New account created for obvious reasons. Not a throw-away, but will continue to be active in the community on this one. Posted a bit here and there on the old account while helping out and teaching folks in the community about Bitcoin.
Don't worry my funds are safu. But ONLY because I adhered to very strict principles I've learned over the years. And I continue to study, learn, research, DCA, Hodl and have never sold.
But now it's time to disconnect my old account and use this one instead. Why? Welp. It's good practice. Part of the fundamentals we'll go over later. But before that, here's this interesting and potentially clever scam that can sneak up on you like it did me.
I wanted to find a better to-do list manager to help with my daily task and whatnot. I searched Reddit and found some recommendations, todoits.com was a fine choice for what I needed to do.
So like all internet like-minded people, I go to the site and sign up. Yep, it's the legit site. No phishing here. I use my usual email address and attempt to sign up for an account and get that message "Email address already in use."
Huh? Hmm. That's strange... Maybe I signed up for it a long time ago?... And just didn't use it. Ah, 'reset password'. Sign in. All good to go.
Naturally, if I had signed up for this site, I must have used it at some point right? Then to my surprise, there was one task already in-progress.
'Ledger backup Reminder' with a full list of 24 words.
And yeah, if you're on this sub you know this, but for those who don't, here's the 1st fundamental rule of bitcoin: NEVER ENTER OR SAVE your seed word phrase on a computer or online. Because once you do, anyone who has access to those 24 words can take all your crypto from you.
And now I'm like, oh shit, did I just stumble upon someone elses 24-word seed? Maybe they accidentally entered in my email instead of theirs? Oh fuck, could it be mine when I was a noob in this space? etc.. etc...
And then I just stopped and stared at the screen for 20 minutes. Which leads me to my fundemental rule number 2. The best thing to do is do nothing. If thieves have access to your wallet, they would have taken your fund already. The most common way people get scammed is if they panic and do something that gives the scammer a key piece of information to take it all. So do nothing until you calm down and think rationally. Doing nothing means that your crypto stays where it is.
So I calmed down and though about it rationally. I went through all the steps in my head to try and figure out why these 24 words were in this to-do list. I checked my email account and didn't see the sign-up emails because they all went to my spam folder. But the date of the sign up email was in November 2021. At that moment, I knew that I didn't sign up for todoist, I didn't enter in these seed words, someone else did.
I then double-checked and signed up with a different email and passowrd. Turns out you can just sign up with an email and password on this site, and no need to confirm your email before you start adding tasks. You just won't recieve the emails, but the person who is the target will.
Which leads us to rule number 3. If you see a random set of seed words online that you didn't create, that wallet is compromised. NEVER send funds to it. Delete it and forget about it.
And here's where it all clicked together for me in this kind of clever scam. Abit be it a lofi effort. One day you receive an email from website, saying that you signed up for it. But you didn't. So you put it off. Then you keep getting updated emails, things change, etc.. Then you're curious. You go to the site and attempt to log in, but it says your account's already in use. Now, you're thinking that you've MUST have signed up for this site right? There's 100's of website we sign up for every day, must have been one that I sign up for and just forgot about. You reset your password, now YOU are in control of the account that was set up by the scammer using your email address. And this is the clever part... because you changed your password to the site, you think it's ok. You're in control. These seed words must be the ones you entered as your backup. You want to back up your coins right? These must be MY seed phase words.
Restore the wallet, deposit funds, then funds are gone.
I can see someone tricking themselves into thinking that they set up a reminder on the todoist.com site or any site that sends you notifications. It didn't get me because of the three principles and knowledge about how backup seed phrases work.
I got to admit, I thought about it for a good 10 minutes or so. Asking myself, did I sign up for this site? Did I enter these words, before I knew what I was doing? Was this a test wallet I made years ago? Why haven't I received an email from this site? If I set that up, then I MUST have signed up for the account? Oh look, there's an email from 2015 from this site. What was I doing in 2015?
The questions were rolling around my head and then I stopped, remembered my rules, and acted accordingly.
Rule 1: Never enter or save your seed words on a computer or online 'in the cloud'. (use physical backups like cyrptosteel or similar) Rule 2: Best course of action is to do nothing. Scammers would have taken your coins already if they could. Coins are safu. Rule 3: Seed words that are given to you are compromised. Only use seed words that you have created on a hardware wallet.
In 6 years, I hadn't seen this kind of scam angle before. Which then leads to asking the question, well, if someone has an email list, what other websites can a scammer sign up on with your email and send you all these fake reminders? Don't forget your seed words, log in to save them! etc... You are I can see this scam from a hundred miles away, but I can also see it working for someone who's brand new and who hasn't fully grasp all the safety mechanics of bitcoin.
Anyways, glad to share this new type of scam so you can protect your coins. No matter how long you're in the space for, there's always something new to watch out for.
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments