The blockchain realm is plagued with those looking to cash in on greed and naivety. What follows are descriptions of predominant crypto scams on three platforms used often in cryptocurrency — along with steps you can take to guard yourself against them.

As a general rule of thumb, common sense and the “if it seems too good to be true, it probably is” approach are good foundations to avoid being victimized by these methodologies. For the purposes of this particular blog post, let’s focus on impersonation scams.

Impersonation Scams:

If you’ve been in any ICO’s Telegram, you’ve likely seen or received a message like this:

These scammers typically impersonate:

Project team members on Telegram and Discord: Scammers will often make a generic project-based account on Telegram (and less frequently, Discord). Even more often, will make an account mimicking a team member. Typically, these accounts will utilize the same photo of the real team member’s account, and the username will typically be extremely close. As an example, if one were to attempt to impersonate me (@richxs), they would download my photo and possibly make their username ‘rIchxs’ — at first glance, seems legit. Other times, the scammers will not utilize a username. So how do you stay safe? There are numerous ways. Search the group for the user — the legitimate team member will likely be listed as an Admin. Some projects have taken the smart initiative to include legitimate usernames for team members in their pinned posts, or will firmly state that team members will never DM you with special deals or wallet addresses, and/or that the only way to contribute to the ICO is via their website. Let common sense prevail — especially if you’re a random person, why would the CEO of the ICO message you in particular with a special offer? An interesting observation to cap this one off with: I’ve busted over 80 of these types and 74 of them were Nigerians; this has become the new ‘419 scam’ of choice. You can take the following steps against this:

File a law enforcement report (how-to listed below). Report spam / block the account(s) in question. Head to NPF’s website and contact them.

An example of an effective countermeasure against scammers. Unfortunately, many would-be ICO investors don’t read the pinned message, so this is only one of several necessary approaches to combat the risk of scammers.

Crypto influencers on Telegram: Typically well-known YouTubers, these impersonation accounts will most frequently message members of the project team offering their ‘services.’ These scammers will typically join an ICO’s Telegram and ask for the ‘marketing manager’ or a team member to DM them, if not pasting a canned message offering their ‘services’ outright. These services are often something like a YouTube video (to an attractively large subscriber base) — in exchange for a fee, most often in Ethereum. While working as a marketing and community manager, I had nearly 60 ‘Ian Balina’ accounts offer me their services. So how do you combat it? Well, you can presume Ian Balina probably isn’t going to join your Telegram and offer to shill your project — it’s often amusing to waste time of these scammers and ask them questions about your project. However, to get to the point of combating it, many influencers will list their official contact channels on their YouTube pages. If the (alleged) influencer isn’t able to message you from one of these accounts, mystery solved.

Impersonation scams carry over to Twitter as well. This particular scammer was pretty lazy, stealing CZ’s photo, but utilizing a username not even remotely close. If the common sense approach reiterated numerous times in this article doesn’t sink in, remember to check usernames.

Impersonation scams on Twitter: “If it sounds too good to be true, it probably is.” Someone offering to 5–10X your ETH (or any other asset) — especially if that is a person of notariety — simply isn’t going to happen in real life. Giveaways are another popular method to dupe victims — they likely aren’t real giveaways, especially if there is some level of money you need to send to enter. Especially noteworthy: don’t click links from accounts you haven’t verified, as they are likely ridden with nastiness or they’re simply impersonation sites (such as fake exchanges or ICO sites, to dupe you into losing money). Don’t be lazy and presume a verified account is safe: verified accounts can be purchased, stolen, or otherwise fraudulently obtained. A future article relevant to phishing links may be in the works.

Only in crypto would it be necessary to have a shockingly large number of noteworthy individuals add “Not giving away ETH” to their middle names.

Investors: Less frequently impersonated, this is still an honorable mention: scammers may impersonate venture capitalists or other individuals with large sums of money with exclusive deals from projects. Verifying their deals with the ICO themselves is an option, as is verifying the company the ‘investor’ claims to be with — as a general rule of thumb, don’t trust your money with anyone that is anonymous or can’t verify they are who they say they are. A future article on pool scams may be in the works.

Fight back:

Had enough? Join the fight.

If you have the time and want to engage in some scambaiting, or better yet, report these scammers to law enforcement, here’s how:

Report: Reporting on Twitter and Discord is fairly straightforward. While the latter has a lackluster track record of caring about handling the impersonation scams, Discord is pretty responsive. Click ‘Report Spam.’ After a few incidents of this, the scammer will be unable to message new people, protecting would-be victims. If you notice a scammer account on Telegram or Discord, definitely notify not only the social media itself, but also the real team members of the project. That way, multiple parties can take action.

Reporting on Twitter and Discord is fairly straightforward. While the latter has a lackluster track record of caring about handling the impersonation scams, Discord is pretty responsive. Click ‘Report Spam.’ After a few incidents of this, the scammer will be unable to message new people, protecting would-be victims. If you notice a scammer account on Telegram or Discord, definitely notify not only the social media itself, but also the real team members of the project. That way, multiple parties can take action. Counterscam : Feign interest and naivety. Eventually, the scammer will send you a wallet address. Check out the wallet address on Etherscan and definitely comment on the address that it is a scammer’s address. Typically, these addresses will be fresh wallets. However, if you notice past transaction history, be certain to comment on the wallet to alert others. Either way, save this wallet address.

: Feign interest and naivety. Eventually, the scammer will send you a wallet address. Check out the wallet address on Etherscan and definitely comment on the address that it is a scammer’s address. Typically, these addresses will be fresh wallets. However, if you notice past transaction history, be certain to comment on the wallet to alert others. Either way, save this wallet address. Lay the bait : Pretend you’re going to send a transaction. You just need a few minutes to “get some coins off an exchange” as an excuse. Head to Grabify and create a link with a URL of choice (it’s advisable to make the link look like you’re linking them to an image, or a TX link. (This video about how to legitimately 5x your ETH often works well.) Next, send them the modified link. The scammer will click the link, probably curse you out, and you’ll have their IP and device info. You may be surprised how few scammers use VPNs, and those that do apparently often haven’t heard of subpoenas.

: Pretend you’re going to send a transaction. You just need a few minutes to “get some coins off an exchange” as an excuse. Head to Grabify and create a link with a URL of choice (it’s advisable to make the link look like you’re linking them to an image, or a TX link. (This video about how to legitimately 5x your ETH often works well.) Next, send them the modified link. The scammer will click the link, probably curse you out, and you’ll have their IP and device info. You may be surprised how few scammers use VPNs, and those that do apparently often haven’t heard of subpoenas. Tell the hunters: Depending on your residence, file a report with pertinent law enforcement. As an example, if you’re a US Citizen, file an IC3 report. Include your full chatlog (do law enforcement a favor: download SnagIt and take a panoramic scrolling capture of the full log rather than upload numerous screenshots), their username if applicable, their wallet address, and, of course, the IP/device info you just captured.

Hook, bait, switch.

Stay frosty out there, folks.