Nobody wants to become a victim of scam. Just like any new industry, the crypto world is full of various shady “businesses” trying to fool you. One of the most tricky methods to steal your savings is phishing. Phishing uses malicious websites disguised as legitimate links of well-known services. A typical phishing link is misspelt. It misses or contains a letter or domain which is hard to define. Even your are tech-savvy, you may easily fall prey to phishing scams without noticing it.
Changelly team is deeply concerned about phishing. We want you to learn about how cryptocurrency phishing scams spread and what to do in order to avoid them and save your money. Let’s look into this box of tricks using the examples of Changelly and Myetherwallet, one of the most prominent wallets for Ether and tokens.
What is actually phishing?
Imagine that when checking your inbox, you noticed a very important update from the wallet where you store your coins. The message in the update says you must sync your wallet with a network that recently has been hardforked. To do that, you need to unlock your account by using your private key or Keystore file, otherwise, you will be unable to send/receive coins.
Sounds scary, doesn’t it?
So you are clicking the link provided but don’t notice a typo in the URL. You open the scammy web page and put in all your data hoping to update your wallet. Now frauds have access to your wallet and steal all your savings from it. You’re frantically trying to contact your wallet’s support, but they, unluckily, have no idea what’s going on and hence cannot refund the money you lost. So you may label them as scam although they have nothing to do with the phishing affair you’ve been involved into.
How is phishing scam spreading?
Phishing attackers use email databases and send malicious messages to pull the wool over your eyes. At the first glance, they don’t look suspicious but contain scammy and viral URLs, such as myetherwaliet instead of myetherwallet.
Fake Twitter accounts
Phishing scams spread through social media, especially Twitter. You may receive a malicious message asking you to send your coins or provide your data. Neither of real cryptocurrency services requires you to do it. Check Twitter accounts for up-to-date posts, followers and date of joining. The real account should be verified or at least have reputable brand accounts as followers.
Slack and forums attack
When using Slack or forums, you may also be targeted by phishing scams asking you to log in to your wallet by clicking the link that contains not typos, but additional domains, e.g. myetherwallet.com.co instead of myetherwallet.com
One of the most clever ways to fool you is slipping a scammy URL into advertising on search engine platforms. So if you see ads of some wallets, it might be scammy. Make sure that the URL provided is correct.
Your own misspelling
While surfing the net, you may occasionally make a typo in a website’s name that is likely to take you to a totally unknown service.
Before entrusting your savings to any wallet, google information on it including a team of developers, social media, reviews. Nothing valuable found? Chances are, it’s not secure.
Phishing is a deceptive set of stealthy tricks you should beware of. Luckily, you can take some measures to unmask frauds and keep your funds away from them.
- Make sure whether your wallet provider requires your email. If not, you will never get a message from it. Most of the wallets including Myetherwallet never ask you for the email.
- Pay attention to URL, as it will contain a malicious typo like myetherwaliet.com. The original one never contains typos.
- Always check your own spelling. The only true link to Changelly is https://Changelly.com
- Search the suspicious URL in EtherScamDB. If you found the link in the database, most likely it would be a scam.
- When participating in ICO or sending your coins elsewhere, always check a token wallet address at Etherscan. If the address is detected in phishing activity, you will see the notice as follows.
- Use MetaMask or other phishing detectors. Once detected, fake will be blocked.
- NEVER give anyone your private key. Unless your wallet is custodial, wallet providers will not ask you to provide them with your private keys under any circumstances.
- Always think twice before clicking any doubtful link.
Detected phishing scams? Please report it to us at firstname.lastname@example.org