Common Scams on Mobile Devices PDF
Document Details
Uploaded by AdulatoryLeibniz
Tags
Related
- Mobile Device Security Exam 212-82 PDF
- Chapter 12 - 06 - Discuss and Implement General Security Guidelines on Mobile - 02_ocred.pdf
- Chapter 12 - 05 - Mobile Security Management Solutions PDF
- Mobile Content Management Solutions PDF
- Chapter 12 - 05 - Enterprise Mobile Security Management Solutions PDF
- Chapter 13 - Wireless and Mobile Security.pdf
Summary
This document discusses various types of scams targeting cryptocurrency users through mobile devices. It covers fake cryptocurrency apps, cryptojacking apps, and free giveaway/mining apps, highlighting common tactics used by scammers to steal cryptocurrencies and personal information. It provides preventative measures to protect against fraudulent activities.
Full Transcript
**Common Scams on Mobile Devices** 2017 was a remarkable year for the cryptocurrency industry as their rapid increase in valuations propelled them into mainstream media. Unsurprisingly, this garnered them immense interest from both the general public as well as cybercriminals. The relative anonymit...
**Common Scams on Mobile Devices** 2017 was a remarkable year for the cryptocurrency industry as their rapid increase in valuations propelled them into mainstream media. Unsurprisingly, this garnered them immense interest from both the general public as well as cybercriminals. The relative anonymity offered by cryptocurrencies has made them a favorite amongst criminals who often use them to bypass traditional banking systems and avoid financial surveillance from regulators. Given that people are spending more time on their smartphones than desktops, it is thus not surprising that cybercriminals have also turned their attention to them. The following discussion highlights how scammers have been targeting cryptocurrency users through their mobile devices, along with a few steps that users can take to protect themselves. ### Fake cryptocurrency apps #### Fake cryptocurrency exchange apps The most well-known example of a fake cryptocurrency exchange app is probably the one of Poloniex. Prior to the launch of their official mobile trading app in July 2018, Google Play was already listing several fake Poloniex exchange apps, which were intentionally designed to be functional. Many users that downloaded those fraudulent apps had their Poloniex login credentials compromised, and their cryptocurrencies were stolen. Some apps even went a step further requesting the login credentials of users Gmail accounts. It is important to highlight that only accounts without two-factor authentication (2FA) were compromised. The following steps can help protect you against such scams. - - - - - #### Fake cryptocurrency wallet apps There are many different types of fake apps. One variation seeks to obtain personal information from users such as their wallet passwords and private keys. In some cases, fake apps provide previously generated [public addresses](https://academy.binance.com/en/articles/what-is-public-key-cryptography) to users. So they assume funds are to be deposited into these addresses. However, they do not gain access to the private keys and thus do not have access to any funds that are sent to them. Such fake wallets have been created for popular cryptocurrencies such as Ethereum and Neo and, unfortunately, many users lost their funds. Here are some preventive steps that can be taken to avoid becoming a victim: - - ### Cryptojacking apps [Cryptojacking](https://academy.binance.com/en/articles/what-is-cryptojacking) has been a hot favorite amongst cybercriminals due to the low barriers to entry and low overheads required. Furthermore, it offers them the potential for long-term recurring income. Despite their lower processing power when compared to PCs, mobile devices are increasingly becoming a target of cryptojacking. Apart from web-browser cryptojacking, cybercriminals are also developing programs that appear to be legitimate gaming, utility or educational apps. However, many of these apps are designed to secretly run crypto-mining scripts in the background. There are also cryptojacking apps that are advertised as legitimate third-party miners, but the rewards are delivered to the app developer instead of the users. To make things worse, cybercriminals have become increasingly sophisticated, deploying lightweight mining algorithms to avoid detection. Cryptojacking is incredibly harmful to your mobile devices as they degrade performance and accelerates wear and tear. Even worse, they could potentially act as Trojan horses for more nefarious malware. The following steps can be taken to guard against them. - - - - - ### Free giveaway and fake crypto-miner apps These are apps that pretend to mine cryptocurrencies for their users but don't actually do anything apart from displaying ads. They incentivize users to keep the apps open by reflecting an increase in the user's rewards over time. Some apps even incentivize users to leave 5-star ratings in order to get rewards. Of course, none of these apps were actually mining, and their users never received any rewards. To guard against this scam, understand that for the majority of cryptocurrencies, [mining](https://academy.binance.com/en/articles/what-is-cryptocurrency-mining) requires highly specialized hardware ([ASICs](https://academy.binance.com/en/glossary/application-specific-integrated-circuit)), meaning it is not feasible to mine on a mobile device. Whatever amounts you mine would be trivial at best. Stay away from any such apps. ### Clipper apps Such apps alter the cryptocurrency addresses you copy and replace them with those of the attacker. Thus, while a victim may copy the correct recipient address, the one they paste to process the transaction is replaced by those of the attacker. To avoid falling victim to such apps, here are some precautions you can take when processing transactions. - - ### SIM swapping In a SIM swapping scam, a cybercriminal gains access to the phone number of a user. They do this by employing [social engineering](https://academy.binance.com/en/articles/what-is-social-engineering) techniques to trick mobile phone operators into issuing a new SIM card to them. The most well-known SIM swapping scam involved cryptocurrency entrepreneur Michael Terpin. He alleged that AT&T was negligent in their handling of his mobile phone credentials resulting in him losing tokens valued at more than 20 million US dollars. Once cybercriminals have gained access to your phone number, they can use it to bypass any 2FA that relies on that. From there, they can work their way into your cryptocurrency wallets and exchanges. Another method cybercriminals can employ is to monitor your SMS communications. Flaws in communications networks can allow criminals to intercept your messages which can include the second-factor pin messaged to you. What makes this attack particularly concerning is that users are not required to undertake any action, such as downloading a fake software or clicking a malicious link. To prevent falling prey to such scams, here are some steps to consider. - - - - ### WiFi Cybercriminals are constantly seeking entry points into mobile devices, especially the ones of [cryptocurrency](https://academy.binance.com/en/glossary/cryptocurrency) users. One such entry point is that of WiFi access. [Public WiFi is insecure](https://academy.binance.com/en/articles/why-public-wifi-is-insecure) and users should take precautions before connecting to them. If not, they risk cybercriminals gaining access to the data on their mobile devices. These precautions have been covered in the article on public WiFi. ### Closing thoughts Mobile phones have become an essential part of our lives. In fact, they are so intertwined with your digital identity that they can become your greatest vulnerability. Cybercriminals are aware of this and will continue to find ways to exploit this. Securing your mobile devices is no longer optional. It has become a necessity. Stay safe.
