Even as India faces its worst economic crisis in almost three decades, local crypto trading, especially on peer-to-peer exchanges, has peaked. Anticipating a favorable result, not only did new crypto exchanges and bitcoin trading platforms launch in India, but some also relaunched their apps.
Trading app scammers prey on vulnerable people online and lure them into investing in these apps with schemes and investment opportunities that are really just a pack of lies. As if that isn’t bad enough on its own, one of the scams that SophosLabs investigated reminded us, yet again, that cybercriminals often aren’t very good at cybersecurity themselves. The criminals’ server had a wide-open directory that contained all the genuine customer data that they had collected under the guise of “know your customer” regulations, such as scans of passports, ID cards, driving licenses, and more.
Owing to the monetary and privacy risk factors associated with this, sharing with you a few tips on behalf of Paul Ducklin, Principal Security Researcher, Sophos around how one can avoid falling prey to such apps.
Tips to beware of fake online trading apps, on iOS as well as Android:
- If it sounds too good to be true, it is too good to be true.
Even if you think of all your social media and dating site connections as friends, you have no idea what their motivation is for talking up any investment scheme they recommend. For all you know, they could already have fallen for a scam themselves and be unknowingly dragging you in after them, or their account could have been hacked.
- Find your own way to investment websites you want to investigate.
In these scams, the crooks are hoping you won’t check the links they send you too closely because they’re coming from a “friend” and so can trust the links implicitly. But even if a link does come from a true friend, they could have made a mistake, so do your own searches anyway.
- Never install iPhone apps that don’t come from the App Store
Unless you know for sure that they were built, tested, and delivered by your own employer for a legitimate purpose that’s specific to your business. Be especially wary if the person trying to pitch the app to you comes up with a bunch of excuses such as “you’re an early adopter so you get the app before its release to the App Store”, or other tall stories that try to justify why they are unable to deliver the app in a regular way.