Topic: Beware of fake Coinmarketcap! - page 2. (Read 359 times)

Not only the Coinmarkercap phishing site, but when I do a random search for "bscscan" on google then on the first page I will find another phishing site almost the same as the coinmarketcap phishing site, is it possible this is done by the same scam? I don't know exactly but it seems that the phishing site is now back in Google search.

But be careful when doing a typed search on google, make sure to click on the original link, sometimes above it is always slipped on a phishing site.

The hackers don't target us because we are aware of what these websites for, they are targeting those that lack of knowledge about these things in crypto.

Yeah, it's why it's highly recommended that if you visit a website at most times, you just save and bookmark it and avoid searching it on google using keywords. It is no problem for us but the main concern are the newbies.

That's the sad thing. Technically, this can be avoided when one has got to learn about those adblockers or is a checker of URLs and attentive to detail for spellings and also active in the community knowing how these attackers come but, they're not targeting us. As for the browser wallets like Metamask, I think most users would agree about can be used conveniently but they ignore that fact that phishers are targeting them because of how many they are.

Since you've mentioned about keeping some information on your email address. I hope that you don't keep such passwords and login details there. I've read that there were people that also have kept their private keys and seeds there and I'm just hoping that you don't do that.

I usually use Brave but it's just so happen that during that time, I've chosen to go with Microsoft Edge and it appeared there as I type google.com first. I agree and as suggested also by Lucius, having an adblocker is one of the best ways to not meet these phishing ads.

Yes and as well as avoid clicking those ads that's making it look like a suggested website if someone is into keyword searching.

I remember there's someone from the forum, I can't remember that guy exactly that has became a victim of the same attack and then he admitted that he's tired at that time and haven't checked the letters correctly. These scammers uses that unfortunate moment and sort of psychological factor to trick their victims.

True and literally newbies that aren't aware that there's no need to connect wallets just for accessing CMC.

Just a random shitcoin that I've seen on some topics. Actually, I've used different browsers for it and it has appeared for a couple of minutes and that screenshot I've made was the first time I've seen it. And then, I've made a few refresh continuously like around 3-5 times and then it's gone.

I've reported them already, I'll include the link of reporting it on the original post.

Yes, this is not new. Google keeps on just accepting these paid ads to appear to their users and they don't really clear and filter it. And that's why we have to be vigilant and take action on it and keep on repeating to inform others about this trick that these scammers/hackers do.

It's very likely that there's only one person or group of people behind these links.

What the site shamelessly actually does is, with either of the wallets (were someone to be compelled to connect to them there and then), is to end up asking them for their seed. The screen is modal, so the user either aborts the operation, or sheepishly follows the layout path to providing his seed.

It’s not the only attempt though. These other sites have a similar name and identical results:

a few days ago I also had an experience like the OP found. I don't think this is anything new because it's not the first time I've seen a fake CMC site.
but it's good that the OP publishes this, especially for those who are new to CMC, and won't be fooled by the fake site.
it looks like the fake site can't be found anymore.


some people access CMC and connect wallets to take part in the airdrop. maybe some people don't realize it if they are not active in the information in the airdrop community.
regarding CMC diamonds can be obtained from daily claims. and diamonds can be exchanged like merchandise or NFT.

It seems that the wallet connection feature is what scammers want to use to create a fake CMC site.

What exact keyword do you use? I tried a few keywords with the market cap but didn't show any ads on Google.
It seems that they targeting US users.

And based on Whois it's a 1-day old domain look below


So it's obvious that this website is being made for phishing.

I think we need a volunteer here to report them to Google below
- https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

If more people report it I'm sure this domain will remove immediately from their Google ads and it also help our community to fall into this trap.

thank you for reminding everyone. I usually open coinmarketcap to just see the latest news and also price changes in the crypto market so that's why I pinned it in my browser.

The scammer uses a phishing trick to capture people who rarely open CoinMarketcap, for newbies it's better to pinned the CoinMarketcap site in your browser if you open it often and always pay attention to the sites you open, don't carelessly connect your web wallet to websites.

You are wrong, I have my metamask wallet connected to coinmarketcap website for airdrop participation and also to claim free NFTs using CMC Diamonds, I have over 2800 Diamonds on the platform and I can use it to claim some free spot/NFT or tokens in future.

Brave isn't completely ad free (if you click to receive ads) and I've not used librewolf to know how it works. Getting rid of trackers by using brave is a good start but you have one of the biggest suggestions you're into crypto if brave declares itself as brave browser to the websites you're connecting to (unless they've managed to mask that).

Don't trust any ads with funds too even if they look legit. It doesn't take much time to retype a Web link or search via multiple search engines to see if what you have found is the legit site before parting with any information. Even buying something with a card, it's much safer to use a site that's trusted and searchable than to use one that's findable from.an ad.

---

I think these sorts of scam trends are generally ones picking on people who are either tired or distracted (not concentrating too) as a lot of users who know what they're doing under normal circumstances would just reject or close such popups (just closing comes with its own problems too because then you probably still have it as a pending request you might accidentally click).

This is not the first time scammers are making fake CMC websites and posting google ads for that.
My suggestion is to install some ad blocking extension like uBlock Origin, or just use browsers with integrated adblockers like Librewolf (based on Firefox) or Brave browser (based on Chromium).
With this you won't see most of the ads on all websites including youtube, but you can whitelist Bitcointalk forum

Best solution for this is to stop using Metamask wallet, or at least double check url bar before connecting any website with wallets like this.

For record, this is the website of https://coinmarketcap.com/.
I do save such web address on my home screen to avoid doubt or to be confused on the address. It helps if you have the correct address of the site you use always to just save it on your phone and on your email address incase you lose your phone. It is that important to keep some information on your email and not to disclose your password.

The website looks really different and phishing.

Even more, most people with not much of knowledge on this kind of things use Chrome as the default browser on their Android phones (yes, they browse from the phone).
And Chrome for Android doesn't support extensions (guess why). Of course all the competitor browsers do support those extensions, but people tend to stick with Chrome.

A simple solution is to install Ad Block (uBlock Origin) and never see those paid search results. If the majority had the knowledge that such a thing is possible, then not only would scammers have almost no chance, but Google would also give up this method of displaying ads.

Maybe I'm old-fashioned, but I've never understood why anyone agrees to the concept of a crypto wallet in the browser - it's a real nightmare when it comes to security. And yet, to some extent, I can understand why this idea was so well received by users - simplicity and accessibility with free use are a winning combination for many.

Not so long ago we had another fake one -> Fake Coinmarketcap Website

It's the "wetcap" for me 😆. Thanks for alerting us to it. This is the reason I like to bookmark every vital site I visit and know I will revisit or use regularly. I don't even trust people to just call out a website to me, I want it copied and sent. Any slight variation in spelling this day leads one to a totally different site. Phishers everywhere. That site didn't even hide its attempt to scam from the onset by asking users to connect their wallets to it. For me, even without suspecting that the url was different, was a red flag.

Lol, there's no reason why we need to connect Metamask or Walletconnect since Coinmarketcap isn't an exchange. If the phishing site didn't ask to connect a wallet and only allow user to sign in their Coinmarketcap account, many newbies will get tricked since it's same like the official site. I think if there's a newbie get phished in this site, they're don't have any brain to thought before randomly give access their wallet.

I was just browsing some random stuff on Google and then this appeared on my search. See image below.



It's shown at the top search and I'm sure that many of us know that Google don't really filter these phishing and scam websites. After I've seen the ad, I'm aware of it that it is sketchy and tried to visit it. And this is what it has shown me, the website is asking for these two wallets to connect to them. I'm safe since I don't have those wallets installed on my browser.



So there it goes, not so unknown conclusion that many have been hacked through this. The forceful asking for the users to connect to their Metamask, Wallet Connect and other wallets before accessing into these fake websites and services lead the victims into stealing their funds.

And that's why for newbies and even those folks that have been long in the community, be careful. This isn't just the one and there are other websites that they are copying. For example, the popular crypto websites like exchanges (Binance, Coinbase, etc.) and other wallet services aside from Coinmarketcap.

Let's report these suspicious and harmful phishing links, not just this one but the others too through the link below:

---

The links below are the phishing links that has been also caught by other forum members, if you've got spare time, let's report all of them. These are the few from the many out there.