Common Scams on Mobile Devices_APP

CommunitySubmission-Author:WhoTookMyCrypto.com

2017wasaremarkableyearforthecryptocurrencyindustryastheirrapidincreaseinvaluationspropelledthemintomainstreammedia.Unsurprisingly,thisgarneredthemimmenseinterestfromboththegeneralpublicaswellascybercriminals.Therelativeanonymityofferedbycryptocurrencieshasmadethemafavouriteamongstcriminalswhooftenusethemtobypasstraditionalbankingsystemsandavoidfinancialsurveillancefromregulators.

Giventhatpeoplearespendingmoretimeontheirsmartphonesthandesktops,itisthusnotsurprisingthatcybercriminalshavealsoturnedtheirattentiontothem.Thefollowingdiscussionhighlightshowscammershavebeentargetingcryptocurrencyusersthroughtheirmobiledevices,alongwithafewstepsthatuserscantaketoprotectthemselves.

Fakecryptocurrencyapps

Fakecryptocurrencyexchangeapps

Themostwell-knownexampleofafakecryptocurrencyexchangeappisprobablytheoneofPoloniex.PriortothelaunchoftheirofficialmobiletradingappinJuly2018,GooglePlaywasalreadylistingseveralfakePoloniexexchangeapps,whichwereintentionallydesignedtobefunctional.ManyusersthatdownloadedthosefraudulentappshadtheirPoloniexlogincredentialscompromised,andtheircryptocurrencieswerestolen.SomeappsevenwentastepfurtherrequestingthelogincredentialsofusersGmailaccounts.Itisimportanttohighlightthatonlyaccountswithouttwo-factorauthentication(2FA)werecompromised.

MKR和COMP鯨魚地址將4210枚MKR轉入幣安，本輪投資獲利210萬美元:金色財經報道，據余燼監測數據，此前從幣安提取MKR和COMP的鯨魚地址，30分鐘前將4210枚MKR(483萬美元)轉入了幣安。這樣他本輪MKR+COMP投資實現獲利210萬美元：

25982枚COMP(成本價46美元)，7月3日轉入幣安(價格64美元)，收益率40%(獲利46萬美元)；

4210枚MKR(成本價760美元)，7月21日轉入幣安(價格1150美元)，收益率51%(164萬美元)。[2023/7/21 15:51:06]

Thefollowingstepscanhelpprotectyouagainstsuchscams.

Checktheexchange’sofficialwebsitetoverifyiftheyindeedofferamobiletradingapp.Ifso,usethelinkprovidedontheirwebsite.Readthereviewsandratings.Fraudulentappsoftenhavemanybadreviewswithpeoplecomplainingaboutgettingscammed,somakesuretocheckthembeforeyoudownload.However,youshouldalsobescepticalofappsthatpresentperfectratingsandcomments.Anylegitimateapphasitsfairshareofnegativereviews.Checktheappdeveloperinformation.Lookforwhetheralegitimatecompany,emailaddress,andwebsiteareprovided.Youshouldalsoperformanonlinesearchontheinformationprovidedtoseeiftheyarereallyrelatedtotheofficialexchange.Checkthenumberofdownloads.Thedownloadcountshouldalsobeconsidered.Itisunlikelythatahighlypopularcryptocurrencyexchangewouldhaveasmallnumberofdownloads.Activate2FAonyouraccounts.Althoughnot100%secure,2FAismuchhardertobypassandcanmakeahugedifferenceinprotectingyourfunds,evenifyourlogincredentialsarephished.Fakecryptocurrencywalletapps

在亞馬遜、eBay及沃爾瑪購物時用戶現可使用Crypto.com支付:據Cryptoslate 4月11日消息，加密貨幣借記卡公司Crypto.com在與Shopping.io建立新的合作關系后，用戶可在亞馬遜、eBay以及沃爾瑪購物時使用 Crypto.com支付。用戶可以享受以下優惠，購物時可享受額外5%的折扣；獲得高達10%的返還獎勵；美國以外的訂單運費免收20美元的運費。[2021/4/11 20:06:39]

Therearemanydifferenttypesoffakeapps.Onevariationseekstoobtainpersonalinformationfromuserssuchastheirwalletpasswordsandprivatekeys.

Insomecases,fakeappsprovidepreviouslygeneratedpublicaddressestousers.Sotheyassumefundsaretobedepositedintotheseaddresses.However,theydonotgainaccesstotheprivatekeysandthusdonothaveaccesstoanyfundsthataresenttothem.

SuchfakewalletshavebeencreatedforpopularcryptocurrenciessuchasEthereumandNeoand,unfortunately,manyuserslosttheirfunds.Herearesomepreventivestepsthatcanbetakentoavoidbecomingavictim:

Theprecautionshighlightedintheexchangeappsegmentaboveareequallyapplicable.However,anadditionalprecautionyoucantakewhendealingwithwalletappsistomakesurebrandnewaddressesaregeneratedwhenyoufirstopentheapp,andthatyouareinpossessionoftheprivatekeys(ormnemonicseeds).Alegitimatewalletappallowsyoutoexporttheprivatekeys,butitisalsoimportanttoensurethegenerationofnewkeypairsisnotcompromised.Soyoushoulduseareputablesoftware(preferablyopensource).Eveniftheappprovidesyouaprivatekey(orseed),youshouldverifywhetherthepublicaddressescanbederivedandaccessedfromthem.Forexample,someBitcoinwalletsallowuserstoimporttheirprivatekeysorseedstovisualizetheaddressesandaccessthefunds.Tominimizetherisksofkeysandseedsbeingcompromised,youmayperformthisonanair-gappedcomputer(disconnectedfromtheinternet).Cryptojackingapps

Crypto.com歐洲用戶可使用穩定幣為MCOVisa卡充值:Crypto.com表示，歐洲用戶可使用TUSD、TGBP、TAUD、PAX和USDC這五種穩定幣為MCOVisa卡充值，算上BTC、ETH、LTC和XRP，目前持卡人可以使用9種加密貨幣進行充值。據此前報道，Crypto.com宣布在歐洲31個國家推出MCOVisa卡，MCOVisa卡是一種可充值的高端金屬預付卡，允許用戶直接使用信用卡/借記卡對卡片進行充值，無需支付任何費用。此外，持卡人除了可以通過加密錢包充值外，還可以通過SEPA銀行轉賬充值MCOVisa卡。[2020/6/16]

Cryptojackinghasbeenahotfavoriteamongstcybercriminalsduetothelowbarrierstoentryandlowoverheadsrequired.Furthermore,itoffersthemthepotentialforlong-termrecurringincome.DespitetheirlowerprocessingpowerwhencomparedtoPCs,mobiledevicesareincreasinglybecomingatargetofcryptojacking.

Apartfromweb-browsercryptojacking,cybercriminalsarealsodevelopingprogramsthatappeartobelegitimategaming,utilityoreducationalapps.However,manyoftheseappsaredesignedtosecretlyruncrypto-miningscriptsinthebackground.

Therearealsocryptojackingappsthatareadvertisedaslegitimatethird-partyminers,buttherewardsaredeliveredtotheappdeveloperinsteadoftheusers.

Tomakethingsworse,cybercriminalshavebecomeincreasinglysophisticated,deployinglightweightminingalgorithmstoavoiddetection.

Cryptojackingisincrediblyharmfultoyourmobiledevicesastheydegradeperformanceandaccelerateswearandtear.Evenworse,theycouldpotentiallyactasTrojanhorsesformorenefariousmalware.

動態 | Xage Security和Commonwealth Edison達成合作 將利用區塊鏈提高電力系統安全性和效率:區塊鏈網絡安全平臺初創公司Xage Security和公用事業公司Commonwealth Edison達成合作，旨在展示區塊鏈技術如何幫助集成分布式能源資源，如太陽能、能量存儲、能效和電力需求管理；重點是提高安全性以及提高能源需求管理過程的效率。（Digital Journal）[2019/9/30]

Thefollowingstepscanbetakentoguardagainstthem.

Onlydownloadappsfromofficialstores,suchasGooglePlay.Piratedappsarenotpre-scannedandaremorelikelytocontaincryptojackingscripts.Monitoryourphoneforexcessivebatterydrainingoroverheating.Oncedetected,terminateappsthatarecausingthis.Keepyourdeviceandappsupdatedsothatsecurityvulnerabilitiesgetpatched.Useawebbrowserthatguardsagainstcryptojackingorinstallreputablebrowserplug-ins,suchasMinerBlock,NoCoin,andAdblock.Ifpossible,installmobileantivirussoftwareandkeepitupdated.Freegiveawayandfakecrypto-minerapps

Theseareappsthatpretendtominecryptocurrenciesfortheirusersbutdon’tactuallydoanythingapartfromdisplayingads.Theyincentivizeuserstokeeptheappsopenbyreflectinganincreaseintheuser’srewardsovertime.Someappsevenincentivizeuserstoleave5-starratingsinordertogetrewards.Ofcourse,noneoftheseappswereactuallymining,andtheirusersneverreceivedanyrewards.

動態 | 受交易所下架BSV事件影響，請愿網站iPetitions.com出現反BCH運動:據Zycrypto消息，對于幣安、Kraken等交易所相繼下架BSV事件，雖然受到了多方歡迎，但也有業內人士表達了擔憂和不滿。例如，請愿網站iPetitions.com上開始出現將BCH與BSV一起除名的請愿書。該請愿書明確說明：“越來越多的交易所正在退市BITCOIN SV（BSV），比特幣現金（BCH）也應該一起退市，因為它只會造成混亂，而且與BSV相同”。請愿書的鏈接發布在社交媒體網站上，并收到各種各樣的反應。據最近報道，日本加密貨幣交易所VcTrade所屬運營公司SBI Virtual Currencies宣布，已決定廢除上線BCH。如果從交易所移除BCH的行動像下架BSV那樣蔓延，那么它會對比特幣與其他加密貨幣市場的價格產生巨大影響。此前消息，比特幣核心開發者Jimmy Song也對此事表達了不一樣的看法，他表示，下線加密貨幣會讓人們形成“交易所是權威締造者”的不良印象，最終會危害整個加密行業。[2019/4/18]

Toguardagainstthisscam,understandthatforthemajorityofcryptocurrencies,miningrequireshighlyspecializedhardware(ASICs),meaningitisnotfeasibletomineonamobiledevice.Whateveramountsyouminewouldbetrivialatbest.Stayawayfromanysuchapps.

ClipperappsSuchappsalterthecryptocurrencyaddressesyoucopyandreplacethemwiththoseoftheattacker.Thus,whileavictimmaycopythecorrectrecipientaddress,theonetheypastetoprocessthetransactionisreplacedbythoseoftheattacker.

Toavoidfallingvictimtosuchapps,herearesomeprecautionsyoucantakewhenprocessingtransactions.

Alwaysdoubleandtriplechecktheaddressyouarepastingintotherecipientfield.Blockchaintransactionsareirreversiblesoyoushouldalwaysbecareful.Itisbesttoverifytheentireaddressinsteadofjustportionsofit.Someappsareintelligentenoughtopasteaddressesthatlooksimilartoyourintendedaddress.SIMswappingInaSIMswappingscam,acybercriminalgainsaccesstothephonenumberofauser.TheydothisbyemployingsocialengineeringtechniquestotrickmobilephoneoperatorsintoissuinganewSIMcardtothem.Themostwell-knownSIMswappingscaminvolvedcryptocurrencyentrepreneurMichaelTerpin.HeallegedthatAT&Twasnegligentintheirhandlingofhismobilephonecredentialsresultinginhimlosingtokensvaluedatmorethan20millionUSdollars.

Oncecybercriminalshavegainedaccesstoyourphonenumber,theycanuseittobypassany2FAthatreliesonthat.Fromthere,theycanworktheirwayintoyourcryptocurrencywalletsandexchanges.

AnothermethodcybercriminalscanemployistomonitoryourSMScommunications.Flawsincommunicationsnetworkscanallowcriminalstointerceptyourmessageswhichcanincludethesecond-factorpinmessagedtoyou.

Whatmakesthisattackparticularlyconcerningisthatusersarenotrequiredtoundertakeanyaction,suchasdownloadingafakesoftwareorclickingamaliciouslink.

Topreventfallingpreytosuchscams,herearesomestepstoconsider.

DonotuseyourmobilephonenumberforSMS2FA.Instead,useappslikeGoogleAuthenticatororAuthytosecureyouraccounts.Cybercriminalsareunabletogainaccesstotheseappseveniftheypossessyourphonenumber.Alternatively,youmayusehardware2FAsuchasYubiKeyorGoogle'sTitanSecurityKey.Donotrevealpersonalidentifyinginformationonsocialmedia,suchasyourmobilephonenumber.Cybercriminalscanpickupsuchinformationandusethemtoimpersonateyouelsewhere.Youshouldneverannounceonsocialmediathatyouowncryptocurrenciesasthiswouldmakeyouatarget.Orifyouareinapositionwhereeveryonealreadyknowsyouownthem,thenavoiddisclosingpersonalinformationincludingtheexchangesorwalletsyouuse.Makearrangementswithyourmobilephoneproviderstoprotectyouraccount.Thiscouldmeanattachingapinorpasswordtoyouraccountanddictatingthatonlyuserswithknowledgeofthepincanmakechangestotheaccount.Alternatively,youcanrequiresuchchangestobemadeinpersonanddisallowthemoverthephone.WiFiCybercriminalsareconstantlyseekingentrypointsintomobiledevices,especiallytheonesofcryptocurrencyusers.OnesuchentrypointisthatofWiFiaccess.PublicWiFiisinsecureandusersshouldtakeprecautionsbeforeconnectingtothem.Ifnot,theyriskcybercriminalsgainingaccesstothedataontheirmobiledevices.TheseprecautionshavebeencoveredinthearticleonpublicWiFi.

ClosingthoughtsMobilephoneshavebecomeanessentialpartofourlives.Infact,theyaresointertwinedwithyourdigitalidentitythattheycanbecomeyourgreatestvulnerability.Cybercriminalsareawareofthisandwillcontinuetofindwaystoexploitthis.Securingyourmobiledevicesisnolongeroptional.Ithasbecomeanecessity.Staysafe.

Tags：THEINGYOUAPPtogetherbnb下載電腦king幣兌換一次能用幾張PAYOU幣超級黃金幣app下載

Ethereum