Topic: Learn from my experience how to protect yourself from crypto scam - page 2. (Read 266 times)

Some guides to avoid scam on Discord.

Common scams and what to look out for
Enable Developer Mode and detect Impersonators in Discord through User IDs
How To Login With Discord Token
Can tokens bypass 2FA and SMS auth, and if they can, how do I defend myself against hacking?

Always keep calm.

Whenever you are overwhelmed with messages whether you're a moderator or just someone who casually browse on the web and checks your email.

You'll usually get those unsolicited and random emails, you'll read some interesting titles/headers of the email saying that you've won this or they're giving you crypto freely.

Don't believe with anything that you don't even know you'll receive or remember if you joined an airdrop or not. But the best is to ignore and avoid them, don't interact with any of them.

Browser hijacking is the worst thing that can happen with a person. It's not just a peace of software. Every sites we visit, everything we do online, every login details, our bank credentials, our accounts, everything is connected and saved in our browser. Our life's works are stored in a browser.

DVlog you did the right thing not to rush anything. A lot of people are victim to this kind of attack. If you check telegram or any kind of dark web related website, you'll see hackers selling browser logs. Imagine if our wallets were compromised through this. All of our assets would have been lost.

I blanked the project name so that curious people don't try to join that projects discord and lose their discord ID though the project name is visible in the OpenSea listing page.


Here you will get the download link of VirtualBox and documentation about how you can use it. I am pretty sure there are many tutorial in youtube how you can setup and run that application as well.


They were in a hurry so that i can't carefully examine the phishing link they want me to use so that they can get the details of my discord account. They wanted to inject a script in my browser so that they will be able to receive all the data i will use in the future or something like that.[/list]

I don't know why you blanked the project's name. Could it be that there's a genuine project by that name or it's just a random name? Anyway, not as if blanking the name prevents anything for those who are keen on finding out what project that was with their search tools.

This is the first time I heard of this and the wonder you said it did. Could you be gracious enough to share a link to this particular stuff if it has an app and how to use it, if it's a complex stuff.

As a rule of thumb, once anyone pushes you to be hasty in taking a financial decision know it's a scam about to go down. I tend to slow down more once anyone does this with me. I want to find out why they're in a hurry.

[/list]

Bitcoin is regulated by its protocols on the blockchain and cannot be altered, anything can change with altcoins because their stakeholders can decided to implement any changes to the entire network.


There are many tricks that they use and they also often developed more new ones to ensure that they attack their targeted victims, if we are well aware of some of these means, we will be able to discern one whenever they come across our way and we won't fall for them, if we don't allow them in, they can't have access to us except we appear being vulnerable, their most targets are newbies, that's why a newbie must learn before they start their journey.

If you are a community moderator by profession then you will understand the purpose of my post. All these phishing attempts have been used mostly for community moderators. A stranger can be a scammer or he can be a legit user you can not say that without having a conversation. And it is not uncommon to get a job offer from another project if you are doing a moderation job in a project and scammers are using it to target moderators in different discord servers. If you are a moderator you can not ignore messages in your DM as you are responsible for community support as well.

The purpose was to give an introduction to the community about the new phishing methods scammers are using these days and how they can protect their account and their server from being compromised.

I took a lot of time to read through this topic, in the 4 stories you told here they are quite very usually or most times we have witnessed same actions from scammers. But there is no clear message in any of the story i didn't find any underlying message from the stories. Your express of getting into scam is a clear intention of knowing what the scammer what to say. Here we have been caution regularly that when you get first message from unknown source it is usually a scam activity any one who choose to keep the conversation is either wanting the scam or is too greed to push him or herself to scam.

Once you get compromised in any of you social media handle the most advanced technics to stop your identity from being used for scam is to create another account and report the ongoing action.
When an individual offer you a deal that is worth an amount that is beyond reasonable doubt you should know it's all scam. Like how can I offer you a $200 profit in a minute or an hour, the first question you need to ask yourself is why didn't I do it and get the profit myself. So you see scams are easy to dictate. When it comes to installation google verification is required. Where you are ask to download an app that is not verified you should know is a scam.

Crypto is an unregulated space that's why crypto users became obvious targets of scammers. We have seen different methods used by these scammers repeatedly to scam people who were not careful enough. When a method became popular and commonly known by the community they came up with new ideas of scams. I want to share with the community some new phishing attempts and how a user can protect themselves from it.

By profession, i am a community moderator and a social media security expert. I am working on a few projects and i am responsible for the security of those project’s telegram and discord servers. Till now there have been countless phishing attempts to take control of my social media account. Most of them were using the same methods but some of them are unique and different from one another so they need to be shared individually.

• Story 1: I got a message in my inbox and as a community moderator i start taking the initiative to respond to that user's message. He offered me a job right away and wanted to know if I had any interest or not. I already suspect a possible scam attempts but I still wanted to see how he would try to convince me to fall for his scam. He shared the project details with me and for being a NFT project he shared its OpenSea URL so that he could convince me it was a legit project. You can see from the screen shot below that this NFT project has a nice fake volume. At the end of the talking i told him that I was interested and how we could start working. He told me to join their discord server first so that we could proceed with our negotiation. So i went to their discord server to see if they had one. When i tried to verify my account through dyno bot it redirected me to a phishing UI of discord you can see from the screenshot below. A new user would think he needs to log into his Discord account to get access to that server but the URL in the address bar shows us this is a phishing URL that has been placed very carefully through a popular discord bot.

• Story 2: One day i got a message in my telegram account with a job offer. A guy told me that they are a team of P2E game developers and that they are looking for game testers for their upcoming game. When i asked him how he found me he gave me a reference to one of my telegram friends whom I had known for a long time. He said that he and my friend had worked on several projects before. So started to contact my friend to verify this claim In the meantime i start talking about the job he offered me. I was convinced that this guy is legit as there is no way he knows about my friend if my friend won’t tell him about me. So I kept the negotiation ongoing and at the end that guy told me to install the game they developed and start playing so that they could collect my review of the game. I downloaded that file and installed it in my virtual box as a precaution, though I wasn’t aware that this file contained malware. My precaution saved me that day and I am still waiting for my friends responses about those guys! I guess my friend's telegram got hacked and that scammer found my contact information from there.

• Story 3: One of the similar stories starts with story number 1. I am going to tell only the part that doesn’t match with story no 1. I have shared this story before with a topic you can read that topic as well. [Scammers are getting innovative.] After getting interested in their job they told me that they wanted to take an interview with me so I agreed to that and they have created a group with their so called CEO to start making a call. They start a voice call so that their identity won’t be revealed. After the interview and all the negotiations about the salary and work they told me I needed to fill out a form with all the details so that they could put that into their employee documents. When I tried to fill out the form and click submit it said there was some problem with my brower and I needed to drag that link to the bookmark bar to submit the form. There were clear instructions with images too. When i tried to drag that i have noticed there was something written in JavaScript, so i tried to figure out what it could be. In the meantime those scammers were pushing me to submit the link quickly which i didn’t. Sometimes i figured out that it was a phishing link.

• Story 4: A few days ago, in one of my communities, I saw some unusual conversations between two accounts. Those conversations weren’t like regular ones, so it turned red in my mind. After a long conversation where they were talking about the football championship suddenly they started talking about a crypto project event where one guy claimed to get $200 worth of tokens. So the other guy asked for the event URL and he shared a website where he could get that token. That was a scam site and as soon as the victim connects his wallet scammers will drain all the funds from that wallet.

1.If you are using social media like telegram and discord then always use 2FA features to add extra security to your account.

2. If you are an admin in any discord community then from your server safety setup permission turn on “ Require 2FA for moderator action”. This feature will not let your community moderator do any moderation action if their 2FA option is not activated. This is extremely helpful to protect your community in case one of your community mods account is compromised.


3. Keep your server security bot above your community moderator role so that those bot can keep track of moderator behavior and take action against any fishy action.

4. Always use a virtual box in case you need to install any application or open any URL.

5. Don’t rush for any offer or anything. Be calm and cross-check everything no matter how legit something seems to you.