How to Protect Your Mobile Device from Crypto Scams?

This is a Guest Post By Johnny Lyu, CEO, KuCoin

With the increasing popularity and value of cryptocurrencies, there has been a corresponding increase in crypto scams – and mobile devices are certainly not excluded from the mix. These scams can take many forms, but they all have one goal: stealing your hard-earned cryptocurrency.

What are -;Mobile Device Scams?

According to bankmycell.com, the number of smartphone users stands around 6.64 billion, representing a smartphone penetration rate of 83.72%, i.e 83.72% of the world’s population owns a smartphone (by means of phone numbers).

Some mobile device scams will try to trick you into giving them your personal information, such as your crypto exchange account, or wallet keys. Others will try to get you to install malicious software on your device. Some will even just try to trick you into sending them cryptocurrency.

What are the Different Types of Crypto Mobile Device Scams?

Mobile phones are almost considered parts of our bodies nowadays, and cybercriminals certainly know it. We always have our mobile devices with us, and we use them to access anything from cat videos to our most private data. We’ve linked bank and crypto exchange accounts, emails, and other sensitive data to our phones, making them a perfect target for crypto theft and fraud.

Mobile Virus Scams

A mobile virus is a type of malware that can infect your mobile device just like a computer virus would. While visiting certain websites on your phone, you may have seen a page alerting you that a scan of your phone has revealed a virus infection, urging you to take immediate action towards downloading an antivirus app.

However, this app is actually malware or spyware that either tries to infect other devices or hijack yours. This may lead to scammers having access to all your passwords and accounts, including your crypto exchange accounts and crypto wallets.

The easiest way to protect yourself from these kinds of attacks is to ignore any web popups, but also have cybersecurity on your phone. 

Phishing & Vishing

Phishing is a type of scam where the attacker tries to trick you into giving them your personal information by masquerading as a legitimate website, app, or service. They do this by creating a fake login page that looks identical to the real thing. 

Phishing scams also happen via SMS messages, and they are also known as “smishing.” These scams try to make you act on the SMS sent, as they send the malware links. If you open the link, your device becomes infected with malware or spyware.

Vishing is similar to phishing, but instead of using a fake website, the attacker will use a fake phone call or text message to try and trick you. These types of scams are becoming more and more common, as they can be very difficult to spot.

The best way to protect yourself from phishing scams is to make sure you are using approved websites, and bookmark the ones that hold your sensitive information so that you could access them quickly. When it comes to vishing attacks, the key is to never give out your personal information, even if the person or website seems legitimate.

Fake Crypto Apps

There are numerous types of fake crypto mobile apps that are created with the aim of stealing your cryptocurrency. Some of the most prominent versions are:

• Fake Exchange Apps
• Fake Wallet Apps
• Fake Earning Apps

Fake Exchange Apps

Fake exchange apps are exactly what they sound like – mobile apps that scam crypto investors into thinking they are the real ones. 

When it comes to protecting your crypto investments against such scams, you can do several things, namely:

• Use two-factor authentication (2FA) – it’s important to say that, in our example above, crypto was stolen only from accounts that had no 2FA activated. While 2FA is not impenetrable, it is a big help as scammers will have a hard time bypassing it even if they have your exchange login credentials.
• Check the validity of the app you are downloading. You can do that by checking the number of downloads, reviews, and ratings – fake apps either have comments where people complain of being scammed, or perfectly flawless ratings. Moreover, legitimate apps are developed by legitimate companies, and you can check the developers in the information provided on the app store. Additionally, you could head over to the official exchange website and check if the app they are offering matches the one on the mobile app store.

Fake Wallet Apps

Another category of crypto-related mobile apps that are often used to scam investors are fake wallets. While there are many different types of cryptocurrency wallets, the most popular ones are mobile wallets since they offer more convenience.

Since crypto values have been rising in recent years, scammers have taken advantage of that and created numerous fake versions of popular cryptocurrency wallets such as MetaMask, Exodus, Jaxx, Coinomi, and Ledger.

To avoid being scammed by a fake wallet app, you should:

• Check if the wallet app generates brand new addresses before importing your own – if and once a new address is generated you can check if the generated wallet exists (most fake apps are faking the wallet creation part as well).
• Use all the tips highlighted in the section on fake exchange apps.

Fake Earning Apps

Another category of malicious crypto mobile apps are the so-called earning apps. The premise of these apps is usually that they offer users a way to earn cryptocurrency by completing certain tasks. These apps usually market themselves as giveaways or fake high-yield earning apps.

In reality, however, most of these earning apps are simply scams created with the sole purpose of stealing people’s crypto.

To avoid being scammed by a fake earning app, you should look for any red flags, such as high rewards in return for no work. You could also check the validity of the app by checking its ratings, developers, etc.

Cryptojacking Apps

Another category of malicious crypto apps that we will mention are cryptojacking apps. Cryptojacking is a type of attack where the attacker uses your device to mine cryptocurrency without your knowledge or permission.

While most often associated with websites, cryptojacking can also be done via mobile apps. For example, there was an incident involving the popular game Fortnite where a cryptojacking script was injected into the game.

To avoid being scammed by a cryptojacking app, you should:

• Check the permissions that the app is asking for. For example, an app that wants to mine cryptocurrency will most likely need access to your device’s CPU and GPU.
• Check if your mobile device is overheating, as mining is a very power-heavy task.
• Install a mobile antivirus that will help you detect malware.

Clipper Apps

The next category of malicious crypto mobile apps are clipper apps. Clipper apps are designed to replace your cryptocurrency wallet address with the attacker’s address. For example, if you copy and paste your Bitcoin address to send some BTC to a friend, a clipper app will replace that address with the attacker’s address instead.

To avoid being scammed by a clipper app, you should:

• Double-check the address that you are sending your cryptocurrency to.
• Install a mobile antivirus that will help you detect malware.

SIM Swapping Apps

SIM swapping is a type of attack where the attacker tricks your mobile service provider into transferring your phone number to a SIM card that they control. Once the attacker has your phone number, they can then use it to reset your passwords and gain access to your online accounts.

To avoid being scammed by a SIM swapping app, you should:

• Use two-factor authentication (2FA) wherever possible. However, one thing to note is that you should avoid using a mobile phone 2FA. Rather, you should rely on apps such as Google Authenticator, as they are much safer.
• Avoid sharing your phone number on social media, as cybercriminals could use the information they find to impersonate you and steal your crypto.
• Be aware of any suspicious activity on your mobile device, such as unexpected text messages or calls.

WiFi Breaches

While not exclusive to the cryptocurrency space, another thing to be aware of are WiFi breaches. WiFi breaches happen when a criminal gains access to your WiFi network and uses it to eavesdrop on your traffic.

If you are using a public WiFi network, then it is especially important to be aware of this, as criminals could use it to intercept any crypto transactions that you make.

To avoid being scammed by a WiFi breach, you should:

• Avoid using public WiFi networks to transact in cryptocurrency. Moreover, you should avoid connecting to unsafe WiFi networks if you hold a lot of cryptocurrency on your mobile phone wallets.
• Use a virtual private network (VPN) whenever possible to encrypt your traffic and make it more difficult for criminals to intercept your data.
• Be aware of any suspicious activity on your network, such as unexpected devices or traffic.

Protecting Yourself in the Harsh World of Crypto Scams

As you may have noticed, every scam has its unique quirk or feature, but they all share a common goal, as well as have similar modes and methods of operation. New types of scams appear regularly, so you’ll have to be prepared – however, using standard safety practices doesn’t change that often.

Make sure you are mindful of the information you are holding on your phone, whom you are sharing it with (directly or indirectly), and avoid any apps or websites you aren’t 100% sure aren’t scams.

###