Difference between revisions of "Direct message scams"

From DefiLlama
Jump to navigation Jump to search
m (linked a word)
(added token launch scam group)
Line 11: Line 11:
|'''NFT Giveaway'''
|'''NFT Giveaway'''
|Victim receives a message with an invite to a fake server of a popular NFT collection promising a giveaway
|Victim receives a message with an invite to a fake server of a popular NFT collection promising a giveaway
|-
|'''NFT/Crypto token launch'''
|Victim receives a message from a scammer pretending to be an official notification of a NFT/Crypto protocol, informing about a NFT/token launch. Message usually contains a link to a fake website, where victim is encouraged to buy a fake NFT or a token
|-
|-
|'''Celebrity impersonation'''
|'''Celebrity impersonation'''

Revision as of 11:55, 29 April 2022

Direct message (DM) scam, one of the most common types of crypto scams, where attacker tries to socially engineer a victim to send them funds, extract information like wallet seed phrase/private key or install malware. Common on any social network or messaging platform, but mostly affected is Discord at the time of writing.

Types of direct message scams

Name Description
Crypto Giveaway/Lottery Victim receives a message about a win in a crypto lottery or a giveaway but in order to receive it they have to pay or send a small amount of crypto to a scammer first
NFT Giveaway Victim receives a message with an invite to a fake server of a popular NFT collection promising a giveaway
NFT/Crypto token launch Victim receives a message from a scammer pretending to be an official notification of a NFT/Crypto protocol, informing about a NFT/token launch. Message usually contains a link to a fake website, where victim is encouraged to buy a fake NFT or a token
Celebrity impersonation Scammer pretends to be an influencer or someone from the staff of the crypto protocol using same name and picture as a real person and asks for help to transfer funds to an exchange or something similar
Support impersonation User of the protocol comes to a group chat/discord server asking for some technical help. Scammer is monitoring the chat and DMs the victim offering to help. In most cases asks to provide a seed phrase, a private key or to asks a user to share a screen leading to exposure of the private keys
Protocol upgrade Victim receives a message about a protocol upgrade from a scammer pretending to be a notifications bot, who then directs the victim to install some kind of malware
A "friendly" person Scammer is pretending to be friendly asking questions about crypto or NFTs but then drops a link to some website which either asks user to input their private key or asks to sign a message with their wallet which then results in a drain of funds

Mitigation

Most of DM scams heavily rely on social engineering, so are easily avoidable with a bit of common sense. If something looks sketchy it is a scam. There are no lotteries and no giveaways in crypto that would be announced by a direct message.

Nobody who is legit under no circumstances would ever ask you to provide a private key, seed phrase or any kind of personal info ever. Never share your screen with anyone you don't know.

Never sign anything with your wallet where you are not sure what it is.