How to Protect Your Assets From Fake App Scams
Main Takeaways
Scammers can use fake mobile applications that mimic the official Binance app to steal users’ sensitive data and digital assets.
One way criminals can attempt to siphon off the funds is by manipulating the QR code or wallet address during the withdrawal and deposit process.
Users should always download the Binance App from official channels to avoid installing fraudulent apps.
Scams leveraging fake mobile applications have long been a prominent threat in the digital-asset space. It’s not just new users who can have trouble distinguishing between legitimate and fraudulent apps – even experienced users could fall into the same trap if they update their crypto apps using non-official sources.
Criminals pulling off such schemes hope that users would carelessly download apps from unofficial and untrustworthy sources before making withdrawals to wallet addresses without verifying their authenticity.
In this article, we’ll zoom in on fake crypto apps: what they are, how they operate and, most importantly, the measures you should take to protect yourself from fake app scams.
What Are Fake Apps?
Fake apps are designed to resemble legitimate applications, like the official Binance app, that you find in official stores. The people who make this fraudulent software aim to trick others into thinking it's the real app and have users download it. Essentially, they seek to leverage users’ trust in the organization or service that issues the real app to make people install malware on their devices. In the case of crypto or financial services apps, installing such software on one’s device puts users’ assets at serious risk.
Not all fraudulent apps can be easily identified at first sight, as they can be designed to look very similar to the original. Once installed, malicious apps can spy on your phone activity, steal your personal information, and even rob you of your crypto assets without you noticing it. If you're not downloading the Binance application from our official sources, you could become a victim of a fake app scam without even realizing it.
Consequences Can Be Severe
Fake app scams are more common than most users think, and the consequences of installing a piece of malicious software on your device can be grave. Here are some of the scenarios that can unfold once you have installed a bogus app.
Data theft
Certain fake apps are made by tweaking the original code of the official Binance app. These altered apps can quietly send your password and login details to others without you knowing. They can send out a wide range of personal data: text messages, phone calls, your contact lists, pictures, search history, location data, cryptocurrency wallet addresses, and even recovery phrases. Once the attackers acquire a user’s login credentials and/or recovery phrases, they can steal their funds easily. In addition, criminals can share the victim’s personal data with other bad actors who could target them for further attacks.
Asset loss
Scammers take advantage of the fact that crypto wallet addresses are very hard to remember. One of the most common ways crypto users lose their assets to fake apps is when these deceptive apps generate crypto wallet addresses that look similar to real ones. They can then replace the real addresses displayed on the user interface's deposit and withdrawal pages. There is little visual difference between the user’s actual wallet address and the fake one, unless users compare them character by character.
Another common technique involves fake apps manipulating users’ clipboards when they copy and paste deposit or withdrawal addresses. In such cases, when you paste the address to make the transfer, it is the scammer’s wallet address that gets pasted and ends up receiving the funds.
In addition to the clipboard, QR codes that encode withdrawal addresses can also be replaced. The screenshot below shows a Deposit USDT page on the Binance app where the three sections highlighted can be targeted by fake app designers for replacement.
1. Scammers can replace the QR code. Visually, it’s nearly impossible to distinguish between the real and the fake one.
2. The Wallet Address section can be tampered with as well. Even if you remember the first and last few digits of your address, fake apps can alter the digits in between. Therefore, unless you remember all the digits, it's difficult to tell the difference at first glance.
3. The 'copy' function on fake apps might not genuinely duplicate your actual address. Instead, it's designed to trick you into pasting the scammer's address when you make a transfer.
Similarly, during the withdrawal process, a fake app can change the address on the 'Confirm order' page to that of the scammer. Thus, even if you have put in the correct withdrawal address in the previous step, the funds can end up being sent elsewhere.
How to Protect Yourself
Fortunately, there is a straightforward way to avoid falling victim to a fake app scam: Always download the Binance App from our official channels.
In addition, you can send an email to download@binance.com to acquire the latest version of Binance official apps, both Apple and Android versions.
Please note that it is users’ responsibility to conduct their own due diligence and follow general security measures regarding the legitimacy of any application that appears to be a Binance app before downloading and installing it. Binance is not responsible for any loss that may be incurred from using fake or illegitimate applications.
Depositing via the Binance app: Before you initiate the transfer, there are some extra steps you can take to enhance security. Open a new incognito window in your browser, log in via the Binance official website, then go to 'Deposit’ and find your deposit address. Compare the deposit address you have on your phone with the one on the Binance website.
Upon withdrawal: After entering your withdrawal address on the 'Send crypto' page, please verify the address again on the 'Confirm Order' page for authenticity, as fake apps can manipulate your address at this stage.
Also, compare this address with the one in the email notification that we sent to you to confirm they are the same.
Transfer a small amount first
As a general guideline, when initiating a cryptocurrency transfer, we recommend depositing or withdrawing a small amount as a trial first. This practice helps confirm that you have the correct transfer address, thereby allowing you to proceed with higher-value transactions confidently.
However, please keep in mind that successful receipt of a small transfer does not always guarantee that the app you’re using is 100% authentic. There exist sophisticated fraudulent apps designed to let smaller transactions/deposits or withdrawals reach the intended account, thereby gaining the user's trust. Later, when it comes to larger amounts, the funds are rerouted to the scammer's account.
Whenever you make a transfer, always verify the transfer address (using the provided steps) to ensure its authenticity, and always remain vigilant to avoid falling for scam apps!
What if a Fake App Is Already Installed?
If you suspect that a fake Binance app has been installed on your phone, please take the following steps:
Uninstall the suspicious app immediately and download the Binance app from one of the official sources listed above.
Change your Binance account password.
Contact Customer Support to report the incident.