Topic: Double Check Bitcointalk Username Before Download or Invest to Avoid Virus/Scam (Read 246 times)

Thanks for your information sir. I already knew the legit one. The legit one has the Icon. The others are not. Be always vigilant guys. Still on this step you can still encounter scam attempts.

TryNinja have already given you an explanation. Another way is, you can ask the dev team, maybe they have another contract before or swapping contract. If not, you can report contract address to Etherscan and attach proof of scam/phishing if you have it. Here is how to report address to etherscan.


Please do a research before reporting scam/phishing smart contract and make sure you have enough evidence.

Probably. Anyone can create their own token and with any name, so people can use the name of a known token but with a different tag to pretend to be the real one. If you click on any of these, there is an "Information" tool-tip icon in the page that shows:


So neither of them are confirmed to be the legit.

This is a helpful post. Also I would like to know if is this a form of scamming?


When I add custom token to my wallet. There are two other tokens also with the same name. Is this a scam?
I didn't add the original yet. I don't also have the real contract address of this token.

Thank you very much and your thread here is also a nice one and a help for new users and other users too. Great work !


Wow ok nice to hear that also , and dont worry you dont have or doing anything wrong .
And if you get bad reports at some time for reporting dont care about ,
keep up how you doing and its realy nice to see that more users take action about scammers and spammer and hit the " Report to Moderator" button.

OP made a great guide, but I want to emphasize that not only checking bitcointalk usernames, but also checking validity and past reliability of accounts on any platform before consider downloading sources they give.
If someone does not have ability to check such things, s/he should avoid downloading sources or clicking on given sites from strangers.
I read months ago that scammers use Github accounts (old accounts) to make their scam easier.

To be safe, people have to carefully check usernames, given links (by hovering on given links to get real links hidden behind hyperlinks under texts) or check full links if they are shortened ones. Highly important to be careful with intention to download given resources from others, especially from unknown ones.

Your thread has been added. I think this thread is one of good threads that I missed before. Thank you for posting it here.

Thank you for your support, because I learn about this from you too.  
Just let me know if I do something wrong.

---

Edit to reply post

---

Thank you for your support, yes, I suggest to check information about project on CMC or Coingecko if possible, but if not, I suggest to check Github profile and check any link before clicking it.

About shortened link, I will add to my thread.

Maybe you can add this thread also i have done weeks ago to your list , if you want !

https://bitcointalksearch.org/topic/guide-and-advice-for-new-users-before-you-download-anything-from-the-forum-5167236

Should be also helping others and new users for dont fall into some trap of Scammers !

Great to have you on board for reporting and looking for this kind of things , awesome !

Thank you for the explanation, I already added your post to my thread. Yes, I always download software from Sandboxie to check how save that file. Because if I want to make a report, I need a proof. So, downloading files is the best way to check. I remembered about false positive already mentioned in Lafu's thread by nc50lc.

Allright, if we can compare both of account from his levels, sometimes you will see newbie + newbie ranking member in this case. How to compare both of them? What we can do is check all factors I mentioned above. From his account, website until download link.

CMIIW


Thank you for your points

There are 2 different discussions here imho.
1. You have to always double check the account you are discussing with, whether it's about download, or trade or anything important.
2. You have to always double check whatever you download and install, no matter who give you that.

And remember, even trusted accounts can be bought or hacked. Always watch your back.

This sometimes happening but there are sometimes can make the same account stats to make it look legit if they are holding multiple accounts they can use it to give merit for his fake account just to reach the activity and merit stats the same as the original.

The only thing you can use for now to know if you are dealing with suspicious users asks it here on the forum so that someone can help to investigate if it's a scammer fake account or the original one. This is just my own reference it can be possible but still your guide can help newbie if what is fake or original not all fake accounts can make the same stats as what I thought.

Another way to check if the profile is real or not , is that you can see the details of the users. Normally you will see zero coins, no merit and very less activity for the fake profiles and it will most probably be a Newbie.

these tools are not reliable at all. they usually detect false positives and most importantly are incapable of detecting an elaborately designed malicious software. for example a couple of months ago the fake Electrum wallet that was stealing user's funds didn't have a "virus" in it!
the only reliable solution is if you are downloading reviewed software from an open source project and either compile it yourself from source code or if it is built deterministically and you only check its digital signature. if the project doesn't have these options then you must demand it.

virustotal is only checking URLs not the files on that link, if you look at the link you posted it is clear. in fact it has no option to directly download and check a file. you must download it yourself first then upload it to the website for checking.

Thank you very much, updated my thread and adding some information before download file and before invest. I will add some tips how to avoid scam thread (form bitcointalk member) on this thread later.

Additional with this, we can also use https://www.virustotal.com/gui/home/url for scanning some files online before downloading the file. It would be safer to do this before downloading, BUT we can still not guarantee if it's safe even there's no issue found while using the virus total.
Much better is avoid downloading such files from random users here or random suspicious websites.

A scammer is always looking for ways to get victims. For a beginner, they will be very easily fooled by an account or a similar website. Maybe what I write here is not new. Almost similar to what happened on the website, today I found an account using phishing techniques utilizing typo or by using similar characters.

Take a look at the account below:
Username 1. scryptenthuslast <- FAKE PROFILE
Username 2. scryptenthusiast - REAL PROFILE

If you don't pay attention to the two usernames above, then you won't really notice the difference. However, if you have checked both, the result will be like this:

Username 1. scryptenthuslast = using "l (L)" on enthusiast word. When you are converting to uppercase here the results - SCRYPTENTHUSLAST

Username 2. scryptenthusiast = Real username using "i (I)" not slast but siast. When you are converting to uppercase the results is SCRYPTENTHUSIAST.

In this case, Fake account (username 1) gives "fake wallet download" on his thread. If you are using his wallet, of course, if your computer not infected by a virus, your asset will be gone because the scammer can store your private key. (case reported here)

This case is very similar with domain phishing, and this technique also used by scammers on Telegram. So be careful if someone creates a new thread. Double check their username, if on his thread included CMC information, visit CMC or Coingecko website, then check the official ANN thread on their pages.

Here is to find original/real information about project from Coingecko.


Here is to find original/real information about project from Coinmarketcap

---

An advanced guide has been created by Lafu, to save a beginner or anyone from downloading files / wallets that contain viruses.
You can read the full thread here
   
Guide and advice for new Users before you Download anything from the Forum !

---

What do you need before downloading file:

• Using software to isolate your primary system, such as using Sandboxie or similar software
• Checking virus with online scanner such as Virustotal or Virusdesk Kaspersky - thanks to GreatArkansas
  these tools are not reliable at all. they usually detect false positives and most importantly are incapable of detecting an elaborately designed malicious software. for example a couple of months ago the fake Electrum wallet that was stealing user's funds didn't have a "virus" in it!
  the only reliable solution is if you are downloading reviewed software from an open source project and either compile it yourself from source code or if it is built deterministically and you only check its digital signature. if the project doesn't have these options then you must demand it. - by pooya87 on #4 post reply
• Check github account from user
• Check anchor/hyper link before clicking it (hover it or right click and copy link address)
• If he/she using shortened link, add plus (+) in the end of link. example https://bit.ly/TrustByLoyceV edit to https://bit.ly/TrustByLoyceV+

What do you need before invest:

• Check their white paper, domain name, team member
• Check related information on Scam Accusation board
• Guidelines, how to spot a scam ICO & report effectively. - by Coolcryptovator
• [Guide] Prevent scam!!! Some useful tools for find scam / fake ICO team - by Coolcryptovator
• [Guide] Identify scam projects by hidden premined coin indicator via explorer - by tranthidung
• Never trust high rate ROI for your investment within a day

How to report?

• You can use report to moderator feature
• You can create Scam Accusation thread
• If it contains any viruses, you can report to Lafu's thread here