2017 was a fruitful year for the digital currency industry. Because the rapid growth of the value of these currencies in that year, caused them to enter the mainstream media.
As expected, this attracted the attention of two groups of people: ordinary people and cybercriminals. The distinctive feature of anonymity in digital currencies made them popular with this group of criminals.
Because now they could go through traditional banking systems without revealing their identities and being caught by the law.
In this article, Kevin Nick discusses the common methods used by criminals to target digital currencies through cell phone scams.
Counterfeit applications for digital currency exchange
Poloniex is perhaps the clearest example of this scam. Prior to the official launch of the exchange’s trading app in 2018, Google Play had blacklisted several counterfeit apps.
The customers of this exchange entered these fake applications with their confidential information and then lost all their capital. Some of these apps even went so far as to ask for login information about people’s Google Accounts. It is important to note that only two accounts without two-step authentication were affected by this issue.
The way to deal
You can use the following ways to avoid scams on mobile phones:
- Be sure to check your official exchange site . Is there any trading app introduced in it. If so, open the link to the application from within the site.
- Review reviews and scores for each app. Scam apps often have bad reviews sent to them by other users. So be sure to review these comments before downloading the apps. In addition, pay attention to the scores and rankings done for each application. Fake and inefficient applications certainly have a bad rating.
- Check information about the application developer. Each valid application includes information about the manufacturer, email address and site. After obtaining this information, it is better to search the internet to confirm their authenticity and make sure that it is related to the exchange you want.
- Note the number of downloads. It is unlikely that official exchange-related applications will have very few downloads.
- Enable 2-step authentication in your account. Although enabling this option can not guarantee your security 100%, the mechanism of passing it is very difficult and can make a big difference in protecting your assets. In fact, even if the login information is leaked, it will still be difficult to bypass this security method.
Counterfeit wallet apps
There are many different types of counterfeit apps. One of the purposes of these applications is to obtain personal information of individuals such as wallet passwords and their private keys. In some cases, these applications send pre-generated public keys to the user. So he assumes that his investment is going to be deposited at this address.
However, they do not have access to private keys and can not reach the desired amount. Some of these counterfeit wallets are made for popular digital currencies such as Atrium and Neo. This led to a loss of capital for many users.
The way to deal
To avoid these applications, it is better to observe the following:
- The observance of what has been said in the previous section also applies here. One new tip, however, is to make sure that completely new URLs are generated when dealing with wallet apps. A valid wallet allows you to extract private keys. However, it is also important to note that the process of producing new keys is not compromised. Use open source software that is more secure as much as possible.
- Even if the app offers you a private key, you should check its public addresses and access to those addresses. For example, some Bitcoin wallets allow their users to enter a private key and access their funds. To reduce the risk associated with this, you must perform this operation on an offline computer (no internet connection).
Crypto Jacking applications
Crypto-jacking has always been a favorite of cybercriminals due to its barriers and very low overhead costs. In addition, with the help of cryptocurrencies, they can earn a steady income in the long run. Despite having less processing power than personal computers, most crypto-jacking attacks are now focused on cell phone scams.
In addition to using web browsers to organize these attacks, scammers also benefit from developing software, software, or training programs. Programs that are actually designed to run cryptocurrency extraction scripts behind the scenes.
There are also some cryptocurrency applications that are advertised as reputable miners . While the reward obtained from them goes directly to the developer account, not the user. Unfortunately, cell phone scams are becoming more and more sophisticated with this method. So now scammers are using algorithms to prevent their detection.
The way to deal
Crypto-jacking is very harmful for mobile devices. Because it reduces their efficiency and accelerates their wear and tear. Even these cell phones can be used as trojans. But what can we do to avoid getting caught up in this scam?
- Download apps only from reputable and official app stores like Google Play. Other applications have not been scanned for security reasons and they are very likely to have cryptocurrency scripts.
- Be aware of how your cell phone is consumed or overheated. If these problems exist, it is probably caused by one of the installed applications.
- Always update the phone and its applications to avoid the latest security changes.
- Use browsers that have a cryptocurrency security shield. You can also install plugins like MinerBlock, NoCoin and Adblock for your browser.
- If possible, install an antivirus for your mobile phone and always update it.
Miner Ramzarz Fake Apps
Some applications, while claiming to extract digital currency for their users, do nothing but display ads to them. In many ways, these apps encourage users to keep the app open. Because that way they make more money. In the meantime, some of them are even forcing users to vote for 5 stars. What is clear is that these applications do not work in the cryptocurrency extraction process at all and are not profitable for their users.
The way to deal
To combat this scam, you need to know that for most digital currencies, the mining process requires very powerful hardware. So a cell phone is unlikely to be enough. It is better to stay away from these applications and not to fall in love with them.
Clipper is a group of applications that are responsible for managing the memory of the clipboard. Some fake examples of these applications can replace URLs copied by you with URLs replaced by hackers. So by sticking this fake address in the destination box, you transfer your assets to hackers.
The way to deal
To avoid getting caught up in this scam, you can take some of the following precautions:
- Always check the address you copied again. Blockchain transactions are non-refundable. So you have to be very careful.
- It’s a good idea to look at all parts of the address, not just some. Some applications are so clever that they make the alternate address very similar to the original address.
SIM card replacement
In this way, the scammer can access the user’s phone number. They use social engineering techniques to trick mobile phone operators into issuing them new SIM cards. The most famous example of this scam involves a digital currency investor named Michael Terpin. According to him, AT&T has been negligent in handling his mobile phone documents and has lost his tokens worth more than one million US dollars.
By accessing your mobile phone number, any security barrier such as two-step authentication can be easily overcome. This will make your exchange account and wallet available to saboteurs.
Another method used by malicious people is to monitor your SIM card communications. Defects in communication networks can allow fraudsters to read your messages. Messages that may include your authentication codes.
The way to deal
The thing that scares these types of attacks is that ordinary users have no way to deal with it. For example, in other methods, you just need to avoid downloading fake software or clicking on fake links. But such solutions are not effective here. But the following can make it a little easier for you to think about cell phone scams this way:
- Use your mobile number to receive an authentication SMS . Instead, you can use apps like Google Authenticator or Authy to secure your account. Scammers will not be able to access these applications even if you have a mobile number. You can also use 2FA authentication hardware such as YubiKey.
- Never share your personal information such as your mobile phone number on social media. Scammers can use this information to your detriment.
- Never announce on social media that you are working in the field of digital currencies and that you have a few digital coins. Because then you have become a potential target. If you are in a situation where others know about this, then do not disclose information about the wallet or exchange you are using.
- Use the features of mobile operators to make it more secure. For example, you can use a PIN or password for your account. This way, only someone who knows this PIN can access and change your account.
Scammers are always on the lookout for cell phones. One of these points could be access via Wi-Fi waves. Public WiFi is very insecure and you have to be very careful to use it. Otherwise you run the risk of making your digital assets available.
Mobile phones have become an integral part of our lives today. One obvious fact at this time is that most people use smartphones more than desktops. This issue also attracts the attention of cyber criminals and leads them to mobile phone scams
In fact, these little tools are so tied to our digital identity that they can eventually be used against us and become our weakness.
Scammers are aware of this and are trying to exploit it. So making mobile phones safer is no longer just a choice. It has become a necessity.