Call to Action: Help us w/ these Phishers, Please
These phucks will not stop until they stop getting money or get caught. We don't have the time or manpower to do it all. There are so many things to do and watch and document. We thank you for your help.
1. Educate when you see a message
- If you see a link to one of these sites or a fake Token Sale address, comment on it in #general or on Twitter or on Reddit or wherever. Warn people QUICKLY & LOUDLY.
"There are scammers that are DMing, posting links, posting comments, and trying to get you to navigate to fake URLs. DO NOT CLICK IT!" (Yes. People still don't know this. I don't know where they are, obviously not here on reddit).
Remind people: "If it's to good to be true, it probably is."
⚠ PSA! Do NOT click the link or listen to the scammer! That is a phishing site. Always check your URL and/or consider getting a Ledger or TREZOR hardware wallet.
If you have a moment, please report the recent malicious site
myetherwallet[.]su as phishing to Google via https://safebrowsing.google.com/safebrowsing/report_phish/ and https://safebrowsing.google.com/safebrowsing/report_badware/. If you have IE, do the same via Tools -> Report as Malicious Site so they can't trick anymore people.
2. Educate before you see a message
This is too much for one post so help spread the word: Private keys are private. Use hardware wallets. Use cold storage. Go offline. Check URLs.
- Creating a wallet offline is the shit
- Getting a Ledger or Trezor Hardware Wallet is even better.
- You can sign transactions offline so your key never touches a phishing site!
- Install EAL to block malicious / phishing sites: https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn
- Install the MyEtherWallet Chrome Extension
- Install MetaMask to block malicious / phishing sites & interact with MEW: https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn
- Never enter your private keys, passwords, sensitive data on a website that you were sent via message
- ONLY unlock your wallet when you want to send a transaction. Check your balance via https://etherscan.io/ or https://ethplorer.io/
- Do not trust messages or addresses or URLs sent via private message. Always verify information w/ a secondary source.
- Guide on How to Prevent Loss & Theft.
- Protips: How not to get scammed (needs cleanup and to be more generic)
3. Report the absolute living daylights out of the malicious URLs
What to do if you see a malicious site or post in the future
- Report: https://etherscamdb.info/
- PR in malicious domains: https://github.com/409H/EtherAddressLookup/blob/master/blacklists/domains.json
- Add malicious non-URLs here: https://github.com/MyEtherWallet/ethereum-lists
- Report to Google: https://safebrowsing.google.com/safebrowsing/report_phish/
- Report to Google: https://safebrowsing.google.com/safebrowsing/report_badware/
- If have IE / Edge, report there: https://support.microsoft.com/en-us/help/930167/how-to-report-a-phishing-web-site
- Report any Google Adwords Campaigns here: https://support.google.com/adsense/troubleshooter/1190500?hl=en & https://support.google.com/adwords/answer/176378?hl=en
- Spam with fake private keys: https://gist.github.com/kvhnuke/f2e69fd552827a35e8b1a885e5587c1c
- Notify host regarding malicious website / DMCA / copyright violation / trademark violation
- Notify registrar regarding malicious website / DMCA / copyright violation / trademark violation
- Notify SSL Cert Issuer of misuse of cert / malicious / phishing website
- Screenshot site / tweets / messages & website & code
- Add UA-ID to Spreadsheet & DuckDuckGo Google UA-ID for other sites
- Google keywords and see if other sites and repeat above
- Help grow / maintain / track here: https://docs.google.com/spreadsheets/d/1ErQGI2elbzVAapLBYzDePV7jqpiDnsJoSlmAlQ9_zno/edit?usp=sharing
- Great reporting template / idea of what reporting is like: https://twitter.com/myetherwallet/status/886888683609051136 (if you type this up and send it to me, i'll add it so we don't have to retype later)
I am writing to you today to report a malicious website on your service:
insert_domain_here. This website is posing as the legitimate site
myetherwallet.com. The operators of this malicious phishing website site (
insert_domain_here_again) have added code that steals the private keys of unsuspecting users, sends them insecurely to their own servers in order to steal the users' money. Please stop providing your service to (
insert_domain_here_again) immediately to prevent further theft and protect users. Thank you.
To find their host, whois their info and find the abuse contact
4. Make, share, warn, & help eduate. Things like "how to avoid phishing / badware" a la https://www.google.com/safebrowsing/static/faq.html#q1
5. Only if you are careful and you really really really are game:
- Spam with fake private keys
- You can use this to spam with fake private keys. OR help develop it more! OR just donate to that developer! (address on the link) https://github.com/MrLuit/MyEtherWalletWhitehat
- Help add to growing list of stuff and link things
- Help others find whois info, track domains, track emails.
- Help us build things, faster. https://github.com/MyEtherWallet/ https://github.com/409H/EtherAddressLookup
- Join our Slack to discuss and coordinate