How do I detect online scams and avoid them ?
Phishing
A phishing scam is a fraudulent method of impersonating famous people or pretending to be from reputable companies to convince people to reveal personal information. They typically send fake emails, create fake websites, and make sham social posts to get your 24-word secret backup phrases, private keys, or other personal information to steal your money.
Spoofing
Spoofing is when a malicious website is disguised as a known, trusted platform. Spoofed websites might look nearly identical to an official website, but if you look closely, you will spot minor differences. For instance, scammers will use a domain address that looks very closely related to the real site. They might change one letter of the company name or use different domain extensions such as .biz .info, etc.
Spoofed websites are successful as many scammers purchase advertising space on search engines. This allows their advertising links to appear higher in the search results, which then causes people to think it’s legitimate. As such, try to avoid clicking on ad links when searching for a website.
Scam Tokens
Scammers create scam tokens in an effort to fool victims into believing they've been given tokens of value. There are a few precautions you can take to detect this:
To locate a contract address, click on the transaction ID from the Activity tab of your Torus Wallet. for any tokens you’ve received, and you'll be taken to that transaction on a block explorer. The token's contract address is displayed within the transaction's information:
Another quick way to determine a token's legitimacy is to search the token's contract address on a block explorer:
Block explorers provide information on a few key areas regarding tokens:
- Token reputation - indicated by a blue checkmark
- Holders & Total Transfers
- Code verification with Audit Report
- Contract Address
In this example, the scam token has:
- an unknown reputation
- a low number of holders and total transfers
- no audit done on the source code (even though the source code is a match)
- the contract address does not match what is listed on CoinMarketCap.
Although none of these checks automatically rule out a token's legitimacy, a token lacking all those criteria is suspect.
If you're still unsure if your token is legitimate, open a Support Ticket with us here.
Malicious wallets and Dapps
While Apple and Google Playstore are official platforms, sometimes fake and malicious apps get listed. When scammers get fake versions in official stores, they use screenshots and pictures from the real app, as well as fake reviews, to make their wallets look legitimate.
Things to avoid
- Don't allow others to help set up your wallet
- Don't share your wallet QR code with unknown people
- Don't allow anyone remote access to your device
- Torus Wallet does not offer support on Telegram or Discord. If someone on Telegram or Discord claims to be from Torus support, and offers to assist with an issue you are having with your wallet then it is a scam. If you need any assistance, only contact by clicking here
- Avoid interacting with individuals or groups who claim to have special expertise or resources that can help recover lost funds.
- Don't validate your wallet! If you are ever asked to enter your 24-word backup phrase or private keys into a form, or prove the wallet belongs to you, avoid it!
- Be careful when sending crypto using QR codes. If you're asked to send a small amount of crypto to verify your wallet address by scanning a QR code, avoid it!
- Don't import unknown secret recovery phrases or private keys!
- Scammers might pose as Torus Support and will sometimes contact users with spoofed emails or direct messages via Telegram/Discord with content to protect, verify your account or other urgent actions to be taken attempting to trick users to steal their funds. Our Support team will never reach out to you asking for any personal information and we are taking measures to block such scammers on our Telegram/Discord groups.
Fake Investment opportunities
Scammers often use sophisticated tactics to create a sense of urgency or to create the impression that the investment is legitimate.
Below are some of the signs of such fake schemes:
- Guaranteed high returns.
- Pressure to invest quickly.
- Unsolicited offers.
- Lack of transparency.
- Requiring upfront fees
- Fake Twitter and other Social media channels
Rugpulls and Airdrop scams
How it works
- A token is created
- The token is promoted, through airdrops, spamming through social media channels
- The price of the token is inflated, often in a coordinated manner between a number of parties
- Unwary investors buy due to the perception that the value is skyrocketing and they want to get in when the token is still relatively cheap
- When the value of the token reaches the target that the creators were aiming for, or whenever they decide to, the scammers liquidate their shares or swap for another cryptocurrency, perhaps dropping the value of the token to below what it had been when the unwary investors had bought
- The unwary investor has lost value, and is left with tokens worth next to nothing.
What to do?
Take the time to do your research. How long has the token been around? Search the block explorer, and see if you can figure out what the distribution of the token is like, and if the market has been fully diluted. Are there a handful of accounts holding a majority of the tokens? Is it being spoken about aggressively on chat platforms? Does the token have any true utility — or example, is it used in a video game? Or is it just a meme-inspired token?
How it works
- A wallet user , examining their wallet on a blockchain explorer, notices they've got some new tokens, probably even millions of a new token which they didn't pay for. This means they're the recipient of an airdrop!
- The wallet holder attempts a swap of the tokens , maybe for some ETH, and nothing seems to happen. The user goes to the block explorer, and sees a message like this one which cryptically indicates they need to go to a 3rd Party website
- Once on the 3rd Party site, a few things might happen:
- The user might be tricked (phished) into putting their Backup Recovery Phrase into the website, at which point the scammers have control over their entire wallet.
- You go to claim your tokens, and Torus Wallet pops up with a confirmation message. You confirm the transaction, but what you don't realize is that you're giving the page permission to take your tokens, rather than give you tokens.
NFT Airdrop Scams
If you notice suspicious items in the Collectibles tab of your wallet that you did not purchase, looking more like an ad than digital art, and informing you that you can claim your airdrop by clicking on the link to their website, do not proceed. This is an emerging scam method, and the website is most likely phishing for your Recovery Phrase. It's best not to interact with the NFT at all and just ignore it.
Updated on: 08/09/2023
Thank you!