Let's talk about scams.
An unfortunate consequence of the nature of decentralized financial and transaction systems is that they attract bad actors who will try to swindle, manipulate, and trick you into giving them whatever you've got.
These scams range from extremely low effort mass-posting phishing schemes to highly sophisticated, well-funded operations involving teams of talented con-artists. We cannot eliminate these bad actors with laws or regulations without also eliminating the freedom, independence, and decentralization that comes with Web-3 and blockchain technology. So the situation = hopeless.
We must accept these scammers as the cost of doing business, right?
What? Hell no!
We can fight back against those who are tarnishing the reputation of crypto and NFTs in a way that is far more effective than any government regulations could hope to be... And that surefire scam wrecking method is... Wait for it ...
Education! 🥳🎉🎉🎉
Yes I know, I can hear the echoes of the future groans of disappointment reverberating back in time as I write this, but the fact remains that the better educated we are the less effective all these scams become. So with that in mind, I thought I'd outline a couple of the more common scams you are likely to see, and if y'all find this information valuable I will post some more when I can.
Some of these are going to seem obvious to those of you who have been around the crypto and NFT world for some time, but the reason that we keep receiving these is because they work.
Ok the first three are examples of the "Congratulations you just won a contest that you never entered" category.
These usually have some kind of time limit making it seem like if you don't act now you will miss this once in a lifetime opportunity to become rich beyond your wildest dreams. Usually, the way the scam works is once you click the link onto their platform they'll have you connect your wallet and approve a transaction, which will give them the ability to drain whatever's in your wallet.
They cannot drain your wallet or remotely access your system simply by you clicking a malicious link.
We all click on bad links and interact with malware from time to time!
⭐ How we react, mitigate, and isolate those breaches in our security when they happen makes all the difference.
I'll let you in on an infosec secret: the vast majority of modern hacking today involves "social engineering" which is a fancy way of saying manipulation.
Modern cryptography makes it almost impossible to brute force into secure systems so hackers have to trick you into giving up your own passwords, keys, and seed phrases. Some of them are extremely good at doing this, but "social engineering" cannot work on someone who is aware they are being manipulated.
These two are bit less obvious, they are emails I received that are connected to phishing scams.
For the first one I don't have a ledger device so kind of a red flag there, but also look at the sender.
Any legitimate company like Ledger is going to send emails from: support @ Ledger dot com and not some shady domain.
For the second screenshot, I do use the exodus wallet and I would be concerned if somebody from Canada had logged into my account, but same issue: sender looks sketchy, also time and date of authorization = today (Not very specific).
On top of all that Protonmail sent these directly to my spam folder and flagged the second one specifically as a phishing scam so it's hard to believe any of these were legitimate from the beginning.
This underscores the importance of using applications that you trust.
If you received a message or email and you're not sure of it's legitimacy the easiest way to verify it is to go to that company's website directly (not through whatever link is provided in the suspicious email), and ask if they sent the message. Failing that you can ask somebody else. Simply taking the time to consider your decisions can save you from becoming victim to one of the fishing scams I've mentioned here. These are are few insights on how you can protect yourself from scams in web3.
If you found this information valuable please let me know and I will continue providing it. If you found any of this information incorrect I would also like to know! I'm not an expert, I tried looking for the IT guy but he's missing, must have ransomware.