Fake Myetherwallet tricking android users. The cryptocurrency hype is also bringing in newer and newer threats for the cryptocurrency investors. In the latest scam revolving around cryptocurrencies, hackers are targeting Myetherwallet users by uploading fake applications on Google Play.
When a user actually downloads the fake application and enters their detail, the details are directly passed on to the hackers who now have the password as well as the login ID of most of the users. In the absence of 2-factor authentication, they would be able to easily log into the account and transfer the cryptocurrency. This is actually pretty risky as, within minutes of the login ID being passed on to the hackers, the money would be moved. Most of the transactions in the cryptocurrency space are irreversible. Owing to this very reason, once the money is lost, most of the users would not be able to see the money back.
Moreover, the hackers are consistently uploading newer and newer fake wallets on Google play. Therefore, if the users are not careful enough, they can easily lose a significant amount of cryptocurrency through the fake wallets.
The hackers are even posting fake reviews on the android app listing. Owing to this very reason, most of the users are actually trusting these applications. Even after repeatedly reporting these applications, some of the users are falling for it. The problem is that the amount of money which would be lost even if a few users fall for it is enormous. This is one of the main reasons why hackers are uploading consistently newer and newer fake applications.
Similarly, other exchanges have also been targeted by the fake android apps like Binance. However, that hack was less harmful as the hackers tried to create an affiliate chain rather than stealing directly the holdings of the users.
The number of scams revolving around cryptocurrencies are definitely increasing day by day. It is now up to the users to stay vigilant in order to ensure that they are able to avoid most of the scams. The scams can lead to a significant loss for most of the users as they hold the cryptocurrencies in a single wallet. This can lead to significant amount of monetary loss for most of the users.
Also, it is a good idea to always report these fake android applications to Google play store. This would ensure that the applications are taken down by Google which would protect the users from such fraud applications in the future.
While cryptocurrencies like Bitcoin and Monero were once used largely in underground criminal markets because of the anonymity associated with financial transactions, the user base for these currencies and the underlying blockchain technology is growing rapidly. Retailers, online gaming platforms, and more now accept Bitcoin, while major technology players with interests in transactional systems and databases are investing heavily in blockchain. At the same time, the appeal for cybercriminals remains strong, with most ransomware actors requiring payment in Bitcoin and underground markets continuing to operate with a variety of cryptocurrencies.
The mainstreaming of Bitcoin in particular, along with built-in mechanisms for ensuring a reasonable degree of scarcity, has dramatically driven up the value of the currency (Figure 1). At current exchange rates, one bitcoin is now worth over $2600 USD, although the exchange rate recently exceeded $3000 USD per bitcoin. Not surprisingly, threat actors are now looking at new ways of stealing bitcoins, including through sophisticated phishing schemes. We examine several phishing templates targeting cryptocurrencies below.
Cryptocurrency scammers are tricking users with fake Binance links on Google
Slippery scammers are targeting cryptocurrency rookies with fake landing pages for popular exchange desks – including leading platform Binance – that have been deliberately designed to appear like the real thing.
Once a user has wound up on one of these fraudulent pages, all clickable links have been programmed to forward visitors to the official Binance website, but through an affiliate URL. While it appears the fake pages aren’t seeking to steal your credentials, it is advisable to practice extreme caution in case you end up on one.
Unlike the official page, the illegitimate Binance copycats use a technique known as Punycode which allows them to “represent Unicode within the limited character subset of ASCII.” Leveraging this method, the malicious domain ‘xn--inance-hrb.com’ could be displayed as ‘ƅinance.com.’
You can see how that could be confusing to newcomers – and some less technical crypto-traders in general.
One way to spot fake pages is by checking the certificates in the upper left corner of your browser. It is worth noting that some more advanced techniques are known to make it damn near impossible to tell apart real from fake set-ups – so take this tip with a grain of salt.
How to keep your coin safe?
Cold, Hard (Digital) Cash
A key step to protecting your cryptocurrency is to store anything of significant value in a hardware wallet—a physical device, like a USB drive, that stores your private keys and currency locally, and isn’t connected to the internet. Experts caution against storing large amounts of coins through cryptocurrency exchanges, or in digital wallet apps on your smartphone or computer. The public-facing internet offers an attacker too many inroads to attempt to infiltrate your wallet, or trick you into giving them access.
Secure hardware wallets like Trezor or the Ledger Nano S cost about $100 or less and have a straightforward setup. You just choose a PIN number and a recovery “seed” (usually a set of words and numbers) in case you forget your PIN, or your wallet malfunctions. It’s pretty robust security, so make sure you keep copies of your PIN and seed somewhere accessible to you, but not to home intruders. Recovering currency stored on a hardware wallet after losing both the PIN and the seed is a whole thing. Emin Gun Sirer, a distributed systems and cryptography researcher at Cornell University, goes so far as to suggest that you should “keep a backup of the seed key in a fireproof safe.” This stuff is for real.
Your setup also doesn’t have to be fancy; you can store backups of your coins on any external storage device, like a portable hard drive. Just make sure to encrypt the data in case the device is lost or stolen. You might even consider making a backup to leave in a safe deposit box.
The downside to a hardware wallet is that it makes approving transactions a bit cumbersome. If you want more fluid access to your cryptocurrency, experts suggest storing a small amount in a wallet app to facilitate low-value transactions. The key here: Only keep an amount you would be willing to lose in the app, and never give anyone your private key.
Apps like Mycelium Wallet that are interoperable with popular hardware wallets can make your setup more seamless. And some app-based options like Samourai Wallet are working to prioritize robust encryption and privacy features. Still, don’t trust any app with too much cryptocash right now.
Additionally, consider where you store your private keys, the secret part of the public-private key set that lets you authorize revisions to a blockchain. Always keep them encrypted, and try to avoid leaving them lying around on devices that you use all the time for a lot of different tasks, like your personal PC.
Also consider your transactions carefully. There are tons of established, reliable institutions, but gimmicky new cryptocurrencies crop up all the time, as well as questionable Initial Coin Offerings that could have nothing behind them but scammers on the move. When the cryptocurrency OneCoin, marketed as a Bitcoin competitor, launched this year people bought about $350 million-worth of the coins—which has since drawn comparisons to a Ponzi scheme. And people are even being scammed during legitimate ICOs when attackers launch phishing attacks around the events, or trick would-be investors into sending money to fake wallets. (The Securities and Exchange Commission is poking hard on this.)
Nail the Basics
It’s also important to remember that all the small things you’re already doing (right?) to protect your general digital life help defend your cryptocurrency as well. “We encourage all customers to take a few foundational, and free, actions to put them on a much more stable security footing,” says Philip Martin, director of security at the cryptocurrency exchange platform Coinbase. “Use a password manager, use two-factor authentication, leverage enhanced security protocols for your email address.”
For the especially concerned, Martin even suggests turning on Gmail’s new Advanced Protection feature, and/or adding defenses like a PIN or password to your phone number to make it harder for attackers to grab control of your accounts by transferring your SIM to their own device.
All of these suggestions bolster your general digital security hygiene, but they are particularly helpful for reducing your exposure to the most simple (sometimes impressively so) cryptocurrency scams that can take advantage of small things, like a reused password and no second authentication requirement, to walk in the front door of one of your accounts.
Take that CryptoShuffler trojan, which originally emerged more than a year ago and has been making the rounds again this week. It shows just how basic cryptocurrency scams can be. The malware works by lurking silently on a victim’s computer and passively monitoring their clipboard, waiting for the victim to copy a Bitcoin wallet address. When it sees a string of numbers that looks right, CryptoShuffler simply starts swapping the wallet ID the victim copied for its own malicious wallet address in payment fields. If the victim doesn’t spot the change, the transaction goes through and the coins go to the crooks.
The best way to defend against an attack like that (if your malware scanner doesn’t detect the intrusion) is simply watching all transactions carefully, and taking steps to safeguard your assets so you know your data hasn’t been exposed.
And once you have the basics in place, make sure your friends adopt the same mindset. The more secure the ecosystem, the less attractive a target it is to bad actors. “Help newcomers to crypto with their security,” Cornell’s Sirer says. “The area is new and we need to support the people who are just finding their way in.” / Source: Wired
Luckily, you don’t need to be a cryptography expert to take the basic security steps that will protect you against the majority of attacks. And seriously, if nothing else, don’t lose that wallet seed.
You could lose your Bitcoin in a scam
Usually, “diversifying” seems like pretty solid investment advice. Never put all your money into one stock or even one industry.
We are told to spread our savings around and let them grow, which works well in regulated markets, where you can invest in index funds, trackers or spread yourself around popular indices. You can trust the regulator to (for the most part) only list stock of companies that are conducting in actual business, have been vetted and approved for listing. Where something is listed is also a benchmark for the reputation of the stock, bond, or other security.
In the crypto world, anybody can create a cryptocurrency or launch an “Initial Coin Offering” (ICO), and many scammers are using that to their advantage. They invest a lot of money in advertising and claim they are building “the next big thing” and promise high returns.
- Make sure you understand the product you are buying, including its technology, economics, founding team, and the regulation around it
- Use the product you invested in. Does it work? Does it have bugs? Is it useful to you?
- Be careful with big claims and promises of returns
- What happens if the investment ultimately fails? Will you lose all your money? Will you financially be okay? Will you be able to pay all your bills?
Tags: how to store cryptocurrency offline, bitcoin cold storage usb, bitcoin cold storage device, paper wallet cryptocurrency, paper wallet ethereum, keepkey – hardware wallet, paper wallet bitcoin, paper wallet ripple