I’ve noticed a lot of phishing attempts happening around ICO’s lately and I’ve seen some of these fake contribution addresses raising as a tonne of money. Below, I’ll outline some things you can do to avoid being caught up in one of these scams as well as some general tips to help you stay safe online.
Only trust the details posted on the official website for an ICO
Never, ever contribute to an address during an ICO that is not on the ICO companies website. There have been numerous fake addresses posted everywhere from Twitter to Slack using fake accounts in order to look legitimate. These have been very successful in some cases due to the panic that surrounds an ICO with people wanting to get in at any cost. You should only ever trust an address that is on the official website. It's never worth taking a risk just so you can get into an ICO.
The above image contains a fake Ethereum address that was spread around on Twitter and through email addresses falsely claiming that the Status ICO sale had started early when it is in fact scheduled for June 20th. The website that the email links to is an exact clone of the real Status website. The address has since raised almost 200 eth.
Original Reddit thread about the Status scam here:
Always confirm the websites URL
This is the golden rule when you are inputting any sensitive information on a website or contributing to a crypto address. One of the most popular way for people to get tricked is by a fake website. The fake website can be a complete clone of the real one so that any regular person wouldn't suspect it as being malicious. If you check the URL (website address) you will quickly notice if the website is fake. For example, https://www.ethereum.org/ is the correct Ethereum website address but someone could easily clone the website and then host it at a URL such as https://www.etherem.org/. Notice what's different? I removed the 'u' from the word Ethereum. This is if the URL is available to be registered, of course.
Verify that a website has an SSL certificate
You know that little green lock next to the website address in your browser?
The lock indicates that a website has a valid SSL certificate installed. An SSL certificate enables secure connections between the client (your device) and the server (where the website is hosted). What this means is that any information you input into the website, such as your name or email, is encrypted so that only the sender (you) and the receiver know what exactly has been sent. Now, an SSL certificate itself doesn't mean that the website is legitimate as any website owner can install an SSL certificate. A company should set up an Extended Validation (EV) SSL Certificate (which requires 3rd party vetting) in order to be trustworthy as it displays the companies legal name in the address bar. Example below.
For more information on SSL certificates go here: https://www.globalsign.com/en-au/ssl-information-center/what-is-an-ssl-certificate/
Do not open any attachments or links from an unusual email
This is more of a general security tip but it is an important one. Email is one of the most effective ways that cyber criminals are able to infect your device or steal your information because many people still download attachments or click links that are malicious. Email addresses and names can also be spoofed so that it may look like the email came from your bank utility company, but in reality it is an impostor. Some key things to look out for when trying to determine if an email is real or fake:
- The general rule is just to not open any attachments or click on any links in an email that you were not expecting.
- Do not give out your email address freely to any website that asks for it as this could result in your email address either being stolen in a data breach or sold to a 3rd party. You can check if your email address has been involved in a data breach by visiting https://haveibeenpwned.com/.
- Analyze the salutation - Is the email addressed to a vague “Valued Customer?” If so, watch out. Legitimate businesses will often use a personal salutation with your first and last name.
- Check the sender email address (keep in mind, this can be spoofed)
- Read the email carefully. If there are any grammatical errors, it's usually fake.
- Do not download any attachments unless you were expecting the email. Even then, make sure the email is real.
- Check the embedded links (an embedded link is a link that is embedded into a word such as click 'here'). Malicious links are often hidden using this technique.
- Check that the phone numbers are legitimate as more sophisticated phishing emails will have a fake phone number that you can call and there will be someone on the other end impersonating support staff.
- If the email is from a utility company asking for payment for a bill, manually login to your utility companies website and check your balance there. Do not click any links in the email. This is a very common phishing scam.
The above image is an example of a sophisticated fake utility bill that was sent to thousands of Australians. Notice anything wrong with it? Most people would have no idea what to look for but I'm hoping with the above tips you are able to spot the suspicious material. Hint: the email address it came from isn't the real Origin Energy address. There are a few other things that I'll leave for you to find using the aforementioned tips :)
Protect your accounts with 2 factor authentication
2 factor authentication (2FA) is a great way to protect your online accounts. 2FA allows you to set up an additional authentication step (such as receiving a code via SMS) in order to verify that it's you logging in. Most companies have an option to add 2FA to your account and I'd recommend enabling it across all services that you use online - especially on any cryptocurrency exchanges that you use. Don't forget to also set it up for your email account!
Stay safe everyone!
If you found this post valuable, please upvote, resteem and follow :)
click here!This post received a 16% upvote from @randowhale thanks to @sassal! For more information,
Great security tips, I always follow these tips whatever be the site I follow mojor of your steps.
Thank you :) Glad you found it useful!
Some very good advice to stay safe online.
The best advice is to stay offline 🤔
That's not really an option for most people.
I know. I remember a long time ago when nobody even heard of the Internet, we were using it at university for educational purposes. Now it has become an integral part of our lives, and it has something called STEEM 😀
But, it's good to unplug every once in a while, go offline and just enjoy life.
Even at Uni it wasn't fully for educational purposes. :)
You can say that lol. Napster was popular back then. Pains me to see kids today don't even know what Napster was!
Most haven't any notion what DOS is. I couldn't afford windows (3.1) when I upgraded to a 486-33 so I only had DOS 6.0 for about 6 months.
Nice advice! :)
Good
Welcome to Steemit :)
I follow u, follow me back if u want lot of fun and amazing picture every day.
good article thanks
....please pay by dhursday.....
btw iv seen that u didnt add me......yet.....cheers mate