How To Help Defeat The Phishers
These phishers will not stop until they stop getting money or get caught. We don't have the time or manpower to do it all. There are so many things to do and watch and document. We thank you for your help.
1. Educate when you see a message
- If you see a link to one of these sites or a fake Token Sale address, comment on it on Twitter or on Reddit or wherever. Warn people QUICKLY & LOUDLY.
"There are scammers that are DMing, posting links, posting comments, and trying to get you to navigate to fake URLs. DO NOT CLICK IT!" (Yes. People still don't know this. I don't know where they are, obviously not here on reddit).
Remind people: "If it's too good to be true, it probably is."
⚠ PSA! Do NOT click the link or listen to the scammer! That is a phishing site. Always check your URL and/or consider getting a Ledger or TREZOR hardware wallet.
2. Educate before you see a message
This is too much for one post so help spread the word: Private keys are private. Use hardware wallets. Use cold storage. Go offline. Check URLs.
Getting a Ledger or Trezor Hardware Wallet is even better.
Install EtherSecurityLookup to block malicious tweets / tweeters: https://chrome.google.com/webstore/detail/ethersecuritylookup/bhhfhgpgmifehjdghlbbijjaimhmcgnf?hl=en-GB
Install EtherAddressLookup to block malicious / phishing sites: https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn
Install MetaMask to block malicious / phishing sites & interact with MyCrypto: https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn
Never enter your private keys, passwords, sensitive data on a website that you were sent via message
Do not trust messages or addresses or URLs sent via private message. Always verify information w/ a secondary source.
Guide on How to Prevent Loss & Theft.
Protips: How not to get scammed (needs cleanup and to be more generic)
3. Report the absolute living daylights out of the malicious URLs
What to do if you see a malicious site or post in the future
PR in malicious domains: https://github.com/409H/EtherAddressLookup/blob/master/blacklists/domains.json
PR in verified tweeters to automatically blacklist tweeters with very similar usernames: https://github.com/409H/EtherSecurityLookup/blob/master/lists/twitter.whitelist.json
Add malicious non-URLs here: https://github.com/ethereum-lists
Report to Google: https://safebrowsing.google.com/safebrowsing/report_phish/
Report to Microsoft: [https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site)
Report to NetCraft: [http://toolbar.netcraft.com/report_url]
Report to Norton: [https://submit.symantec.com/antifraud/phish.cgi]
Report to McAfee: [https://www.trustedsource.org/en/feedback/url]
Report to ForcePoint: [https://csi.websense.com/]
Report to Webroot BrightCloud (PaloAlto firewalls): [http://brightcloud.com/tools/change-request-url-categorization.php]
Report to Kaspersky: [https://virusdesk.kaspersky.com/]
If have IE / Edge, report there: https://support.microsoft.com/en-us/help/930167/how-to-report-a-phishing-web-site
If you want to report an Apple Appstore app, send an email to firstname.lastname@example.org
Report any Google Adwords Campaigns here: https://support.google.com/adsense/troubleshooter/1190500?hl=en & https://support.google.com/adwords/answer/176378?hl=en
Notify host regarding malicious website / DMCA / copyright violation / trademark violation
Notify registrar regarding malicious website / DMCA / copyright violation / trademark violation
Notify SSL Cert Issuer of misuse of cert / malicious / phishing website
Screenshot site / tweets / messages & website & code
Scan the site with urlscan.io
Add UA-ID to Spreadsheet & DuckDuckGo Google UA-ID for other sites
Google keywords and see if other sites and repeat above
Great reporting template / idea of what reporting is like:
I am writing to you today to report a malicious website on your service:
insert_domain_here. This website is posing as the legitimate site
mycrypto.com. The operators of this malicious phishing website site (
insert_domain_here_again) have added code that steals the private keys of unsuspecting users, sends them insecurely to their own servers in order to steal the users' money. Please stop providing your service to (
insert_domain_here_again) immediately to prevent further theft and protect users. Thank you.
To find their host, whois their info and find the abuse contact
4. Make, share, warn, & help educate. Things like "how to avoid phishing / badware" a la https://www.google.com/safebrowsing/static/faq.html#q1
Shamelessly steal from the pros:
Thank you for everything. We literally wouldn't be in this situation without you supporting us. It's all part of this crazy wild adventure called the future. We'll figure it out, but it's better together.