Pro-Tips: How Not to get Scammed & Phished
Below are some tips to reduce the risk of you losing your hard-earned coins.
- Install EtherAddressLookup or MetaMask. These warn you if you go to a malcious website.
- Did you just get sent a link to a token sale, MyEtherWallet, etherdelta, Shapeshift, or Ebay? Don't click it! Instead, search for that service on Google. Click the top one that is not an ad.
- You do not have to enter your private key for an airdrop. Don't enter your private key on random sites!
- Double-Check the URL. Are there any weird characters? Symbols? It is
- Token sale or exchange? Google the name of the token + "twitter"
- Check out the Twitter account. Everything looking good still?
- Sending to an address? Check out the address on etherscan.io.
The screenshots below point out specific things to check to make sure you are interacting with the correct site.
1. Use Google instead of clicking links sent to you
So you received a message, saw a tweet, or whatever about hot new ICO. Don't click. Google the name of the token + "token contribution" or "ethereum" or "token".
2. Check the URL. Is it the same as the message received?
Okay....but how do I know this is the right URL?
3. Google the name of the token + "twitter"
4. Check out the Twitter. Everything looking good still?
On Twitter, check the URL and the USERNAME of the account. Be on the lookout for weird things like _ or captial-i's that look like l's or O's that look like 0's. This indicate a scammer.
Followers, images, tweets and the name of the Twitter account are cloned by fake accounts. Ignore those.
You have followers in common. This is a good sign! The URL they provide match the URL you were on earlier. So let's get the address.....
5. Check out the address on etherscan.io
....and let's check the comments on Etherscan.
Does it have any comments? Are they all angry people who had their funds stolen?
Or is there some add'l verification that this is legit? Again, never rely on a single comment—this adds to the fact that all this information is consistent & correct.
6. And always make sure you are on the correct MyEtherWallet, too!
And finally, when you go to contribute, make sure you are on a legit version of MyEtherWallet.com
Check the URL. Check the SSL. Check the v188.8.131.52 (for district0x only). Don't rely on the version number, but its another good way to easily spot a scam site.
Check the address. Check the AddressIcon (the colorful blob of colors that corresponds to your address. It is an easy way to see if the address matches across two places.)
In this case, district0x's is kinda pinky-yellow and the address starts with 0xF80.
Oh, and now the URL on MyEtherWallet displays on load & node-change. This is another easy reminder to let you know if you are on a scam site.