How to stay safe during ICOs and other periods

Domain verification

The problem

There are many website clones of ICOs with fake contribution addresses. Sometimes they use character substitutions in the domain (ie: i becomes a l in the scam site). Sometimes they use IDN domains which are harder to see with your eye (ie: c becomes a ƈ)

/images/security/how-to-stay-safe/idn-demo-domains.png

The solutions

These are various tools that you can use to protect yourself.

Install browser extensions

There are many browser extensions that offer similar functionality to protect you against the fake domains (IDN homograph attack domains, fake project domains, other scam domains).

Use bookmarks

You should never rely on links people send you, or results in a search engine. You should always type the address manually and then bookmark it and start using the bookmark every time.

0x address verification

The problem

Once you've sent ETH (or any other token) and it's confirmed on the network, it is irreversible. So you need to ensure you have the correct address when you sign your transactions.

During ICO phases, many communication channels (Slack, Telegram, Discord, Twitter, etc...) are slammed with fake accounts promoting "the contribution address".

The solution

Confirm the address

You can confirm the address for an ICO with some simple checks;

  • Search the address on block explorers and check for comments.
  • Typically ICO addresses are contract addresses. If the address given to you doesn't have a contract, it's usually a scam.

Alternatively, get your wallet provider to implement the EtherScamDB JS library to show a visual indication - etherscamdb-js-address-validation GithubNPMJS

Twitter

The problem

Twitter has recently become a prime spot for scammers to pretend to be famous accounts by copying their name and profile picture and announcing giveaways.

An example

/images/security/how-to-stay-safe/trust-trading-scam-twitter.PNG

The solution

There are various ways in which you can "ignore" these scammers.

Muting key scammer phrases

You can go into your Twitter settings and mute words/phrases so you won't see them. Here's a bunch of phrases you could ignore

give-away
give away
giving away
giveaway
Get BTC or ETH for free

/images/security/how-to-stay-safe/how-to-mute-words-twitter.png

Disabling notifications from fresh accounts

This one can be quite aggressive, but Twitter allows you to not receive notifications from accounts that fit a certain criterion. If you go to your Notifications settings, you can select your preference.

We recommend ticking the following;

  • Who haven't confirmed their phone number
  • Who haven't confirmed their email
  • With a new account

This should prevent you from getting notifications from people tweeting at you regarding scam ICOs, pretending to be an ICO you follow, and other types of phishers/scammers.

Installing EtherSecurityLookup

This browser extension comes with functionality that will highlight similar account handles to those "verified" by the extension and show a "verified" icon next to the handle on your timeline.

/images/security/how-to-stay-safe/esl-fake-account-twitter.png





Need Help? Message Us