Hack and scam are regular activities in the cryptovironment. There are several ways, you can be robbed of your hard earned money but you can protect yourself if you are well educated about the latest threat. In this article, I'll expose some scams that have robbed people of their money and equip you with weapons to protect yourself and your wealth.
The threat that shall be disclosed is phishing (pronounced as fishing). We have lots of practical examples so that you can understand the gravity of this act. Firstly, what is phishing?
What is phishing?
According to phishing.org, phishing is a cyber crime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.
In this article, phishing can be described as attempts by fraudsters to trick you into entering or sharing personal information or valuables, by disguising themselves as trustworthy individual or organization. Our focus is not bank or credit cards, it is cryptocurrency.
Phishing can be done in different ways such as emails, disguised websites and online ads. In this post we shall focus on social media and show you ways to protect yourself and not be a victim. Please note that there are important images in this post, so I highly recommend you enable image viewing if it was disabled in your browser.
Social media phishing
Social media phishing basically involves impersonation of a credible and well known individual, project or organization. The impersonator request for coins (usually BTC or ETH) to be sent to a given address and promise to send a larger amount of BTC or ETH in return.
They usually encourage fans to donate within a limited period of time or they only send to the first 50, 60 or 100 address that sends the coins. This type of scam is quite rampant and thousands of dollars have been lost to some impersonators.
One popular case study is the founder of Ethereum, Vitalik Buterin. A Twitter account @ViytalikBunteri posted that he was giving away 2000 ETH to his followers. He told his followers to send 0.4 to 5.0 ETH and he'll give back 4 to 50 ETH to the sender address. Oh, I almost forgot to tell you that the real Vitalik Buterin Twitter account is @VitalikButerin.
Not only does it seem like this person or group of persons just created a fake Vitalik Buterin account, other accounts on Twitter have supposedly been created to serve as testimonial mouth pieces for the scam scheme with claims that they received some imaginary 10 times return on the ETH they sent to the given address. As you can see in the image, Benjamin claimed to try it twice and it worked.
If you go to the given link goo.gl/RDo3x5, you will see the image below. Oh yes, exactly the image below. Every data including the age of each transaction would remain unchanged. Check it anytime you want and you will still see the same thing. The table is fake and all those testimonies are fake.
According to Etherscan.io, the address received about 28.8 ETH which was later sent to just two addresses and it has been labeled as a phish/hack and warns people to be careful.
The Ethereum creator have warned his followers not to send any funds if someone contacts them, pretending to be him. He also joked, saying if anyone sends him 0.1 ETH, he will respond with nothing as he is too lazy.
Hope you noticed that the comment was made by a real copycat. That address received nearly 5.4 ETH in less than an hour. Vitalik Buterin added "Not Giving Away Eth" to his name and below is another example of a copycat commenting on the real Vitalik Buterin post. 😂😂😂
How to protect yourself
Don't be greedy
Cryptovironment is not a get-rich-quick or a ponzi scheme. If there's a giveaway and someone promise to give you multiple of whatever you send to a given address, it is surely a scam. In fact, if you are a newbie, just stay away from any gifting or bounty program as there is no such thing as "free lunch" in this present society.
Check the spelling very well
Vitalik Buterin (@VitalikButerin) has several copycats who are trying to steal other people's money. Examples include: @VITALIC_BUTERIN, @Vitalic_buterin, @Vitalic_buterjm, @VittaliBuuteri etc. Vitalik Buterin has stressed his concern that there were more than 800 possible permutations of his name by changing a single character, and nearly 350,000 by changing two characters.
Vitalik Buterin is not the only one being impersonated
I've been screaming Vitalik! Vitalik! Vitalik! and it's probably getting noisy. But, you have to know that there are tons of big names in cryptovironment and outside of cryptovironment that have been or are being impersonated on Twitter and other media.
About six months ago,Twitter user @SatoshiLitev, copying the username of Litecoin creator Charlie Lee (@SatoshiLite) offered to donate 4 LTC to the first 60 people to donate a fraction of 1 to an address. According to Block Cypher, the address received a total of 20.8 LTC.
@RippleOfficial was a copycat of the real Ripple organization (@Ripple) who tweeted and retweeted the same posts as the company account. And for whatever reason, Elon Musk has also become a popular target to impersonate for Ethereum scammers.
Check for the verified badge
The blue verified badge on Twitter lets people know that an account of public interest is authentic.
The badge appears next to the name on an account’s profile and next to the account name in search results. It is always the same color and placed in the same location, regardless of profile or theme color customizations.
Accounts that don’t have the badge next to their name but that display it somewhere else, for example in the profile photo, header photo, or bio, are not verified accounts.
I actually fell for this yesterday and it was what inspired me to write this post. After the news that Binance released a test demo of its highly anticipated decentralized exchange, I decided to follow Binance and the CEO ChangPeng Zhao.
I searched for the term "ChangPeng Zhao", the image below is the result and I immediately clicked on the "follow" button.
Please notice the absence of the verified badge
Afterwards, I searched for "Binance" and I was stunned by the search result. I saw @cz_binance as the second person in the people result but I was not following him. So, I clicked on his profile, followed him and screenshot.
Please notice the presence of the verified badge
I went back to ChangPeng Zhao profile and screenshot it.
The number of followers and the date joined proves that @cz_binance is the real person. But what if I didn't see the original person or I misspelled an individual's name. I can't compare but the verified badge can guide me, always look out for the verified badge before clicking on "follow".
I scrolled down to check @CZ_BlNANCE tweets and oh yeah, there was a scam tweet.
I scrolled further to see how much this guy pretends to be ChangPeng Zhao
I could remember that Twitter does not allow the same username by changing lowercase to uppercase and vice-versa. I was confused because @cz_binance and @CZ_BlNANCE have exactly the same characters arranged in exactly the same order and only differ by case. It took me a while to see that the capital letter I "i" in @CZ_BlNANCE was actually a small letter L "l". @cz_binance is equal to @CZ_BINANCE while @CZ_BlNANCE is equal to @CZ_BLNANCE or @cz_blnance. The difference between I and l is the height.
Conclusion
The best way to keep yourself safe is, "Don't be too greedy". If someone ask you to send a coin and promising to pay back multiple, it is surely a scam. Don't send cryptocurrency recklessly because once it is done, it is gone. There's no redemption or a centralized party to report to, but it'll hurt you more that you can view the address and transactions. I hope this post was helpful.
Please kindly upvote and resteem this post so that there would be less victims. I know this type of phishing looks cheap and only a newbie can fall for such, however there are higher level of phishing. I'll write a post about phishing via email, websites and online ads which are more sophisticated and professional within the next 48 hours. Please follow me, so that you would be notified in your feed. Also, don't forget to leave comments.
Hi @bizy, I'm @checky ! While checking the mentions made in this post I noticed that @vittalibuuteri doesn't exist on Steem. Maybe you made a typo ?
If you found this comment useful, consider upvoting it to help keep this bot running. You can see a list of all available commands by replying with
!help
.Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
All the username listed in the post are Twitter username, not steemit. Thanks for the observation.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Chat phishing
Even more recent is the well-known wave of phishing done on Slack channels and other chat platforms such as WhatsApp, Skype and Telegram. On Slack, this is usually done either by using the standard slackbot or fake accounts (bots) who mass-DM users within a Slack group.
In the above image you see that the standard slackbot sends you a phishing message with a seemingly legitimate URL (myetherwallet.com) which in fact refers to a phishing URL (suncontract.su). Our advice therefore is similar to the previous advice we have given: always double-check the URL and don’t click on links sent to you by people you do not know.
Click here for the next part, website phishing
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit