How to protect your assets from fake app scams

Scams leveraging fake mobile applications have long been a prominent threat in the digital asset space. It’s not just new users who can have trouble distinguishing between legitimate and fraudulent apps; even experienced users could fall into the same trap if they update their crypto apps using non-official sources.

Criminals pulling off such schemes hope that users would carelessly download apps from unofficial and untrustworthy sources before withdrawing to wallet addresses without verifying their authenticity.

In this third series with the Nation, we’ll zoom in on fake crypto apps: What they are, how they operate, and, most importantly, the measures you should take to protect yourself from fake app scams.

What are fake apps?

Fake apps are designed to resemble legitimate applications, like the official Binance app that you find in official stores. The people who make this fraudulent software aim to trick others into thinking it’s the real app and have users download it. Essentially, they seek to leverage users’ trust in the organisation or service that issues the real app to make people install malware on their devices. In the case of crypto or financial services apps, installing such software on one’s device puts users’ assets at serious risk. 

Not all fraudulent apps can be easily identified at first sight, as they can be designed to look very similar to the original. Once installed, malicious apps can spy on your phone activity, steal your personal information, and even rob you of your crypto assets without you noticing it. If you’re not downloading the Binance application from our official sources, you could become a victim of a fake app scam without even realising it. 

Consequences can be severe 

Fake app scams are more common than most users think, and the consequences of installing a piece of malicious software on your device can be grave. Here are some of the scenarios that can unfold once you have installed a bogus app.

Data theft

Certain fake apps are made by tweaking the original code of the official Binance app. These altered apps can quietly send your password and login details to others without you knowing. They can send out a wide range of personal data: Text messages, phone calls, your contact lists, pictures, search history, location data, cryptocurrency wallet addresses, and even recovery phrases. Once the attackers acquire a user’s login credentials and/or recovery phrases, they can steal their funds easily. In addition, criminals can share the victim’s personal data with other bad actors who could target them for further attacks.

Asset loss

Scammers take advantage of the fact that crypto wallet addresses are very hard to remember. One of the most common ways crypto users lose their assets to fake apps is when these deceptive apps generate crypto wallet addresses that look like real ones. They can then replace the real addresses displayed on the user interface’s deposit and withdrawal pages. There is little visual difference between the user’s actual wallet address and the fake one unless users compare them character by character.

Another common technique involves fake apps manipulating users’ clipboards when they copy and paste deposit or withdrawal addresses. In such cases, when you paste the address to make the transfer, it is the scammer’s wallet address that gets pasted and ends up receiving the funds.

In addition to the clipboard, QR codes that encode withdrawal addresses can also be replaced. 

1. Scammers can replace the QR code. Visually, it’s nearly impossible to distinguish between the real and the fake one.
2. The Wallet Address section can be tampered with as well. Even if you remember the first and last few digits of your address, fake apps can alter the digits in between. Therefore, unless you remember all the digits, it’s difficult to tell the difference at first glance.
3. The ‘copy’ function on fake apps might not genuinely duplicate your actual address. Instead, it’s designed to trick you into pasting the scammer’s address when you make a transfer. 

Similarly, during the withdrawal process, a fake app can change the address on the ‘Confirm Order’ page to that of the scammer. Thus, even if you have put in the correct withdrawal address in the previous step, the funds can end up being sent elsewhere.

How to protect yourself

Fortunately, there is a straightforward way to avoid falling victim to a fake app scam. Always download the Binance App from our official channels.

• Binance official website
• Google Play
• Apple App Store

Please note that it is users’ responsibility to conduct their own due diligence and follow general security measures regarding the legitimacy of any application that appears to be a Binance app before downloading and installing it. Binance is not responsible for any loss that may be incurred from using fake or illegitimate applications.

Depositing via the Binance app: Before you initiate the transfer, there are some extra steps you can take to enhance security. Open a new incognito window in your browser, log in via the Binance official website, then go to ‘Deposit’ and find your deposit address. Compare the deposit address you have on your phone with the one on the Binance website. 

Upon withdrawal: After entering your withdrawal address on the ‘Send crypto’ page, please verify the address again on the ‘Confirm Order’ page for authenticity, as fake apps can manipulate your address at this stage. 

Transfer a small amount first

As a general guideline, when initiating a cryptocurrency transfer, we recommend depositing or withdrawing a small amount as a trial first. This practice helps confirm that you have the correct transfer address, thereby allowing you to proceed with higher-value transactions confidently.

However, please keep in mind that successful receipt of a small transfer does not always guarantee that the app you’re using is 100 percent authentic. There exist sophisticated fraudulent apps designed to let smaller transactions/deposits or withdrawals reach the intended account, thereby gaining the user’s trust. Later, when it comes to larger amounts, the funds are rerouted to the scammer’s account.

Whenever you make a transfer, always verify the transfer address (using the provided steps) to ensure its authenticity, and always remain vigilant to avoid falling for scam apps! 

What if a fake app is already installed?

If you suspect that a fake Binance app has been installed on your phone, please take the following steps: 

• Uninstall the suspicious app immediately and download the Binance app from one of the official sources listed above. 
• Change your Binance account password.  
• Contact Customer Support to report the incident.

Did you know?

Binance recently announced the launch of its Web3 Wallet, which aims to meet the demand for a simple, convenient, and secure way to experience the world of Web3. Binance’s Web3 Wallet is a self-custody crypto wallet built within the Binance app. With this latest launch, users now have access to a secure and streamlined method to swap thousands of tokens across various networks at the best prices, explore a variety of decentralised applications (dApps), quickly transfer funds between exchange and wallet, earn yield on their crypto and more, all in one secure wallet.

_______________

Disclaimer and Risk Warning: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial advice, nor is it intended to recommend the purchase of any specific product or service. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions. Binance is not liable for any losses you may incur.

Not financial advice: For more information, see our Terms of Use and Risk Warning.