MultiversX Tracker is Live!

Crypto Scam Watchlist and Best Practices Compilation

Etherum Reddit

More / Etherum Reddit 272 Views

I've organised and compiled a list of common crypto scams/hacks below in a bite-sized manner, along with some best practices you can adopt for security.

Warning: Long post ahead

Crypto Scam Watchlist

1. Phishing Wallet Sites

This phishing scam targets popular cryptocurrency wallets and works by tricking people into connecting their wallets or sharing their seed phrases with a fake site that looks identical to the authentic one.

Once a user believes he is on the legitimate site and creates a new wallet, connects his existing wallet, or shares his seed phrase, his wallet would be compromised, allowing scammers to transfer all the assets away quickly.

2. Fake iOS and Android Apps

This scam mainly preys on people on dating apps and social platforms.

It first seeks to create a basic relationship with the victim to establish trust before directing the victim to download and install malicious apps (which are identical or almost identical to the real apps) from external links on their phone.

3. Fake Browser Extensions

This scam tricks people into installing a malicious browser extension that will either request your secret credentials to connect your wallet or redirect you to a phishing website (where you are exposed to other attack vectors such as the rotten seed phrase attack).

Additionally, this scam may use malvertising to appear on search engines like Google and Yahoo, and may have fake positive reviews on it to make it appear more legitimate.

4. Fake Tokens

This scam was spotted late 2020 and works by tricking people into purchasing fake tokens that appear to be linked to trending projects.

As the exchanges happen on a decentralised platform such as UniSwap, which do not have any rules for listing tokens, traders are exposed to the risk of purchasing wrong or fake tokens.

5. Free Giveaways

The free giveaway scam is arguably the most common because the con works on many unsuspecting victims, especially those new to the crypto world.

It can appear in a post or video on social media platforms, as a message on Discord or messaging apps, or through channels such as email and SMS.

This type of scam is ever-changing to leverage current trends and hype and usually disguises itself as a popular personality or brand with “reasons” for their “giveaway”.

6. Uniswap Email Phishing

This sophisticated scam targeted Uniswap users and used a convincing reason to persuade their victims to transfer their cryptocurrency. The scammer’s language and jargon reveal a high level of understanding and technical literacy, making it more difficult for victims to see through the lie.

7. YouTube Impersonation Scam

This malicious scam works by hijacking popular YouTube accounts and changing their names to appear to be the official accounts of notable people or brands.

Old footage of the impersonated person is shown together with bots in the live chat to give the impression that everything is authentic.

Alongside the “livestream” is images or text about the giveaway encouraging victims to send over cryptocurrency to the scammers’ wallets.

8. Twitter Impersonation Hack

The above scam happened in mid-2020 when about 45 high-profile Twitter accounts, including Bill Gates, Barack Obama, Apple and Uber, were compromised to promote a bitcoin scam.

Through social engineering via Twitter employees, the hackers had gained access to Twitter’s internal administrative tools, which allowed them to post tweets directly on the accounts.

It is reported that the hackers made about $121,000 in bitcoin before they were caught.

9. Blackmail Scam

According to Malwarebytes, this scam tends to target .org email addresses and senior executives almost exclusively.

The scammers may claim to have highly sensitive information and media about you, or have full control over your devices and webcam, or have evidence about supposed improprieties.

They may also reveal your password (which they could have bought for very low prices from previous data breaches) and claim that they have used it to access sensitive information about you.

All of these claims are fake.

10. Fake Hardware Wallet Apps

In late December 2020 and early January 2021, many Trezor wallet users were scammed by fake apps on the Android Play Store and Apple App Store, with losses amounting to over $1 million in tokens.

The fake app claimed to be developed by SatoshiLabs, the creators of Trezor, had identical names and logos to the real Trezor and had 155 high rating reviews giving it close to a 5-star rating on the app store.

11. Modified Hardware Wallets

This scam is an elaborate scheme on top of a previous 2020 data breach of hardware wallet company Ledger, where users' data were exposed.

Armed with the knowledge of users' names and contact information, the scammer impersonated Ledger and sent fake hardware wallets with the intent to steal crypto.

12. Fake Support

The unscrupulous scam above targets people in urgent need of assistance and support by directing them to reveal sensitive information (secret recovery phrase) through a supposedly "official" form.

In another recent variant of this scam, scammers impersonate official Opensea staff in a Discord channel and try to get you to unknowingly send sensitive information over to them through the “Sync with mobile” option on Metamask

13. NFT Project Proposal Scam

This scam had been spotted in the NFT space around June 2021, with many scammers taking on Korean-sounding names and female personas before approaching their victims on Twitter. The malicious file uses a .scr extension that runs an executable program to steal crypto within minutes once open.

------

Security Best Practices

1. Always double-check the website you are on before making any transaction

• You can also bookmark the site directly

• Be wary of phishing sites that may show up as ads on search engines

2. If you need support or assistance of any kind, go through links on the official app or website.

• Be wary of fake support from social platforms such as Reddit, Twitter and Discord

3. Store your seed phrase in a secure place offline

• Do not store it on your computer as it may be revealed to hackers in the event of an attack

4. Be aware of other ways your wallets may be compromised, such as a mobile QR code

• Stay cautious when connecting your wallet through QR code while sharing your screen

5. For greater security, consider storing your crypto in a hardware wallet

• However, a hardware wallet is not 100% safe.

• Vulnerabilities to guard against include malicious phishing mobile apps, and fake modified hardware wallets.

6. Install mobile apps only from official sources

• Do not install from external links, even if they are from "friends", as the apps may be fake

• Social proof such as high 4 to 5-star reviews are not reliable indicators of trustworthiness as scammers may fabricate them

7. Check file extensions and URLs before opening them to protect yourself from hacks

• Fake NFT commissions are on the rise. Do your due diligence on the person and ensure you scan any links and files before opening them.

• Use a good antivirus software to guard against any potential attack

8. If something seems too good to be true, it is probably too good to be true.

• Double-your-crypto giveaway scams are very common and appear on many platforms such as YouTube and Discord

• Stay alert and cautious as even trusted sources have been compromised, such as the real accounts of famous personalities.

9. Verify and double-check sender addresses and URLs within emails and do not take them at face value

• Poor grammar and spelling are classic tell-tale signs of fake emails

• However, some scammers are upping their game and getting more sophisticated, such as a recent phishing Uniswap email scam that was very technically literate

-----

Let me know if there are any scams/hacks/best practices that I missed out and should be included.

If you want to read more about the scams in greater detail with examples, you can check out www.cryptoscamwatchlist.com

To make things a little more fun and interactive, I've also made a short quiz (Crypto Scam IQ Test) to test your awareness and understanding of crypto scams.

Will appreciate any feedback below :)

submitted by /u/tyongespoir
[link] [comments]
Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.



Comments