Cryptocurrency scams: a growing threat to mobile users
With a little Fintech and education, cryptocurrency scams can easily be prevented from being a threat to mobile device users. Let us show you how.
Patrick DrexlerHead of Business Development
17 May 2022
7 min read
The realm of cryptocurrencies can seem daunting even to internet savvy users, which is perfectly understandable. The unregulated nature of crypto can be offputting to many, and indeed, if people are swept off their feet by the crypto hype, there is a real chance to lose a lot of money (as well as make a lot it) through some easy to make, but fateful trading decisions. With cryptocurrency, fortunes have been made, while others have been lost. And all this without falling for cryptocurrency scams. But now, with the world becoming more mobile, it’s easier than ever before to make investments in cryptocurrencies within the palms of your hands.
Take the situation with the COVID-19 pandemic, which significantly boosted the percentage of eCommerce’s share of global retail sales. In the midst of merchants and shoppers increasingly going online, the convenience has spread to mobile devices, which allowed more people to shop, pay and transfer money with great ease and from the comfort of their sofas. The ease with which mobile apps have allowed people to engage in M-Commerce, digital banking and even dabble in cryptocurrency investments is staggering, but not surprising. What is a surprise to many is the pace these changes have taken place, which were originally forecast to reach current levels by 2025-2030. Amidst this growth in mobile users, fraudsters have seen an opportunity to target people, aiming to remain hidden in the huge increase in daily transactions.
There have been many stories featured online about the various types of cryptocurrency scams catching people out. Despite the media image fraudsters have, the majority of them do not need to have advanced skills, relying instead on the readily available tools that can be found on the dark web. They play upon people’s ignorance or naivety by using tried and tested social engineering attacks, in other words, building trust with people and making them carry out actions that may not be in their best interests (clicking on a link in an email phishing scam, for example). Social engineering remains one of the most effective ways for cybercriminals to enact an account takeover. Fraudsters are aware that anti-fraud systems are becoming harder to attack face-on, which is why the path of least resistance to achieving their goals is to convince people to do half the work - by unwittingly giving away their details.
With romance scams, for example, otherwise known as ‘pig butchering’ in China (like fattening up a pig before it is killed for its meat), fraudsters can find victims through dating apps such as Tinder, spending months gaining their trust, only to then move on to talk of investment opportunities in crypto. This involves making legitimate payments and transactions using the victim’s money (which, at this point, they have agreed to give) to buy cryptocurrencies, before transferring them to digital wallets, which are then stolen by fraudsters. More sophisticated methods may include the use of pressure (and FOMO) to encourage people to make quick investments in order to make gains - sometimes, even the promise of free cryptocurrency may make people sign up to a fake crypto exchange or app, handing over their previous data. The threats are numerous and growing.
With this in mind, we write our blog posts to help educate about the fraud-related risks posed by online payments. We often highlight the advanced nature of tools and knowledge shared by fraudsters in the darknet, but we also continually emphasise that people themselves can be a weak point in the overall chain of protection. It is important for users to practice good digital hygiene with strong passwords, password managers etc. But with cryptocurrencies, it is essential to understand how they work, the risks involved, and how to remain safe and secure.
Although media coverage of online scams tends to focus on the average browsing experience being related to desktop computers (phishing scams received by email, etc.), fraudsters are increasingly focusing their efforts on the growing no. of individuals that use mobile devices to browse the internet and also carry out payments and transactions.
While cryptocurrency companies must also ensure the best possible anti-fraud solutions are on hand to secure cryptocurrency exchanges, and associated transactions either via their website or apps/digital wallets, users must be cautious when using such services. There are a plethora of fake crypto exchange websites and crypto apps, which can be used by fraudsters to action an account takeover (ATO). A phishing email may direct a user to a fake site, which at face value looks near identical to the real thing, but with minor nuances such as a dot here and there in a URL. It can also contain a direct download link to a fake crypto app.
Fake apps, on the other hand, are more difficult to distinguish. Although Apple and Google make efforts to remove fake apps from their app stores, plenty remain online - and for all those that are removed, more may appear in their place before being removed again. Some apps can gain 100,000+ downloads before they are removed. For example, a user may wish to download an exchange app from a reputable cryptocurrency company. Rather than visiting the main website, a user may choose to find it via an app store where they may download a fake version. They look convincing, using preview screenshots of the original app and with only minor differences in the app’s icon graphic to distinguish it from the original. This is why all users are encouraged to only download apps from a reputable source, and if they do so from an app store, to make sure it is a legit developer account hosting the app. Reading user reviews and ratings will also prove beneficial in determining the validity of the app.
It’s best to keep your crypto as secure as possible. Although it’s the FOMO which can lead to some rash decisions being made by people and falling for social engineering attacks, the best answer to this particular problem is education. Cryptocurrency exchanges must inform their users (new and old) of the dangers associated with falling for scams and how to spot them. Naturally, we all wish to make the right choices when it comes to investments, but it doesn’t always go to plan. On the other hand, FinTech companies such as Nethone can play a big part in securing the user experience when purchasing cryptocurrencies - with advanced tech, but also blog posts about online fraud issues, such as this one.
As for the tech side of things, advanced and effective fraud solutions for cryptocurrency exchanges must understand every single transaction which is taking place, not just rely on rules-based analysis to accept customer logins and a handful of suspicious interactions (which may in fact be false positives). By deploying AI (artificial intelligence) and machine learning (ML) models, it is possible to fully understand a user’s intentions and device setups through analysis of digital fingerprints and behaviors during every session and interaction, whether web browser-based or via a mobile app. Our mobile app fraud detection capabilities are continually evolving, based on fraud intelligence in the dark web and feedback about the customer experience. Cryptocurrency scams can most certainly be avoided - with a little tech, and education.
If you wish to detect and protect your business from cryptocurrency scams on your mobile apps, we're here to help you with the perfect fraud prevention solution. Click 'book a call' at the top of this page or contact Patrick directly via email at firstname.lastname@example.org or via LinkedIn.