Apps on Google play that steal users secret passphrase
The essence of such applications: Copies of applications from popular crypto wallets are created, such as Trust Wallet, Exodus, and Safepal. Then, after a person downloads it and wants to log in to their wallet, they enter their seed phrase (a phrase of 12-24 words that is needed to access the wallet), but the person does not understand that this is a fake application and gives their phrase to scammers, who waste no time taking all the money from their crypto wallet.
Example:
Fake app on Google Play:
The original SafePal app on Google Play:
How do I recognize a fake app in Google play?
Tips for this scheme:
Apps in Google Play on the topic of cryptocurrency with the substitution of your crypto-currency address
The essence of this scheme
Exchange applications are created or any other, they cheat reviews, make it popular, or simply copy the popular one and cheat it, then malicious code is sewn into the application itself, which replaces the recipient with the one to whom you send the code to.
Example:
I want to exchange 1 BTC through this app for $ 150000 to a bank card. I make a deposit to this application, it comes, but often nothing comes, then I can see 1 BTC on my account, I take and send money to the exchanger's account, but during this, the address that I took from the exchanger is replaced with a fake one and I poison the money not to the exchanger, but to the fraudster.
Doubling your money, doubling websites, doubling tweets, simple divorce.
The essence of this scheme:
Option one: A website is created, advertised, and spammed wherever possible. When you go to the site, we are greeted with a beautiful inscription: send 1 Ethereum / Bitcoin, and you will receive 2 Ethereum or 2 Bitcoins.
Option two: official accounts on Twitter or other social networks are Hacked, and then they do almost the same thing as I described above.
Option three: Make similar accounts to popular people, then post what I said above.
Option four: Buy, hack popular personalities with ticks or a large number of subscribers and place a scam.
Recommendations
ICO, IFO, IDO,IEO, Token Sale - pre-Sale of coins that do not carry any value and will not be worth anything in the future, or fake offers
The essence of this scheme: In any case, I do not want to say that all the above terms are fraud, no, this is not so, but there are certain ones that steal ideas, steal a roadmap, an idea and everything else, and as a result they go to the top sites to place their coins for pre-sale.
That is, they take some idea, wrap it in a good wrapper and serve it to people on a platter, people fly headlong, buy these shit coins for the whole cutlet and end up with nothing, now in 2021 everything that happened in 2017 is repeated.
Recommendations:
YieldFarming - fakes, ephemera, or fraud in Defi
The essence of this scheme: Websites similar to Pancakeswap are created.finance or any other popular sites 1inch, Sushi, etc. Then a coin is created that does not carry any value and liquidity pools are made with or without Commission. Then people invest their money in it all, buy coins that are worthless or very much worth it, and after a couple of days or weeks it all covers up and people are left with nothing.
The original Pancakeswap site.finance
Similar to Pancakeswap, only pills.
A distinctive feature of such sites
Recommendations
Airdrops in cryptocurrency that will never give you your reward for simple tasks
The essence of this scheme: Social networks are being created networks are all that are possible, Facebook, Twitter, telegram and the like. Next, a bot is made in telegram or a website, or anything in General. You perform a task like: Subscribe and give $ 1 in our coin, etc. After that, you wait for the end of this drop, but figs you with butter and you get a notification that they have a Pre-sale, pre-sale and they sell their coins at a penny price and promise you huge claims, fools throw and lose their money.
Or after promoting their accounts, they turn them into fakes of popular personalities and ask for bitcoins or other cryptocurrency.
Features of similar Airdrops
Recommendations
Hacking of websites, exchanges, crypto wallets, and applications.
The essence of this scheme: the site is Hacked, any possible substitution is made, and people give their money or the seed phrase to scammers.
Let's look at the recent example of Pancakeswap on March 15, 2021: on this day, scammers took over the site's protection against cloudflare ddos (Mass attack) and replaced the page on the site, that is, when you click on any of the options, you were asked to enter a seed phrase, which of course you don't need to enter on the original site.
Screenshot of what the login page looked like:
Recommendations
Hacking of your computer due to your carelessness and loss of cryptocurrency
The essence of these schemes.
The first option: a Fraudster needs you to download a file, then you open it and lose access to your passwords, Bank accounts, crypto currency accounts and mailboxes. As a result, we lose control of everything.
This usually happens through various task boxes, banners, ads, or torrent files with pirated games, programs, and so on.
Option two: you don't lose access to your accounts, but a virus gets into your computer that will replace money sending addresses, cryptocurrency, and anything else.
Option three: your computer is controlled using a remote access virus, other viruses are installed on it and data is stolen, you don't even know about it and lose everything you have.
How to protect yourself from this
The human factor or how scammers manipulate and deceive you
Transfer money for cryptocurrency without confirmation in the network: the fraudster sells cryptocurrency, searches for people in the chat or somewhere, then communicates with the victim, usually not always smart in this area, sends her cryptocurrency and shows a screenshot that there is one confirmation, the buyer sends him their hard-earned money, and the fraudster cancels the transaction.
Explanation: I told you on the example of Bitcoin, if confirmation is 1, then the transaction can be canceled, but not so easy, but it is possible and the fraudster remains in the plus x2. And in order for the transaction to pass, you need 2 confirmations. The attack is called a Double-spread, I'll tell you about it later in another article, but we got the point.
I need help, withdraw my money please, I can't do it: scammers write something like this When they want to tell you that they don't withdraw money from any site or exchange, they give you a username and password from the account, enter in trust, then you try to withdraw money, but you write, Oh may reptile, the country's government needs to Deposit$ 100 to withdraw money and you Deposit and you are deceived, I think everything is clear here.
The same passwords wherever possible: You put the same passwords everywhere and one of your email, thereby you can be left with nothing, if in case of hacking your Vkontakte, the password will also fit to the crypto currency exchange, then you will be left with nothing or to the mail.
Tips for everything I described above
Crypto currency exchanges and how they scam people
The essence of this scheme: You register on the exchange, make a deposit, everything seems to be fine, trade, earn money, etc., but one day you want to withdraw your money, but your transaction is canceled and they ask you to explain where the money came from.
In a good case, if the exchange is normal, it will allow you to withdraw money after an explanation.
In the worst case, using the example of the Hitbtc exchange, you will send her your documents and she will jerk you off for several years and take your money as a result, and this happens.
Recommendations
The essence of this scheme: The scammer advertises fake any website using key words in an advertising office, Google, thus appears at the top of the SERP.
The essence of such applications: Copies of applications from popular crypto wallets are created, such as Trust Wallet, Exodus, and Safepal. Then, after a person downloads it and wants to log in to their wallet, they enter their seed phrase (a phrase of 12-24 words that is needed to access the wallet), but the person does not understand that this is a fake application and gives their phrase to scammers, who waste no time taking all the money from their crypto wallet.
Example:
Fake app on Google Play:
The original SafePal app on Google Play:
How do I recognize a fake app in Google play?
- Please note the number of reviews and downloads of the app itself
- We pay attention to the design, how poor it is, but it can also be on a normal app, but not always
- Next, open Google, write for example Safepal, find the official website, search for a normal application and download it ( in any case, do not click on ads to sites, the site will be labeled AD or Advertising, these may be fake sites )
Tips for this scheme:
- Download apps only with reviews and downloads.
- Check apps through the official websites of the apps themselves.
- Do not download such apps on non-left-hand sites.
- Don't enter your Seed phrase randomly.
- Always understand how the app works, read articles, and watch guides from trusted sources.
Apps in Google Play on the topic of cryptocurrency with the substitution of your crypto-currency address
The essence of this scheme
Exchange applications are created or any other, they cheat reviews, make it popular, or simply copy the popular one and cheat it, then malicious code is sewn into the application itself, which replaces the recipient with the one to whom you send the code to.
Example:
I want to exchange 1 BTC through this app for $ 150000 to a bank card. I make a deposit to this application, it comes, but often nothing comes, then I can see 1 BTC on my account, I take and send money to the exchanger's account, but during this, the address that I took from the exchanger is replaced with a fake one and I poison the money not to the exchanger, but to the fraudster.
Doubling your money, doubling websites, doubling tweets, simple divorce.
The essence of this scheme:
Option one: A website is created, advertised, and spammed wherever possible. When you go to the site, we are greeted with a beautiful inscription: send 1 Ethereum / Bitcoin, and you will receive 2 Ethereum or 2 Bitcoins.
Option two: official accounts on Twitter or other social networks are Hacked, and then they do almost the same thing as I described above.
Option three: Make similar accounts to popular people, then post what I said above.
Option four: Buy, hack popular personalities with ticks or a large number of subscribers and place a scam.
Recommendations
- Never transfer your money to popular personalities or anyone at all if you are somewhere in the social network we asked you to do this.
- Always check the fact for a fake, a check mark or proof of identity does not mean that this is really the person who needs to be more careful in detecting fakes.
- Even if the real Elon Musk, in all respects, asks in his Twitter to send him bitcoins, in any case, do not do this, or someone else. With 100% certainty, you will lose your money.
ICO, IFO, IDO,IEO, Token Sale - pre-Sale of coins that do not carry any value and will not be worth anything in the future, or fake offers
The essence of this scheme: In any case, I do not want to say that all the above terms are fraud, no, this is not so, but there are certain ones that steal ideas, steal a roadmap, an idea and everything else, and as a result they go to the top sites to place their coins for pre-sale.
That is, they take some idea, wrap it in a good wrapper and serve it to people on a platter, people fly headlong, buy these shit coins for the whole cutlet and end up with nothing, now in 2021 everything that happened in 2017 is repeated.
Recommendations:
- Always check everything yourself, without listening to anyone or relying on someone else's opinion. You can listen, but you can't do as you're told.
- Do not do as bloggers, popular personalities do and tell you that this will give you chances and you will become rich on the example of past coins.
- Check the sites where such coins are placed, because even these sites can steal from you, posing as real ones.
- First look for all the most negative things about a particular coin, and then find out the positive aspects and build your opinion.
YieldFarming - fakes, ephemera, or fraud in Defi
The essence of this scheme: Websites similar to Pancakeswap are created.finance or any other popular sites 1inch, Sushi, etc. Then a coin is created that does not carry any value and liquidity pools are made with or without Commission. Then people invest their money in it all, buy coins that are worthless or very much worth it, and after a couple of days or weeks it all covers up and people are left with nothing.
The original Pancakeswap site.finance
Similar to Pancakeswap, only pills.
A distinctive feature of such sites
- The same design as the original one and a slight modification of it
- Huge annual interest, a day you can allegedly earn 100%
- There is no liquidity ( that is, you can't exchange their coin at the normal price )
- Huge volatility. Today 1 pill is $ 1, and tomorrow 1 pill is $ 0.001
- There is no value from the coin
- There are no new features (Although there may be)
Recommendations
- Never go into something like this for all your money, I understand that Pancakeswap was the same, but at that time there were not so many such exchangers and farmilok. So keep this fact in mind.
- Always check where and why you are pouring your money, and for what purpose in General.
Airdrops in cryptocurrency that will never give you your reward for simple tasks
The essence of this scheme: Social networks are being created networks are all that are possible, Facebook, Twitter, telegram and the like. Next, a bot is made in telegram or a website, or anything in General. You perform a task like: Subscribe and give $ 1 in our coin, etc. After that, you wait for the end of this drop, but figs you with butter and you get a notification that they have a Pre-sale, pre-sale and they sell their coins at a penny price and promise you huge claims, fools throw and lose their money.
Or after promoting their accounts, they turn them into fakes of popular personalities and ask for bitcoins or other cryptocurrency.
Features of similar Airdrops
- Aggressive marketing
- Lots of promises
- Coins that don't carry any value
- The sites are not about anything and the project itself is also about nothing
- Delays in issuing drops
Recommendations
- If you participate in such airdrops, then in any case do not invest your money in these coins, but do free tasks if you think that they will give you something
- Participate only in proven airdrops from proven companies that are useful and can really give something away.
- Never enter your Seed phrase if you are asked in airdrops.
- Always check your own airdrops, don't listen to anyone.
Hacking of websites, exchanges, crypto wallets, and applications.
The essence of this scheme: the site is Hacked, any possible substitution is made, and people give their money or the seed phrase to scammers.
Let's look at the recent example of Pancakeswap on March 15, 2021: on this day, scammers took over the site's protection against cloudflare ddos (Mass attack) and replaced the page on the site, that is, when you click on any of the options, you were asked to enter a seed phrase, which of course you don't need to enter on the original site.
Screenshot of what the login page looked like:
Recommendations
- Never enter the Seed phrase when asked to do so.
- Follow the news through official sources
- Think with your own head
- Double-check the sending and receiving addresses when transferring cryptocurrency
Hacking of your computer due to your carelessness and loss of cryptocurrency
The essence of these schemes.
The first option: a Fraudster needs you to download a file, then you open it and lose access to your passwords, Bank accounts, crypto currency accounts and mailboxes. As a result, we lose control of everything.
This usually happens through various task boxes, banners, ads, or torrent files with pirated games, programs, and so on.
Option two: you don't lose access to your accounts, but a virus gets into your computer that will replace money sending addresses, cryptocurrency, and anything else.
Option three: your computer is controlled using a remote access virus, other viruses are installed on it and data is stolen, you don't even know about it and lose everything you have.
How to protect yourself from this
- Install an antivirus program on your computer and buy a subscription to it, as well as do not forget to update it and check your computer
- Do not download programs, games, etc. from unverified resources
- Store your passwords in the kepass, KepassXS, and similar password managers
- Do not store the Seed phrase and important passwords on your desktop, computer, Notepad, or similar.
The human factor or how scammers manipulate and deceive you
Transfer money for cryptocurrency without confirmation in the network: the fraudster sells cryptocurrency, searches for people in the chat or somewhere, then communicates with the victim, usually not always smart in this area, sends her cryptocurrency and shows a screenshot that there is one confirmation, the buyer sends him their hard-earned money, and the fraudster cancels the transaction.
Explanation: I told you on the example of Bitcoin, if confirmation is 1, then the transaction can be canceled, but not so easy, but it is possible and the fraudster remains in the plus x2. And in order for the transaction to pass, you need 2 confirmations. The attack is called a Double-spread, I'll tell you about it later in another article, but we got the point.
I need help, withdraw my money please, I can't do it: scammers write something like this When they want to tell you that they don't withdraw money from any site or exchange, they give you a username and password from the account, enter in trust, then you try to withdraw money, but you write, Oh may reptile, the country's government needs to Deposit$ 100 to withdraw money and you Deposit and you are deceived, I think everything is clear here.
The same passwords wherever possible: You put the same passwords everywhere and one of your email, thereby you can be left with nothing, if in case of hacking your Vkontakte, the password will also fit to the crypto currency exchange, then you will be left with nothing or to the mail.
Tips for everything I described above
- Never trust anyone, double-check transactions, websites, and the like
- Never make the same passwords on all sites and do not register everything to the same email, separate them
- Never make deposits on fake websites if you are asked to do so
Crypto currency exchanges and how they scam people
The essence of this scheme: You register on the exchange, make a deposit, everything seems to be fine, trade, earn money, etc., but one day you want to withdraw your money, but your transaction is canceled and they ask you to explain where the money came from.
In a good case, if the exchange is normal, it will allow you to withdraw money after an explanation.
In the worst case, using the example of the Hitbtc exchange, you will send her your documents and she will jerk you off for several years and take your money as a result, and this happens.
Recommendations
- Don't keep all your money on exchanges
- Read reviews online
The essence of this scheme: The scammer advertises fake any website using key words in an advertising office, Google, thus appears at the top of the SERP.