How to avoid getting scammed and phished
Below are some tips to reduce the risk of losing your hard-earned coins
- Install EtherSecurityLookup if you use Twitter, and either EtherAddressLookup or MetaMask if you use MyCrypto or other crypto-related sites. These warn you if you go to a malicious website.
- Did you just get sent a link to a token sale, MyCrypto, EtherDelta, ShapeShift, or eBay? Don't click it! Instead, search for that service on Google. Click the top one that is not an ad.
- You do not have to enter your private key for an airdrop. Don't enter your private key on random sites!
- Double-check the URL. Are there any weird characters? Symbols? It is
- Token sale or exchange? Google the name of the token + "twitter"
- Check out the Twitter account. Everything looking good still? Do they still have a verified badge if they had one before?
- Sending to an address? Check out the address on Etherscan. Check for "scam" warnings under the comment section.
The screenshots below point out specific things to check to make sure you are interacting with the correct site.
1. Use Google instead of clicking links sent to you
So you received a message, saw a tweet, or whatever about hot new ICO. Don't click. Google the name of the token + "token contribution," "Ethereum," or "token."
2. Check the URL. Is it the same as the message received?
Okay ... but how do I know this is the right URL?
3. Google the name of the token + "twitter"
4. Check out the Twitter. Everything looking good still?
On Twitter, check the URL and the USERNAME of the account. Be on the lookout for weird things like _ or capital "I"s that look like "l"s or "O"s that look like "0"s. This indicates a scammer.
Followers, images, tweets, and the name of the Twitter account are cloned by fake accounts. Ignore those.
If you have followers in common, this is a good sign! The URL they provided matches the URL you were on earlier. So let's get the address ...
5. Check out the address on Etherscan
... and let's check the comments on Etherscan.
Does it have any comments? Are they all angry people who had their funds stolen?
Or is there some extra verification that this is legit? Again, never rely on a single comment—multiple indications of legitimacy are ideal.
6. And always make sure you are on the correct MyCrypto
Finally, when you go to contribute, make sure you are on a legit version of MyCrypto (https://mycrypto.com/).
Check the URL. Check the SSL (it should always say MyCrypto, Inc [US]).
Check the address. Check the identicon (the blob of colors that corresponds to your address. It is an easy way to see whether the address is consistent across multiple places).
In this case, district0x's is kinda pinky-yellow and the address starts with 0xF80.
Oh, and now the URL on MyCrypto displays on load and node change. This is another easy reminder to let you know if you are on a scam site.