS, which is the second authentication factor. It’s hard but real. Especially if the operator does not really care about protecting open data channels.
What to do to avoid it:
- Do not use your official phone number for two-factor authentication and access to crypto wallets. Use either your second number or special apps that mimic it, such as Google Authenticator or Authy. Better yet, hardware 2FA tools like YubiKey or Google Titan.
- Do not disclose confidential data — phone number, mother’s maiden name, age, etc.
- Do not really spread the news that you are dealing with cryptocurrency. The less outside attention you get, the better.
- Agree with your operator about protecting your phone number in advance. Special PIN codes, passphrases and passwords. And even better — demand personal presence during any changes.
Here you just need to remember that it’s better not to use public Wi-Fi spots at all when dealing with cryptocurrency — you never know about every hidden danger. However, there are certain precautions that will help avoid problems, but more on that in a separate article.
As already mentioned, the main reason for the loss of cryptocurrency funds is computer incompetence and carelessness. These human qualities are much easier to use than the classic “hacking methods”. So be careful and always watch out for the protection of your smartphones, rather than hoping that “automation can handle everything”.