Guard against web3 scams! Learn to spot and avoid fake airdrops, rug pulls, NFT fraud, spoofing, and phishing attacks. Safeguard your digital assets in the unregulated web3 space. Stay informed and secure in the web3 revolution.
This article is reposted from SecuX's 〈Most Common Web3 Scams and How to Avoid Them〉.
Disclaimer: The information provided in this article is for educational purposes only and should not be considered as financial advice.
There are plenty of new technologies and opportunities constantly presenting themselves in the web3 world, but they aren’t all positive. Innovation also brings out the creativity in individuals intending to do harm and pull off online scams. In the highly unregulated web3 space, online threats are a major concern. Whether you’re new to web3 or not, being aware of deceptive tactics that can catch you off-guard could be the difference between keeping or losing your digital assets.
Common Crypto Scams to Look Out For
Fake Airdrops
Let’s start with fake airdrops. This often happens with fake celebrity accounts to gain your trust. What happens is those with malicious intent will offer to send free tokens but instead they are stealing vital info such as your private keys.
How to Protect Yourself
Don’t trust just any account. Always do your own research (DYOR) and verify the project or person’s Twitter account, website, and other social media accounts.
Rug pulls
This one can hurt a lot. Rug pulls are when crypto projects do the utmost to trick users into investing, then they tank the value of the crypto or take all the money and disappear. In order to attract unsuspecting victims, the scammers may create a very legitimate-looking fake website and social media channels.
How to Protect Yourself
Again, look deep into the project, their whitepaper, and members of the team. You can also consider using decentralized exchanges that have liquidity locked in smart contracts to conduct transactions. Also, monitor community sentiment on the project. If there is something fishy going on, there may be others talking about it.
Fake NFTs
While NFTs are unfakable, you wouldn’t know unless you look into the metadata and smart contract. Fake NFTs are counterfeit and sold on fraudulent marketplaces all in an effort to gain access to your private keys and other sensitive information.
How to Protect Yourself
The best way to safeguard yourself against purchasing fake NFTs is to verify the authenticity and only purchase NFTs from reputable marketplaces such as OpenSea. If something looks too good to be true with amazing prices, it probably is.
Spoofing
Spoofing is similar to impersonating. It is where scammers impersonate trusted entities to deceive crypto users. Because you trust the name, you may trust them with your name, address, private key, etc. If you’re not careful and don’t double-check, it’s very easy to fall for spoofing scams.
How to Protect Yourself
To protect yourself, always verify the authenticity of websites and emails. Be cautious when clicking on links or providing sensitive information. Sometimes there are very subtle spelling errors like an extra or missing letter in a URL or email address. Also, enable two-factor authentication for your accounts to add an extra layer of security.
Pump and Dump
The name gives it away. A pump and dump means a party artificially inflates the price of a cryptocurrency before crashing it with a mass sell-off, resulting in significant losses for investors.
How to Protect Yourself
Protect yourself by relying on your own research rather than hype or market manipulation. Avoid impulsive investments driven by FOMO (fear of missing out) and never invest more than you can afford to lose.
Types of Phishing Scams
We then move on to phishing attacks, which are basically when an online scammer tries to trick individuals into providing their sensitive information on their own accord. Below are the most common methods of phishing.
- Social Media Phishing
Social media phishing is done on popular blockchain social media platforms such as Telegram and Twitter. Scammers impersonate individuals or projects and attempt to steal sensitive Web3-related information. Legitimate companies, like SecuX, will NEVER ask for your seed phrase on any platform.
- Phishing Websites
Phishing attacks on mirror websites, which is what this type of phishing is, are quite common in web2 as well. They are fraudulent sites designed to mimic the appearance of legitimate blockchain platforms, decentralized applications (DApps), or cryptocurrency exchanges. You have to look closely at the URL because sometimes a misplaced letter or number can give them away.
- Fake Emails
One of the more old-school methods of phishing is through fake emails, and it seems like it is still relevant in web3 scams. Deceptive messages are sent to individuals within the blockchain and crypto space. These messages appear to be from legitimate Web3 projects, crypto exchanges, or blockchain organizations in an attempt to get users to reveal private info.
- Seed Phishing
Seed phishing is exactly what it sounds like – scammers running frauds to gain access to your seed phrases. This can be done with malicious links that lead to fake crypto wallet websites that require users to enter their seed phrase. Spoiler alert! Never ever share seed phrases or private keys with any online platform or individual.
- Ice Phishing
No, this isn’t the type of phishing people do on frozen lakes in the winter. It’s where hackers create an opening in smart contract platforms and replace the receiver’s wallet address with their own. Scammers usually ice phish the whales (individuals who hold a lot of digital assets) in web3.
How to Protect Yourself
To protect against phishing attacks, always verify the authenticity of the sender or website and double-check email addresses and URLs. Question what it is you’re receiving and who it’s from. Enable two-factor authentication whenever possible, stay informed about common phishing tactics, and avoid sharing personal information through unverified channels. Keep your software up to date and always use secure connections.
Malware
Malware is still relevant in web3 scams, where malicious software, often disguised as legitimate blockchain apps or browser extensions, is used to compromise users’ cryptocurrency wallets or private keys via infection or phishing.
Protect yourself against malware scams by only downloading from reputable sources and be cautious when clicking on links, and always verify the authenticity of the software or extension before installation. Also, regularly update your device’s security software, use robust antivirus programs, and conduct routine scans to detect and remove potential threats.
How Can Trend Micro Help You Protect Your Cryptocurrency?
To protect everybody’s assets and guard people’s information security, Trend Micro developed a new anti-fraud tool for WEB3 —— Trend Micro ChainSafer. It is equipped with AI-driven algorithms and can detect and warn you of suspicious blockchain transaction activities automatically. It also uses Trend Micro’s large database to block typical cryptocurrency and NFT scams for users, and detects phishing websites to help cryptocurrency and NFT users ensure the security of their digital assets in their wallets.
TM ChainSafer Snap
MetaMask Snaps is a new function of MetaMask. it allows third-party developers to provide plug-in functions to MetaMask users through MetaMask Snap. We have made Trend Micro ChainSafer into MetaMask Snap recently too! Currently, it is provided for users to install and use free of charge. you can’t be late when it comes to protecting assets. Don’t wait until your money is lost and then regret that you haven’t been prepared.
How to install MetaMask Snap:
- First, install the MetaMask wallet on your browser: https://metamask.io/download/
- Install Trend Micro ChainSafer Snap: https://nexone.pse.is/5j6qbg
SecuX x Trend Micro special collaboration W20 cold wallet
SecuX and Trend Micro released the latest co-branded cold wallet, W20. Not only is there no need to worry about fraud threats while trading online, the offline saving feature of cold wallets also keeps your assets away from hacker attacks at all times. It is the ultimate security solution for cryptocurrencies and NFT.
Most importantly, if you purchase it from the USD or JPY regions on the official website before 2024/1/31, you can enjoy a limited USD 50 discount!
For more information on the advantages and features of the co-branded cold wallet, you can refer to:
SecuX W20 X Trend Micro: The Ultimate Scam-Proof Hardware Wallet for Crypto and NFTs
Conclusion
We’re just in the beginning stages of web3 exploration, and since it’s still a largely unregulated space, it leaves many of us open to online attacks and scams. Knowing this, it’s important for us to remain vigilant against the most common scams: fake airdrops, rug pulls, fake NFTs, spoofing, and phishing attacks. By staying informed, we can safeguard our digital assets and participate safely in the web3 revolution.
Related Articles
Public and Private Key Generation – Intro, Generation, and Storage
Symmetric VS Asymmetric Encryption in Cryptography
How Blockchain is Changing Payment Methods
Sources
Web3 and Crypto Scams You Should Be Aware of and How to Avoid Them
Web3 Scams and How to Avoid Them
