On an important topic for followers of the Bitcoin market and digital currencies, about security, electronic fraud operations, and its relationship to mobile phones... Many of us may be exposed to fraud over the Internet and fall into the trap of scammers through our mobile phone... Therefore, you must educate yourself as much as possible about all these fraud methods related to them and know How to prevent it...you don't know, my friend, where the attack could come from!

In this regard, we publish for you an article from the Binance Vision Academy, affiliated with the Binance platform, one of the largest digital currency trading platforms in the world.

We will review it with you:

2017 has been a great year for the cryptocurrency industry, as the rapid increase in the market capitalization of Bitcoin and cryptocurrencies has brought the space into the mainstream media, and unsurprisingly, this market has received significant attention from both the general public as well as... Online criminals of course.

The relative anonymity offered by cryptocurrencies themselves has made them a favored environment among cybercriminals who often use cryptocurrencies to bypass traditional banking systems and avoid financial oversight from regulators.

Given that people spend more time on their smartphones than even on their desktop computers, it's no surprise that cybercriminals are turning their attention to mobile scams as well. The following article explains how scammers can target cryptocurrency users through their mobile phones. This is in addition to reviewing some steps that users can take to protect themselves.

Fake mobile phone applications for fake digital currencies

First: Cryptocurrency exchange apps applications

The most famous example here of a fake application for a digital currency trading platform is probably that of the Poloniex platform application, as before the launch of the official mobile application for trading on the Poloniex platform during July 2018, the Google Play Store was already listing many fake applications for the trading platform. Poloniex, which are applications that are intentionally designed to have a specific function: fraud.

Many users who downloaded these fraudulent applications had their login credentials for their account on the Poloniex platform hacked and their digital currencies were stolen.

Some mobile apps have even gone a step further to request login credentials for users' Gmail accounts, and it's important to highlight that only accounts without two-factor authentication (2FA) codes have been hacked.

The following steps can help protect you from scams like this.

Firstly, check the official website of the trading platform to check if they already provide a mobile trading app, and if so use the link provided on their website.

Read reviews and ratings about apps. Fraudulent apps often have many bad reviews, with people complaining about being scammed, so make sure to check them before downloading any app.

However, you should also be skeptical of apps that offer perfect ratings and reviews – as any legitimate app will have its fair share of negative reviews as well.

Check the information about the app developer, see if there is a legitimate company, email address and website available, and you should also do an online search on the information provided in the data to see if it is actually related to the official trading platform in question.

Check the number of downloads of the app, the number of downloads should also be taken into consideration, it is unlikely that an app for a popular major official cryptocurrency trading platform will have a low number of downloads.

Enable 2FA on your accounts. While it's not 100 percent secure, it's much more difficult to bypass 2FA and can make a big difference in protecting your funds, even if your login credentials are broken. I stole it.

Second: Fake cryptocurrency wallet apps

There are many different types of fake apps, and one form of these apps seeks personal information from users, such as wallet passwords or private keys for digital wallets.

In some cases, fake mobile apps provide pre-generated public digital wallet addresses to users, so they assume that the user will deposit funds into these wallet addresses, even though they do not have access to the wallets' private keys and therefore cannot Access to any funds sent to them.

Such fake wallets have been created for popular cryptocurrencies like Ethereum and Neo coins, and unfortunately a lot of users have lost their money. Here are some preventive steps that can be taken to avoid falling victim to these:

First of all, apply the precautions described in the counterfeit apps for cryptocurrency trading platforms section above. However, there is an additional precaution you can take when dealing with digital wallet apps, which is to ensure that completely new wallet addresses are created when you first open the app, and that you have You own the private keys of the wallet (or mnemonic seeds). A legitimate digital wallet application allows you to export the private keys of the wallet, but it is also important to ensure that the generation of new key pairs are not at risk of being hacked, so you should use a reputable software. (Preferably open source software).

Even if the app provides you with a private key (or seed), you should check whether the public addresses of the wallet can be obtained and accessed by them. For example, some Bitcoin digital wallets allow users to import their private keys. Or Seeds, in order to show addresses and access to funds, and to reduce the risk of private keys and Seeds being compromised, you can do this on an air-gapped computer (i.e. disconnected from the Internet).

Third: Cryptojacking applications

Cryptojacking has been a huge favorite among cybercriminals, due to the low barriers to entry, low steps and expenses required, and moreover, it offers them the possibility of long-term recurring income.

Although the power of mobile phones is weaker when compared to hijacking computers, mobile devices are increasingly becoming a target for cryptojacking.

Aside from cryptojacking to hijack a web browser, cybercriminals also develop programs that appear to be legitimate games, utilities, or educational applications. However, many of these applications are designed to secretly run crypto-mining scripts in the browser. System background.

There are also cryptojacking apps, which are advertised as third-party miners, but unfortunately the mining rewards are handed over to the app developer rather than the users.

To make matters worse, cybercriminals have become more sophisticated and deployed lightweight mining algorithms to avoid detection.

Cryptojacking is incredibly harmful to your mobile phones, because it reduces performance, speeds up phone problems, and worse, it can act as Trojan horses for more common malware.

In this regard, the following steps can be taken to protect against this method:

Only download apps from official stores like Google Play, as pirated apps are not pre-screened and are likely to contain cryptojacking code.

Also, monitor your mobile phone in terms of excessive battery drain, or overheating and as soon as you discover this is happening, delete the applications that are causing this.

Keep your mobile device and applications updated until vulnerabilities are patched.

Use a web browser that protects the phone against cryptojacking or install reputable browser plug-ins, such as MinerBlock, NoCoin, and Adblock.

If possible, install antivirus software on the mobile phone and keep it updated.

We have published two articles about the crime of cryptojacking in Arab Folio News, which you can view through these links:

What is Cryptojacking? And how websites use your CPU to mine cryptocurrencies

How do you know that your device is infected with Cryptojacking scripts?

Fourth: The method of free gifts and fake digital currency mining applications (crypto-miner apps).

These are apps that pretend to mine cryptocurrencies for their users but don't actually do anything except display ads, as they incentivize users to keep the apps open by showing the increase in user rewards over time.

Some apps incentivize users to post 5-star ratings in order to receive rewards, and of course none of these apps actually mine digital currencies, and their users have never received any rewards.

To protect against this scam, you must understand that for the majority of digital currencies, mining these currencies requires highly specialized hardware such as (ASICs), which means that it is not possible to mine these currencies on a mobile phone.

Whatever amounts you collect by mining will be trivial at best, so stay away from any of these apps.

Fifth: Applications for changing the numbers of the copied recipient’s wallet address: Clipper applications

These apps change the cryptocurrency wallet addresses you copy and replace them with addresses belonging to the hacker, so while the victim may copy the correct recipient's wallet address, the address they paste in to process the transaction is the address the hacker is replacing.

To avoid falling victim to these apps, here are some precautions you can take when processing transactions:

Always double and triple check the wallet address you paste into the recipient field, as manipulations on the blockchain network are irreversible and so you should always be careful.

It is better to check the entire wallet address rather than parts of it, as some apps are smart enough to paste wallet addresses that are similar to your intended address.

Sixth: SIM swapping

In a SIM swap scam, cybercriminals gain access to a user's phone number, which they do by using social engineering techniques to trick mobile operators into issuing them a new SIM card.

The most famous SIM card swap scam involved a digital currency businessman named Michael Terbin, where Michael claimed that the mobile services company AT&T was negligent in dealing with his mobile phone credentials, which led to him losing digital tokens worth more than 20 million. American dollar.

Once cybercriminals have access to your mobile phone number, they can use it to bypass anything that relies on 2FA access, and from there hackers can make their way into your digital currency wallets and trading platforms.

Another method that cybercriminals can use is to monitor your SMS communications, as flaws in communications networks can allow criminals to intercept your messages which could include a message containing a 2FA code sent to you.

What's particularly worrying about this scam is that users are not required to take any action, such as downloading fake software or clicking on a malicious link.

To prevent falling prey to such scams, dear reader, here are some steps to keep in mind:

Do not use your mobile phone number to receive SMS messages in order to obtain the 2FA code, instead use applications such as Google Authenticator or Authy to secure your accounts, as cybercriminals are unable to access these applications even if they have your phone number, instead you can Use hardware devices for the 2FA code, such as YubiKey or Google Security Titan Key.

Don't reveal your personally identifiable information on social media, such as your mobile phone number, as cybercriminals can capture this information and use it to impersonate you elsewhere.

You should never advertise on social media that you own cryptocurrencies as this will make you a target for hackers, or if you are in a situation where everyone knows that you own cryptocurrencies, you should avoid disclosing personal information including the trading platforms or digital wallets you use.

Make arrangements with your mobile phone service providers to protect your account. This may mean attaching a PIN or password to your account and dictating that only users with knowledge of the PIN can make changes to the account. Alternatively, you can request that such changes be made in exchange. In person only and not allowed to be carried out over the phone.

We had published in Arab Folio News an article about the crime of SIM card swapping, which you can read via the following link:

What is the biggest threat threatening the digital currency community in 2019?! What is the crime of SIM Swapping?

Seventh: via WiFi

Cybercriminals are constantly looking for entry points into mobile devices, especially those of cryptocurrency users, and one of these entry points is access to a WiFi network. Public WiFi is considered unsafe, and users must take precautions before connecting to it.

If not, the user risks the possibility of falling victim to cyber criminals if they gain access to data on their mobile device, and these precautions are covered in the article about public WiFi that can be read here Public WiFi is insecure.

Summary of ideas

Cell phones have become an essential part of our daily lives, but in reality they are so intertwined with your digital identity that cell phones can become your biggest vulnerability. Cyber ​​criminals are aware of this, and will continue to look for ways to exploit this in fraud, so it is no longer safe to Mobile devices are an optional thing, they have become a necessity my friend so please be safe.