Staying Safe on web3
A Guide by Crypto Witch Club
If you’re a Crypto Witch navigating the world of web3 — we get that it’s not always easy! You’re learning new ways of collaborating, experiencing digital ownership for the first time, and navigating new projects, roadmaps, and online voices … which means, by default, you’re also experiencing a LOT of fake accounts. From bot DMs to emails in your inbox that look like they might be from your NFT marketplace (but also look really suspicious), we’re breaking down how to stay safe in web3 below! (You’re welcome!)
“I keep getting crypto-related DMs and can’t tell if it’s a scam account or real? HALP!”
Just like early internet — the crypto world is rife with bots, fake projects, and scam accounts posing as crypto voices and projects in the space. (Thanks to all who have been reporting the fake IG accounts targeting our followers!) Here are some tips to make sure you don’t fall victim to fake accounts and untrustworthy projects. 👉
PHISING SCAMS
A phishing scam is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware. (Thanks Wikipedia!)
This is the #1 way we see people lose access to their accounts or get hacked online. Scammers target web3 projects + voices and create fake social media profiles, websites, and email campaigns that — at first glance — appear as if they are from a legit source or project. If an email, DM, or Discord message looks suspicious, do not click on any links in the message. To be safe, we also recommend setting your Discord to private.
Takeaway?
Scammers may try to contact you via DM, email, or text messages, pretending to be an exchange, project, or (often) customer support. Be wary when handling emails that appear that they are from a crypto-related project you are involved in (or not). Never share your seed phrase, logins, passwords, or other sensitive materials. Customer support and account admins will never contact you for this.
SOCIAL MEDIA ACCOUNTS
If you are unsure if the account is real or not — reach out to the influencer or company on their website or through another channel.
Don’t click to the website or link in bio on the social media profile you suspect may be fraudulent! Go to the direct url instead or check a marketplace to confirm. Some tell-tale signs of an ‘imposter social media account’:
The handle is slightly misspelled, i.e.: cryptowiitchclub, or cryptowitchhclub
The name is bio or profile may look correct, but it’s important to look at the handle. (“@”) closely
There are no tagged photos or low engagement / bot engagement — because the followers are bought and not authentic
Highlights on IG may only feature the top post and be otherwise empty
They DM you first with a generic line. “How is your trade going?” is common
Takeaway?
Sometimes, the imposter accounts will send friend / follow requests to followers of the original account, making some think that they are engaging with the real account they are currently following. (Tricky, right?)
If you’re not following a similar account, search social media to see if there is another account with a similar name is being copied or mimicked — often, this is how you will find the real account.
Never send your crypto to another person’s wallet address that you do not know. You will not be able to recover this. Most crypto influencers will NEVER DM you first. Those that do should never ask you for your password, seed phrases, logins, or ask you to send your crypto to their wallet.
CRYPTO PROJECTS
Look for the team behind the project. Make sure to review the whitepaper to understand what the utility is. If the coin or token is currently available to trade — check current volume, price history, social media sentiments, and news. Be cautious with ICOs, as these can be high speculative and it’s easy to be duped by a project that may never even be built. Remember that PR, influencer campaigns, and marketing dollars do not equal a genuine project. Be on the lookout for hastily put together websites, social media, or whitepapers. Typos and sloppy, unclear objectives are major red flag.
Takeaway?
Again, exercise extra caution that you are on the correct website — many people have lost their accounts or been hacked after giving sensitive information to a website simply posing as a project and misdirecting people.
NFT PROJECTS
Founders and artist/s of NFT projects should (generally) be visible, vocal, and active on social media and within the Discord group (if applicable). If an artist or founder is not personally promoting a project they are involved with — this could be a red flag. If the project has not been released yet and it is an upcoming launch, see what the NFT community is saying about the project pre-launch.
Takeaway?
Don’t base decisions of influencers, DMs (often bots), or targeted digital ads on social or otherwise, as these can be misleading.
This is certainly not an all-inclusive list of ways to stay safe in web3. Have you experienced any of these tactics from imposter accounts or faux projects? Let us know in the comments and follow us on Twitter for more on how to stay safe in web3.