PSA: How to Avoid MyEtherWallet (And Other) Phishing Scams

Screen Shot 2017-08-25 at 8_Fotor.jpg

I thought it’s about time that I put out a friendly reminder of the safe practices you should observe whenever you are dealing with anything in the wild west of crypto currency.

So today I’m focusing on phishing attacks and how you can do your best to avoid them:

The schemers these days are smart, and they know how to get your attention.

They know you value your crypto and they know this can often times blind people to what they should be paying attention to.

So, if for example, you choose to use google as a means to find websites of crypto gateways, this could be for exchanges or the specific coin’s website...

Always triple check that the domain name is spelled correctly.

Myetherwallet has been used as a target for phishing attempts many times because of all of the increased traffic of people using it to participate in the ICOs that are taking place with the Ethereum Network.
So, very conveniently, if you google myetherwallet, you may very well be given a fake “myetherwallet” website listed as the top choice.
It may be spelled with two ‘v’s’ for wallet, or other subtle misspellings that are easily overlooked if you aren’t careful.

They also do a fantastic job of replicating the real website, so the hint is in the domain name.

The same can be said for any other high volume website that a scammer would like to take advantage of.

If you know how to type in the real website, it’s a lot safer and smarter to do so.

FYI: The official website for MyEtherWallet is "www.myetherwallet.com"

These same scammers are also known for making accounts in different slack channels.

They will have an official sounding account name and they will send you a private message warning you of some sort of major change that’s happened and you need to update your information, or move your coins, or anything else they can think of that will scare you into doing something stupid clicking on the link that they give you and giving out your private information or sending your coins directly to them.

If you ever find yourself in this situation, address the issue in one of the public forums and ask if it is a legitimate claim.

They have tried to get me a couple times, but luckily I recognized it for what it was before I made any moves.

It’s also worth noting that if you have two-factor authentication set up for your accounts, it is far less likely that they would be able to cash in on your mistake.

If you think you have been a victim of a phishing attempt here are the recommended steps to take:

  • Report this to google, if you click on a link that was provided to you by using their search engine.
  • Report this to the admins of the slack channel if you were contacted by the malicious account on a slack channel.
  • Report this to myetherwallet, or which ever official site that was imitated by the scam.

The information you should provide includes:

  • Url used by the scam
  • The Public ethereum (or whichever crypto that was stolen) address, transaction hashes
  • How you got the malicious link- (Google search, slack channel, Reddit)
  • Screenshots of the message sent by the scammer
  • Screenshots of the transactions that the scammer took funds from your account
  • The links to these transactions from etherscan.io

If you were a victim of a fake myetherwallet link, email this information to [email protected]

You can also help take steps to remove this website scam by following the directions provided in the link I’ve put down in the description of this video.

Hopefully you have successfully avoided these scams and continue to do so in the future, if you found this video to be helpful please give it a like and share this with others so they can also avoid being a victim of a scam. If you’re new to this account, don’t forget to follow me to get your weekly fix of all things crypto!

Additional Reading/Sources:

What to Do If You Clicked on the Fateful Link
How to Help get Malicious Websites Taken Down
A good reminder from the MyEtherWallet Twitter account

Sort:  

One has to be very careful these days. As it seems with the growing number of new users entering the cryptocurrency world, more and more scams are surfacing to prey on the uninformed. If it sounds to good to be true, it's probably a scam so just walk away. Thanks for this wonderful article @heiditravels and have a wonderful day.

#circleoffriends

A phishing scam a day keeps financial success away.


http://www.FlippyCoin.com is the #1 Cryptocurrency Exchange!

thank for share, upvoted

This post received a 2% upvote from @randowhale thanks to @arobert! For more information, click here!

You can also protect yourself against those scams with this awesome extension: https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn . It will warn you as soon as you are going to a scam myetherwallet website.

I've find one of the most effective ways to avoid phishing attempts is to use a password manager like 1Password. If the domain doesn't exactly line up with what was saved in your password manager then it won't input your password.

I've found a handful of phishing sites lately related to ICOs. They are getting tricky for sure. Each time I reported them to Google. Thanks for spreading the word on that.

That's another good way to screen websites. I've been on the fence about using a password manager... something about having all of my passwords on one place doesn't sit well with me. How long have you been using 1Password?

For many, many years. Since some of the earliest versions, I think.. We require all our team members to use a password manager. It's very strong encryption, fully encrypted at rest. You can only access the passwords when you decrypt it with your one password. Also, via Dropbox, the encrypted password file is always backed up and accessible from anywhere if your computer was to fail. With FoxyCart (my company), computer security is a really big deal because of PCI compliance requirements. In my opinion, a password manager is essential. It prevents password reuse and ensures very strong passwords.

Sure, that's a great way but I won't rely on external service to maintain my passwords. You never know what's happening in the background. That's a risk.
At least for MyEtherWallet using hardware wallets like Trezor etc. which have already integrated with the site could help in all ways. Hardware wallet is the way to go to keep ourselves safe from such scams. At least for cryptos we are safe from phishing if we start using these wallets for transactions.

That's one of the reasons I prefer 1Password over LastPass. It's not an external service. It runs completely on your local device and only the encrypted password file is synced with dropbox (if you configure it that way, which I recommend you do).

And yes, I use my Ledger Nano S with MEW. It's quite nice. I held off on getting a hardware wallet for a long time (mostly used paper wallets), but now that I have one, I really like it.

Great suggestion. Thanks for that information. I will research more on LastPass and if it suites I will start using it as well.
Yes I did the same with paper wallets. Used my old smartphone as a QRcode reader which I kept offline always to read PK from paper wallets. Then create a file and transfer it to my PC for making a transaction.
I recently started using Trezor for online transactions if at all I have to do any. Make me feel safe and secure. I want a backup Hardware wallet but at least Trezor doesn't support importing the private keys (may be for security reasons). Does Ledger Nano S support importing of external private keys by any chance?

No, I was disappointed to find out that it did not. It just has the full backup recovery words and that's it. When I wanted to get my BCC/BCH off my paper wallets, I ended up using Electrum and Electron Cash and while moving stuff to my Ledger.

ICOs don't really have the money to go around and buy all the similar domain names. Never realized password managers would be able to differentiate between URLs that you saved the password for. Is 1Password the best choice for password managers?

I'm not sure there's a best choice among so many different options, but I will say 1Password has been great for me, and I highly recommend it.

I am so scared of this happening to me, thank you for these great tips on avoiding this nightmare.

Start using hardware wallets like Trezor or KeepKey for making any transactions. It will keep your investment safe. Cheers!!!

Thanks for sharing...

Very informative post! I'm not the biggest Ether fan but this is great advice and informational for new users! Upvoted indeed

Nice information and awareness.

The way we all in crypto space are careful about our private keys; similarly we should be careful about the domain names after clicking on any links from any channel or medium. Phishing is all related to links (HTML hyperlinks) where the Text is completely different to the actual link.
Also many anti-virus have phishing enabling feature which automatically detects and blocks fake websites.

Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar. Often a phishing website will look identical to the original - look at the address bar to make sure that this is the case.

Also if you have hardware wallets which do integrate with MyEtherWallet then you need not worry as it may take care of your security issues.


Great info @heiditravels, keep spreading the awareness. Cheers!!!

I have to shamefully admit that I had an unfortunate experience with a fishing scam. Never knew if it was from a Google search or from following an e-mail link. Fortunately, I had an insurance with my bank at the time. With private crypto accounts, we don't have this kind of protection so the more the reason to pay attention to what we do online.

One thing that I now do to avoid clicking toward imitating sites, is that I bookmark the web sites on my browser so that I can always go through a URL​ that I have verified​ to be legitimate only once (and for all).

We do have protection for this website or for making crypto transactions and that is to use a HARDWARE wallet. We all in this space should use Hardware wallets to reduce the certainty of being robbed or hacked or scammed while being online.
There are many good and well established hardware wallets out there; like Trezor, KeepKey etc. Do your research and save yourself from any mishap. Cheers!!!

Hi Heidi, Love your content! Very well researched, articulate and eloquent! Would love to hear your thoughts and insights on this: https://steemit.com/coinbase/@bestversionofyou/coinbase-s-next-extensive-list-of-coins-predictions