An effective scam or phishing attempt is engineered specifically to fool you into lowering your guard and parting with funds or private information you would usually keep safe. If you are new to cryptocurrency, and are just getting acquainted with Bitcoin, Ethereum, other crypto assets, and ICOs, it is important to understand that you are the intended target for many of these scams.
The good news is you don’t need to have a lot of blockchain knowledge to protect yourself and your funds.
We are going to cover some of the most common scams and phishing instances we’ve seen affect our customers in the wild and cover the ways to identify them.
A few years ago, investing in cryptocurrencies was a relatively easy decision; there was only Bitcoin and Ethereum and the consensus was both were very bad investments. But when the cryptocurrency market skyrocketed in November 2017, it wasn’t just people who flooded into the ecosystem looking to invest in blockchain projects. Businesses looking to make a quick buck rebranded themselves as blockchain companies and began hosting initial coin offerings, ICOs, as an unregulated version of a traditional initial public offering, or IPOs.
There are many dubious businesses out there that have slapped together a blockchain asset for the novelty, not because it will actually serve a purpose or be a healthy investment. Here are some tips for spotting ICOs with bad intentions:
They don’t have a white paper, and if they do, it isn’t very white.
A technical white paper is a project’s opportunity to be transparent, insightful, and explain the importance of their contribution to blockchain without trying to confuse you. If an ICO or forked asset doesn’t have a white paper, or their white paper is full of jargon and has more graphic design than actual words, beware.
They leech off the name of another famous asset.
Imitation may be the sincerest form of flattery, but it can also be a way to make a quick buck. We’ve seen projects out there claiming to be the second coming of Bitcoin, Ethereum, and Litecoin under the pretense of improving these assets. Instead of contributing to their source code and actually improving them organically, these projects are just trying to sell you a knock-off; avoid them like the plague.
They promise to deliver impossible returns on your investment.
No company has a crystal ball, and anyone claiming to know what their profits will be in two years is not looking out for your well-being or the well-being of the ecosystem. Always be skeptical of companies looking to put the cart before the horse.
Fake Support + Applications
Important fact: Exodus does not have phone support or a mobile application at this moment.
When this changes in the future, we’ll let you know. In the meantime, if you ever see a support hotline number for Exodus or an application in the Google Play store or IOS App store, feel free to report it on-sight.
Always check twice before giving out any information to a customer support agent you don’t recognize. Reach out to us at our official support email and feel free to ask us point-blank if a site, person, or number is legitimate.
For example: an Exodus employee will never ask you for your 12-word phrase, private keys, or wallet password. This is your private information allowing you access to your funds. If someone asks for them, they aren’t trying to support you- they are trying to rob you.
This goes for anyone on Slack, Telegram, Twitter, or social media. If anyone is offering free ETH, or needs your private keys or 12-word phrase to give you support, report them. There is no such thing as free ETH.
Email spoofing is the dirtiest of deeds. I confess some scammers pretending to be Google have crafted such well-designed spoof emails that I have fallen for one in my time on this earth.
A spoof or phishing email looks like a real email from a company you trust, like us here at Exodus. It might even look like it comes from firstname.lastname@example.org ! There are, luckily, a few ways you can tell a scam email from the real deal:
Check the Email Address
You can always mouse over the sending email address and view it. While the display address may be email@example.com , you might move the mouse over and find the email actually is being sent from firstname.lastname@example.org . WAITAMINUTE!
Are We Acting…Weird?
Other companies may email you regularly, but Exodus does not retain any customer emails unless you’ve written to us first. If you’ve never written to us, and you get an email from email@example.com , unless it is your email backup link, be veeeeeery suspicious.
As usual, Exodus will never ask you for your 12 words or private keys. We do not block accounts or accept payment to unblock accounts. If you get an email asking for this private information, or offering to unblock your account, then you know you’ve got a fraud on your hands.
In the same way, you can fake an email, you can definitely fake a website. One minute you think you’re visiting exodus.io , but you are actually on exódus.io.
Those scammers are mighty sneaky, and will employ whatever subtle trick it takes to try and fool you. Always stay on your toes, and keep these tips in mind:
Spellcheck Saves Lives
Always check the spelling of the website! Make sure you know whether your most visited websites end in .io, .com, or .net. Scammers will play with the spelling and domain names of these sites in the hopes of catching you off guard.
We see this happen most often with popular sites, especially MyEtherWallet.
The “S” Is For Secure, Folks
Always make sure you are visiting https secure sites. You can check in the top left corner of your browser if the site you are visiting is secure or not.
A Fantastic Little Fox
Install MetaMask! The handy little fox will warn you when you are entering most phishing sites. You don’t even have to store ETH there to get the security benefits.
Always Use Protection
Protect ya neck with VPN, a firewall, and nunchucks. Or maybe just a VPN and a firewall. But nunchucks will help deal with people claiming to give out free ETH.
Don’t Click On Strangers
Whenever possible, type the URL for your preferred website yourself to avoid getting tricked by a fake link. Even better, when you are sure you’ve got the right link, bookmark it yourself so you always have a fast-track to the real deal.
Above All Else, Be Skeptical
The greatest skill you can have to protect yourself from scams is to be extremely wary. Only engage with projects you understand very well and rely on others when you have doubts.
If you ever have doubts and you want a second opinion, feel free to write into our support box and we will be happy to give you a second set of eyes on a website, application, or ICO. We can’t give you investment advice, but we can help to reinforce your gut instinct and maybe point out something phishy you may have missed. It happens! Just make sure scams and phishing attacks don’t.
Please reserve the Steemit comments section for lively and honest discussion about the article! If you have technical issues with Exodus, our Community Support team will be happy to speedily assist you if you send a descriptive email to: firstname.lastname@example.org
This post first appeared on Steemit as an exclusive article but was also reblogged on the Exodus Movement Medium page. We give the <3 to our fellow Steemians first and foremost, but this article may appear elsewhere after its initial publication.