The FBI’s late July notification is informative reading, as it outlines a number of things to watch out for when presenting an app or platform that may or may not be fraudulent.
First of all, the agency points to the fact that, in many cases, fraudsters will produce apps that use “legitimate USBUS names, logos, and other identifying information, including creating fake websites.”
This means that investors may be invited to download the “official” app of a well-known crypto-exchange or financial institution, but it is likely that there are a number of important differences between the real app and a fake one.
Here’s what you should do to understand the difference:
-
Try going to a platform or the official website of an exchange and find the app there. Generally, potential victims of fake crypto app scams are approached via social media or some kind of online forum (e.g. Twitter, Telegram, Reddit). If you’re ever sent a link to a download for a crypto app from a company you’ve heard of, ignore it and go to the official website of any platform the person claims to be from. If you can’t find one, you probably have a scam on your hands.
-
If you’ve never heard of the company, exchange, or platform someone claims to be from, try searching for them using Google, DuckDuckGo, or any other reputable search engine. If you really can’t find anything substantial for them (e.g. mentions in news articles from reputable outlets), then the crypto app they’re trying to get you to download is probably a scam.
-
More simply, being contacted directly online should already be warned enough that you are dealing with a scam. Coinbase, Kraken, or any other major exchange won’t try to contact you via Twitter (or anywhere else) to encourage you to download your app, and the same goes for smaller decent exchanges and brokerages. Treat anyone who contacts you directly with a crypto app or download link with extreme skepticism.
-
Other things to pay attention to include how the cryptographic app in question is presented. If it looks amateurish, has incorrect spelling and/or grammar, or has limited or buggy functionality, it shouldn’t be trusted with your cryptocurrency, fiat currency, or financial details.
Check and double-check
These guidelines are reinforced by the FBI report. Notably, his warning is about three separate scams, each of which used fake crypto apps in slightly different ways.
The first scam took place between December 22, 2021 and May 7, 2022 and defrauded at least 28 victims of approximately $3.7 million. In this case, the scammers encouraged victims to download an app that bore the logo and name of a real US financial institution, also convincing them to deposit cryptocurrencies in the app. 13 of the people who deposited cryptocurrencies in the app tried to withdraw their funds, but were told they had to pay taxes on their investments before they could withdraw. They paid this “fee”, but could not yet withdraw their cryptocurrency.
The second scam, which runs from October 4, 2021 to May 13, 2022, was similar to the first, managing to steal $5.5 million from at least four victims. In this case, the criminals presented themselves under the name of YiBit, which they had taken from a legitimate crypto-exchange closed in 2018.
With the third scam, the criminals operated under the name Supayos (and Supay), which the FBI reports is the name of an exchange provider operating in Australia. Using this name, they created a fake crypto app that managed to defraud two victims between November 1 and November 26, 2021, with one victim being told that he had signed up for an account with a mandatory minimum balance of $900,000.
In each of these three cases, the criminals used the name of a pre-existing company and/or platform. Therefore, it is really worth searching online and on official channels for confirmation of what they are claiming. If they claim to belong to company X, check the independent information about company X online. If Company X is a legitimate company, download any official apps it may have from official channels (such as Apple’s App Store, Google Play Store, or the company’s actual website). If you can’t find independent information confirming that company X is legitimate, go ahead.
As the FBI concludes:
“Verify that an app is legitimate before downloading it by confirming that the company offering the app actually exists, identifying whether the company or app has a website and ensuring that any financial information or documents are tailored to the purpose of the app and the proposed financial activity.”
While the FBI does not refer to fake crypto apps in Apple’s App Store or Google Play Store in its latest warning, similar principles apply. That is to say, if you are looking for the app of a crypto-exchange or crypto-related service in one of these stores, check that whatever you find is really the app you are looking for. Because there have been cases (e.g. Trezor) of criminals who have created fake apps for real companies.
-
Check reviews: Real and official crypto apps should have a lot of user reviews on Apple’s App Store or Google Play Store. Fake crypto apps will have few reviews, and most of these will likely be negative.
-
Again, find the official website of the exchange, platform, or service you are looking for and reach its app on the iOS or Android app stores by clicking on the correct link on this website.
These are all simple steps. However, by following them at all times, you can save yourself from becoming the next victim of the legions of crypto cybercriminals.
