PSA: How to Avoid MyEtherWallet (And Other) Phishing Scams

in cryptocurrency •  7 years ago 

Screen Shot 2017-08-25 at 8_Fotor.jpg

I thought it’s about time that I put out a friendly reminder of the safe practices you should observe whenever you are dealing with anything in the wild west of crypto currency.

So today I’m focusing on phishing attacks and how you can do your best to avoid them:

The schemers these days are smart, and they know how to get your attention.

They know you value your crypto and they know this can often times blind people to what they should be paying attention to.

So, if for example, you choose to use google as a means to find websites of crypto gateways, this could be for exchanges or the specific coin’s website...

Always triple check that the domain name is spelled correctly.

Myetherwallet has been used as a target for phishing attempts many times because of all of the increased traffic of people using it to participate in the ICOs that are taking place with the Ethereum Network.
So, very conveniently, if you google myetherwallet, you may very well be given a fake “myetherwallet” website listed as the top choice.
It may be spelled with two ‘v’s’ for wallet, or other subtle misspellings that are easily overlooked if you aren’t careful.

They also do a fantastic job of replicating the real website, so the hint is in the domain name.

The same can be said for any other high volume website that a scammer would like to take advantage of.

If you know how to type in the real website, it’s a lot safer and smarter to do so.

FYI: The official website for MyEtherWallet is "www.myetherwallet.com"

These same scammers are also known for making accounts in different slack channels.

They will have an official sounding account name and they will send you a private message warning you of some sort of major change that’s happened and you need to update your information, or move your coins, or anything else they can think of that will scare you into doing something stupid clicking on the link that they give you and giving out your private information or sending your coins directly to them.

If you ever find yourself in this situation, address the issue in one of the public forums and ask if it is a legitimate claim.

They have tried to get me a couple times, but luckily I recognized it for what it was before I made any moves.

It’s also worth noting that if you have two-factor authentication set up for your accounts, it is far less likely that they would be able to cash in on your mistake.

If you think you have been a victim of a phishing attempt here are the recommended steps to take:

  • Report this to google, if you click on a link that was provided to you by using their search engine.
  • Report this to the admins of the slack channel if you were contacted by the malicious account on a slack channel.
  • Report this to myetherwallet, or which ever official site that was imitated by the scam.

The information you should provide includes:

  • Url used by the scam
  • The Public ethereum (or whichever crypto that was stolen) address, transaction hashes
  • How you got the malicious link- (Google search, slack channel, Reddit)
  • Screenshots of the message sent by the scammer
  • Screenshots of the transactions that the scammer took funds from your account
  • The links to these transactions from etherscan.io

If you were a victim of a fake myetherwallet link, email this information to [email protected]

You can also help take steps to remove this website scam by following the directions provided in the link I’ve put down in the description of this video.

Hopefully you have successfully avoided these scams and continue to do so in the future, if you found this video to be helpful please give it a like and share this with others so they can also avoid being a victim of a scam. If you’re new to this account, don’t forget to follow me to get your weekly fix of all things crypto!

Additional Reading/Sources:

What to Do If You Clicked on the Fateful Link
How to Help get Malicious Websites Taken Down
A good reminder from the MyEtherWallet Twitter account

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

One has to be very careful these days. As it seems with the growing number of new users entering the cryptocurrency world, more and more scams are surfacing to prey on the uninformed. If it sounds to good to be true, it's probably a scam so just walk away. Thanks for this wonderful article @heiditravels and have a wonderful day.

#circleoffriends

thank for share, upvoted

This post received a 2% upvote from @randowhale thanks to @arobert! For more information, click here!

You can also protect yourself against those scams with this awesome extension: https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn . It will warn you as soon as you are going to a scam myetherwallet website.

I've find one of the most effective ways to avoid phishing attempts is to use a password manager like 1Password. If the domain doesn't exactly line up with what was saved in your password manager then it won't input your password.

I've found a handful of phishing sites lately related to ICOs. They are getting tricky for sure. Each time I reported them to Google. Thanks for spreading the word on that.

That's another good way to screen websites. I've been on the fence about using a password manager... something about having all of my passwords on one place doesn't sit well with me. How long have you been using 1Password?

For many, many years. Since some of the earliest versions, I think.. We require all our team members to use a password manager. It's very strong encryption, fully encrypted at rest. You can only access the passwords when you decrypt it with your one password. Also, via Dropbox, the encrypted password file is always backed up and accessible from anywhere if your computer was to fail. With FoxyCart (my company), computer security is a really big deal because of PCI compliance requirements. In my opinion, a password manager is essential. It prevents password reuse and ensures very strong passwords.

Sure, that's a great way but I won't rely on external service to maintain my passwords. You never know what's happening in the background. That's a risk.
At least for MyEtherWallet using hardware wallets like Trezor etc. which have already integrated with the site could help in all ways. Hardware wallet is the way to go to keep ourselves safe from such scams. At least for cryptos we are safe from phishing if we start using these wallets for transactions.

That's one of the reasons I prefer 1Password over LastPass. It's not an external service. It runs completely on your local device and only the encrypted password file is synced with dropbox (if you configure it that way, which I recommend you do).

And yes, I use my Ledger Nano S with MEW. It's quite nice. I held off on getting a hardware wallet for a long time (mostly used paper wallets), but now that I have one, I really like it.

Great suggestion. Thanks for that information. I will research more on LastPass and if it suites I will start using it as well.
Yes I did the same with paper wallets. Used my old smartphone as a QRcode reader which I kept offline always to read PK from paper wallets. Then create a file and transfer it to my PC for making a transaction.
I recently started using Trezor for online transactions if at all I have to do any. Make me feel safe and secure. I want a backup Hardware wallet but at least Trezor doesn't support importing the private keys (may be for security reasons). Does Ledger Nano S support importing of external private keys by any chance?

No, I was disappointed to find out that it did not. It just has the full backup recovery words and that's it. When I wanted to get my BCC/BCH off my paper wallets, I ended up using Electrum and Electron Cash and while moving stuff to my Ledger.

ICOs don't really have the money to go around and buy all the similar domain names. Never realized password managers would be able to differentiate between URLs that you saved the password for. Is 1Password the best choice for password managers?

I'm not sure there's a best choice among so many different options, but I will say 1Password has been great for me, and I highly recommend it.

I am so scared of this happening to me, thank you for these great tips on avoiding this nightmare.

Start using hardware wallets like Trezor or KeepKey for making any transactions. It will keep your investment safe. Cheers!!!

Thanks for sharing...

Very informative post! I'm not the biggest Ether fan but this is great advice and informational for new users! Upvoted indeed

Nice information and awareness.

The way we all in crypto space are careful about our private keys; similarly we should be careful about the domain names after clicking on any links from any channel or medium. Phishing is all related to links (HTML hyperlinks) where the Text is completely different to the actual link.
Also many anti-virus have phishing enabling feature which automatically detects and blocks fake websites.

Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar. Often a phishing website will look identical to the original - look at the address bar to make sure that this is the case.

Also if you have hardware wallets which do integrate with MyEtherWallet then you need not worry as it may take care of your security issues.


Great info @heiditravels, keep spreading the awareness. Cheers!!!

I have to shamefully admit that I had an unfortunate experience with a fishing scam. Never knew if it was from a Google search or from following an e-mail link. Fortunately, I had an insurance with my bank at the time. With private crypto accounts, we don't have this kind of protection so the more the reason to pay attention to what we do online.

One thing that I now do to avoid clicking toward imitating sites, is that I bookmark the web sites on my browser so that I can always go through a URL​ that I have verified​ to be legitimate only once (and for all).

We do have protection for this website or for making crypto transactions and that is to use a HARDWARE wallet. We all in this space should use Hardware wallets to reduce the certainty of being robbed or hacked or scammed while being online.
There are many good and well established hardware wallets out there; like Trezor, KeepKey etc. Do your research and save yourself from any mishap. Cheers!!!

Hi Heidi, Love your content! Very well researched, articulate and eloquent! Would love to hear your thoughts and insights on this: https://steemit.com/coinbase/@bestversionofyou/coinbase-s-next-extensive-list-of-coins-predictions

Hi Heidi - This is a topic I think about every day and those were helpful tips. some I knew and others not. myetherwallet scam sounds too familiar. 2FA is something I have adopted wherever it is offered. It's kind of funny in that I also often think of the crypto currency world as the wild west.

  ·  7 years ago (edited)

If your using public wifi check the website certificate since they also known to use man in the middle attacks this goes for not just crypto for anything that requires ssl

Great post

great advice! resteemed!

When I was new to Crypto World , Your videos were really helpful to me so I can understand each and every coin even its purpose of existence.

I recommend lot of people to prefer your videos so they can understand how each crypto currency is different from each other.

Thanks a lot for your videos , always keep on making these videos they are really helpful for new comers .

Good Job Hope To See You In Person One Day So I Can Thank You Personally.

I came to Steemit when I was your Youtube video about Steemit.

So Thanks again.

Informative, thanks.

Great headsup Heidi. Have a good day:)

esta información es de bastante utilidad para mi. gracias

myetherwallet MyEtherWallet.com tweeted @ 06 Jul 2017 - 06:35 UTC

⚠WARNING! Another phishing attempt on a @SlackHQ DO NOT CLICK! Please. Don't. Please stop clicking. https://t.co/1TigUBF3qn

Disclaimer: I am just a bot trying to be helpful.

I will tell you something, that your post is good

voted :)

Good advice. Deleted my daily history after realizing this very thing.

Thanks for this important information.

@heiditravels I just want to thank you for your valuable information!! as a newbie I've learned so much from you and I continue to learn as you post. keep on rocking :)!!!!!

This puts a smile on my face, glad you're learning :)

I am new to the cryptocurrency world. Now, I am a b it scared. Is it an authentic wallet in the first place? How do I avoid getting scammed in the first place? I remember your face when you were talking in a youtube video promoting the alt coin, OMG.

Always great information thanks.

I also care about Scam!

Very informative post. A must read for all virtual currency/asset enthusiasts. Thank you for sharing. Resteemed and Following you @heiditravels :)

Being new to the crypto world this is a huge help. Along with all the replies, this is awesome info for protecting your investment. Thanks you and everyone who replied/replies

thank for share

Get yourself 50 FREE tokens!!! For the new exchange on October WCX offers a pro experience with 10x lower fees guarantee https://wcex.co/?ref=MPCIbEPD

Congratulations @heiditravels! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

This was a very helpful reminder. Thanks.

Thanks for the heads up! I've had a couple close calls!

Very helpful information it's definitely better to be safe than sorry

Posting a very good friend, I really like your post and allow me to resteem your post.

Thanks for sharing this great information and reminder for people to check and re-check before clicking on anything you are going to be trusting with your information. It always amazes me what some of the scammers do to get peoples information and cause havoc. Not just with their money but also their personal information.

Good stuff! Well done. :)
If you want to read about Tabnabbing and Clickjacking on Steemit and other social media please take a look at my article too :D
https://steemit.com/security/@gaottantacinque/steemit-chat-is-unsafe