Fake Poloniex Apps Harvest Credentials
It has become quite profitable recently to fraudulently steal cryptocurrency from traders. Couple the increased prices of these coins with the number of new users and you have the perfect storm for phishing scams to emerge.
One that was recently discovered involved a fake Poloniex account that was created and launched on the Google Play store. This was first reported by ESET security a few days ago.
The applications were disguised as legitimate apps and were available for download. Once installed, they would ask for the user's login credentials as well as ask for permission to access their email address. If these users did not have 2FA enabled, their coins were promptly stolen without a trace.
The Danger of Phishing Schemes
It seems that most of the press that is reported on these days will centre on some exchange or cryptocurrency business that has been hacked. However, these are not as likely to occur as a user getting tricked through an elaborate Phishing scheme.
This is exactly what has happened with the Poloniex apps. Given that Poloniex does not offer users an official mobile app, it left the door wide open to being abused. In this case, the fraudsters created two malicious applications.
One of them was titled the "POLONIEX EXCHANGE" and the other "POLONIEX COMPANY". The latter was downloaded over 500 times whereas the former was used by close to 5,000 users. Both have been taken down upon notification to Google.
Given that one of the apps was in operation for over 15 days there is no doubt that many users may have lost a large amount of coins through the scam.
How the Scam Works
When the user first downloads the app, it asks them for their user credentials in order to log into their Poloniex account. It presents them with a login screen that looks legitimate. Once the user has given their information, the attacker would have access to their account (assuming no 2FA).
Once they have access to their account, they can make trades and request a withdrawal. However, in order to process the withdrawal and make sure that there is no trace of the breach, they need to get access to the email account of the user.
This happens in the next stage where the app asks the user if they could be granted access to their email address. If the user authorises this then the operation is complete and the user is redirected to the actual login on the mobile site to make the app appear functional.
In the back though, the scammers now have access to both your account and your email. They quickly empty all of your coins and clear up the trace. Although there were a number of people who did leave negative reviews and say that it was a scam, perhaps these came too late or some people may have not read them.
Always be Cautious
Given how easy it is to steal cryptocurrency and how hard it can be to trace it, phishing scams like this will only increase. You have to always be on the lookout for anything that looks remotely suspicious.
When downloading apps, take a look at reviews. Make sure that the app that you are downloading is indeed affiliated with the exchange. Be suspicious of any apps that trigger alerts that request access to your private information such as email account.
Yet, the most important security step that you can take especially when dealing with online cryptocurrency exchanges is to enable two factor authentication. Getting access to your email credentials is pretty simple these days and it is all that is really required to nab your coins.
Featured Image via Fotolia
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.
