Since blockchain technology’s advent, scammers have taken advantage of its decentralized nature and immutability to defraud crypto investors.
Fraudsters are stealing money from unsuspecting crypto investors using fake crypto apps, according to the FBI fraud report. Approximately $42.7 million has been lost by American investors to scammers through fake apps, according to the study.
Crypto users are reportedly manipulated by the schemes during bull market runs during which interest in cryptocurrencies is heightened.
How fake crypto app scammers lure users
Various techniques are used by scammers to entice investors into investing in fake crypto apps. Below is a breakdown of some of them.
Social engineering schemes
Social engineering strategies are sometimes used by fake crypto app scammer networks to lure victims.
It is not uncommon for fraudsters to approach their victims through social platforms such as dating websites before tricking them into downloading cryptocurrency trading apps that appear to be functional.
Users are then convinced to transfer funds to the app by scammers. It should be noted, however, that once the transfer is made, the funds are “locked in” and cannot be withdrawn by the victims.
It is not uncommon for scammers to lure victims using outlandish claims of high yields. Victims realize they cannot redeem their funds when they realize the scam is over.
A digital risk protection firm’s chief information security officer, Rick Holland, told Cointelegraph earlier this week that social engineering remains a top criminal strategy because it requires little effort.
Using the tried-and-true method of social engineering is far more profitable and practical.
Scammers can easily target high-net-worth individuals through social engineering, according to the cybersecurity manager.
Recognizable brand names
Fake crypto app scammers push fake apps using recognizable brands because of their trust and authority.
According to the FBI’s latest crypto crime report, cybercriminals pretending to be YiBit employees scammed investors out of $5.5 million after convincing them to download a bogus YiBit crypto trading app.
Investors were unaware that YiBit’s actual crypto exchange firm ceased operations in 2018. The fake app stole funds transferred to it.
FBI report details another instance of phishers misappropriating millions of dollars from 28 investors using the Supay brand name associated with an Australian crypto company. Losses of $3.7 million were caused by the ploy, which ran between Nov. 1 and Nov. 26.
The lack of recourse channels, particularly in jurisdictions that avoid cryptocurrencies, has led to many of such schemes going unreported for years.
The U.S. is not the only major jurisdiction to have uncovered elaborate fake crypto app schemes in the recent past. India is also one of them.
Indian investors have lost at least $128 million to a newly discovered fake crypto app scheme involving hundreds of cloned apps and domains, according to a report by the cybersecurity company CloudSEK.
Distributing fake apps through official app stores
Scammers sometimes distribute fake crypto apps through official app stores.
Users’ credentials can be collected via some of the apps and then used to unlock crypto accounts on corresponding platforms. Many other sites claim to offer secure wallet solutions that can store a wide range of cryptocurrencies, but they steal funds after you deposit them.
It is still possible for some fake applications to slip through the cracks on platforms such as Google Play Store, which constantly reviews apps for integrity issues.
Scammers have been using popular app stores, like the Apple App Store and Google Play Store, as platforms to upload legitimate-looking apps under the guise of app developers.
By using this strategy, a fake Trezor wallet created by SatoshiLabs got published on both Apple’s App Store and Google Play Store in 2021. Rather than requiring a computer connection to access Trezor hardware wallets, the app stated users could access them directly online.
When victims downloaded the fake Trezor app, they were asked to enter the seed phrase for their wallet before using it. You can use a seed phrase to access a blockchain wallet to access cryptocurrencies.
As a result of the submitted details, the thieves behind the fake app were able to steal money from users.
It appears that Apple published the fake Trezor app on its store in a deceptive bait-and-switch manner. It is alleged that the app was initially submitted as a cryptography app designed to encrypt files before being converted into a cryptocurrency wallet application. Users informed Apple about the change before the company was aware of it.
In an interview with Cointelegraph earlier this week, Bitcoin IRA co-founder Chris Kline said the crypto industry was resolute in its fight against fake crypto apps to protect their integrity despite such incidents. He said:
“It is always a priority for tech companies to provide their users with better education and security. Several of the most reputable players today place security at the forefront of their roadmaps. The users need assurance that their digital assets are safe, and the providers need to keep security in mind.”
That said, the fake app problem is more prevalent in non-official app stores.
How to spot a fake crypto app
In order to fool users, fake crypto apps are designed to resemble legitimate ones as closely as possible. The ability to distinguish between legitimate and fake apps is essential to avoiding unnecessary losses as a crypto investor.
Ascertaining the authenticity of a mobile crypto application can be difficult, so here are a few things to look out for.
Spelling, icons, and description
Checking the spelling and icon of an app is the first step in making sure it is legitimate. There is usually something off about fake apps, but the name and icon look similar to those of genuine ones.
It’s most likely that the software is bogus if the developer or app names are misspelled, for instance. Confirming the legitimacy of the app can be done by searching the internet for information about it.
A Google Editor’s choice badge may also be an important consideration. Developers and apps with outstanding quality are recognized by the Google Play editorial team with this badge. It is unlikely that fake apps will be found with this badge.
Application permissions
There is often a request for more permissions than is necessary with counterfeit apps. They do this so they can collect the maximum amount of information from the victims’ devices.
Users should therefore refrain from installing apps requiring off-center permissions, such as device administrator privileges. It is possible that criminals could exploit such authorizations to gain access to a device and intercept sensitive data, including cryptocurrency wallets, that could lead to the unlocking of financial accounts.
In the privacy settings of a phone system, you can block intrusive app permissions.
The number of downloads
An app’s popularity is usually determined by the number of times it has been downloaded. The majority of apps developed by reputable developers receive millions of downloads and thousands of positive reviews.
In contrast, apps with fewer than 1,000 downloads should be scrutinized more closely.
Confirming authenticity by contacting support
A company’s official website might be a good place to get help if you are unsure about an application.
The official website of a company can also be used to download authentic apps.
Since cryptocurrencies are based on relatively new technology, there are bound to be teething problems as they are adopted and used. In recent years, fake crypto apps have been used by black hats to target naive crypto enthusiasts.
Long term, increasing scrutiny by tech companies will likely temper the problem, even though it is likely to persist for several years.
