Episode Transcript
[00:00:00] Out of cycle update, a quick public service announcement Episode Cryptotalk FM. My name is Leister. I'm your host, and I'm giving you this as a more educational, informational update for those that may not know, especially in light of certain on the influencer sides getting breached. And I don't fully understand how this is happening, but I'm seeing more of this information coming out from different sources that's trying to help explain it. I still mystified at how it's happening because to me, it seems weird. So I'll share the information. I'm hoping that, you know, the people listening to my show here are a bit of a wiser breed, and you're not falling for this nonsense, but it's possible that you might fall for the nonsense. So there's, you might not understand on the mobile side whether you're Android or Apple, but I would argue mostly Android.
[00:00:47] There's this concept of malware. Malware is any software that has a bad intent. It's designed to do something bad to you. That's. Mal is spanish for bad. So malware is bad software. It's so it's software you should avoid. It's software that you should not be interacting with. But the problem with some malware is that it will disguise itself as legitimate software, and it's exacerbated, as in made worse by the rise of web based applications. So these dapps that you interact with, if you're trying to connect your wallet to some swap, whether that's uniswap or pancake swap or baby swap or Cal swap or some swap, you are connecting to a quote application. When the swaps interact with your wallet that you're connecting, they're using a protocol wallet connect. Some of them have their own variant of wallet Connect, like Metamask, for example. But ultimately, it's based on the same underlying standard, and it's how they talk to each other, how that different tool can talk to your various wallets that are out there, and it's a common language to be able to use. Well, the problem that's called out in some of this malware is that they're getting a lot more elaborate about what's happening. So there's two primary that I want to talk about now, although there's hundreds. I'm talking about these two primary because they're very slick with it. Shlick witted like zab Judah likes to say, the first one is when there's fake applications that are published, they're coming either from the app store or you download them, but in most cases they're coming from the app store, in this case the Play store from Google, and they disguise themselves as a banking application. But they also might be a web based application disguised as a bank. How this gets to you. Either you get a text message and it'll say something along the lines of that there's a problem with your wallet, there's a problem with your account, or they're doing something. That's a call to action. They're trying to get you to act. Or it could be an email. Now I know most of you duck email. You hate email. You run from email. The point is that some message is sent your way and it includes a link. You click the link and it encourages you to do one of two things. Either download some software or access a web interface that is built to look like something that you should trust, such as Microsoft or your bank or something else. If you're not careful looking at the address, the actual web address in the top bar, understanding and calling that service to see if they reached out to you for any reason, or there's something weird about the communication itself. Say the text message is telling you hey, there are some weird suspicious transactions on your debit card. And rather than just manually log into your bank to confirm that, you just click the link, not thinking about it. To stay safe, you have to always do your own due diligence. They're counting on you to nothing do due diligence. They're counting on you to take urgent action. It's a call to action. That's a fallacy. But they're doing it because they know basically you get triggered based on what they said so that you're spurred into action so that you accidentally do something without thinking. Listening to me hopefully you're listening very carefully to the message I'm saying now. And you'll take steps to avoid what's happening in this one situation specifically, which is if you get those kinds of links via some communication method or otherwise, you don't just immediately act on that email or that text or whatever it is. Instead, manly log into your bank account. Don't even use your mobile app to do it. I know some of you don't like computers, and I understand this, but if you really want to stay safe, I highly recommend getting much more accustomed and happily accepting of computers so that you can manually type in that address to your bank or whatever service. Manually log in yourself, check and make sure that there's nothing weird that you don't see. And if you don't see anything that correlates to the message that you got, disregard the message as likely an attempt to take your money, and I don't want to see you get your stuff took.
[00:04:45] If there's something that asks you to download an application for your bank, and you know that you already have such an application for your bank, it's probably a scam. If your bank reaches out directly to you, it tells you you need to download this new application. There should be some hint of that message on their site. So again, manually go to the website, look for any mention that there's a new application having been published that you need to download. If you don't see such an application, you probably should not download this application you were given. So that's one to stay safe, the other one which is rather new. And this one intrigues me a little bit. It was brought to attention initially by binance, but what happens is that something is a call to action for you to send money. The send money might be some trade that you intended to make, or it could be somebody else requesting something, or it could be some service that you're interacting with online that asks you to send, let's say, donations or something where it's asking you to send funds point via cryptocurrency. Well, if you're sending funds, you'll need to connect into your wallet. So logging into it or opening your wallethood, you'll have to actually take action to connect your wallet to something. If it's a dapp, if it's not a dapp, you can always do the send button, enter the address of the recipient, enter the dollar amount that you want to do, and do a send. Most people feel like, yes, this is a safe way to just do a manual send. I would agree with it. However, this next scam, because that's what it is, is to create an address that looks disasterly similar to an address that you would normally send to. So for example, Coinbase and Kraken and some of the other exchanges will have known recipient addresses for you to send money into them. And you might get some kind of sketchy message that says you need to reload or you need to load your account to do something. And they'll give you an address to send to and they'll say, yes, this is cracking. You log into your account. So doing what I just described, due diligence, you log in and you don't look at every single character in that address because you're just quick looking at it. It's a long address and you miss the fact that one character is completely different.
[00:06:55] When this happens, you actually inadvertently are sending your funds to what is a legitimate address, but it's not the address that you intended to send to. And if you know how sins work, you're not getting those funds back.
[00:07:08] It's not a bad send. It is. You sent to somebody you didn't intend to, you're not getting that money back.
[00:07:16] That's bad because a lot of people don't pay attention to the recipient addresses when they're doing a send. And because so many people are sending crypto, for whatever reason that they do, a lack of due diligence creates a greater risk that you get ripped off by your own actions of sending money. I've seen countless posts online talking about how, you know, side of chain or somebody else ripped them off. Certainly side of chains, a rip off. I'm talking about situations where you're asked to send your funds to something and you knowingly sent it, but you didn't verify that it was actually the address you intended to send to. That's even worse. So please be careful anytime that you're sending your funds to somebody else. And double and triple and quadruple check that address to make sure it's actually the intended recipient.
[00:08:01] All of this together, it's getting worse out there. And I'm stressing this as somebody works technology, it's getting worse out there. They're getting a lot more elaborate with the scams. Billions of dollars are being taken from people. Not because your device gets hacked, not because somebody hacks into your network, not because somebody has a virus on your computer, per se, not because somebody was social engineering you simply because of your lack of due diligence. You've got to be studious. If you have stuff stored, first of all, don't leave it in exchange. That's one. Two. If you have it in your wallethood, you have to be extra careful because it's not an exchange about who you send to and who you receive from and why you interact with things. The Dapps that are out there, you are taking on the risk. When it's in your wallet, you are owning the risk of your funds being took from you. And I'm trying to encourage you to stay safe because I'm telling you that it starts to be a wah, wah, wah out there. And I don't want you to get your funds taken from you. You got to be extra careful if it's in your wallethood, if it's in an exchange and you're trying to do withdrawal. Hopefully you are double and triple checking and quadruple checking the address that you withdraw to. And if somebody else encourages you to send money from an exchange, you are double, triple, and quadruple checking that the person that sent that request to you is a trusted recipient and not some scammer. Because remember, AI voices are starting to be a thing. So it's actually very easy for somebody to emulate somebody that you know and trick you into sending your money to the wrong destination. Please stay safe out there. Be extra careful out there because I guarantee you it's going to get worse before it gets better. And no, additional regulation is not the solution. The solution is that individuals have to take on their own accountability. In cryptocurrency. You have to own your own risk. You have to acknowledge these things are real. It can happen. It can happen to you. It's happened to many people, not Lysterez, but it can happen to anybody else, not lame lyster. So I want to make sure I'm sharing that knowledge since it hasn't happened to me, so that you're staying safe and you're not getting ripped off by simply you not paying attention to the address. You send to something so basic and you end up getting your stuff.
