Artist Security Guide — How to identify and avoid scams
With NFTs becoming popular over the past year, so has scams targeted at NFT buyers and creators. Here are some common scams involving NFTs you should be aware of and how you can avoid falling victim.
Most common NFT Scams
1. Direct messages on Discord
Being scammed on Discord or other social apps like Telegram involves receiving direct messages (DMs) from unknown (or seemingly known) people who try to dupe you into believing that you are being contacted by a brand, artist, or influencer. Eventually, they will ask for your private key or password, or ask you to click a link.
Most of these scammers will find you through the Discord communities you are a part of. The larger the Discord community, the higher the chances of receiving scam messages. Thus, you should be wary of clicking on ANY link sent by strangers or answering any requests for money. To stay safe, adopt the principle that "if it sounds too good to be true, then it's most likely a scam".
Last year, Metamask customers were alerted to a phishing scam that asked for the 12-word seed phrase of customers. It all transpired when a MetaMask e-mail scam had asked wallet owners to verify crypto wallets to comply with updated regulations. Additionally, the spam e-mails mentioned that users’ accounts would be restricted in case the required action is incomplete.
This is a textbook phishing scam. The idea is that the scammers send you an email that seems legitimate (as if sent by the brand/company), asking you to click a link and sign a transaction. Sometimes all you need to do is click the link and all your assets will be stolen.
E-mail scams are not the only case. Recently, Metamask customers faced a phishing hack via Google ads. Upon clicking the links in the ads and signing transactions (in some cases), the victims found their MetaMask wallets empty because the assets had been stolen and transferred to the defrauder’s account.
Rug Pull Scams
Like pump-and-dump scams (where influencers and project teams collude to pump their token price through aggressive marketing only to sell off all their tokens and make huge profits while reducing the token price to 0), Rug Pull Scammers will hype up a project, solicit investment, and, without notice, abandon it. This usually happens once they believe they have ‘drained the investors’ to the full, withdrawing all funds from an NFT wallet and deleting their profiles from marketplaces and social media.
One of the most famous cases dates back to “Squid Game” and the cryptocurrency inspired by the TV show Squid. This token went up in value to $2,800 within just a few weeks when, suddenly, it vanished. All its social media accounts and its website disappeared with no trace. The scammers, meanwhile, are believed to have stolen $3.3 million.
Fake NFT Stores
Scammers often replicate popular NFT marketplaces to create fake NFT stores. These sites can look almost identical to the originals and can trick even an experienced NFT buyer into spending large amounts of money on a fake artwork that is, in reality, worth nothing. In some cases, the fake NFT store will even use the brand’s logos and images. Even the website URL will look similar, but it won’t be the same. Always check the site URL before performing business on any site or providing login details. As mentioned above, most scammers will use a fake URL to get people’s sensitive information. Only provide your login details on platforms you know and trust. The best way to ensure this is to always bookmark sites you interact with. This way, you can always trust your bookmarked sites.
Another good solution is to have a pop-up blocker installed on your browser. This will prevent you from accidentally interacting with any pop-ups on NFT scam sites.
Social Media Impersonation
Fake offers and giveaways are a great way to pique users’ interest (not just) on social media. Surprisingly, they may even come from well-established user accounts. However, scammers often copy popular NFT accounts, creating fake pages that closely resemble the originals.
Sometimes, real accounts will be hijacked by scammers to promote fraudulent schemes. Once users try to access the fake offer, they are requested to insert their passwords or personal information, giving away their details and getting nothing in return.
Bidding scams typically occur in the secondary market when you try to resell your NFT to the highest bidder. Once you list your NFT and an interested buyer places the highest bid, scammers may switch the cryptocurrency used without telling you.
You can avoid this scam by checking the transactional currency before you sign any transactions.
Pump & Dump (P&D)
They often happen in Telegram or Discord groups where several thousand people buy a specific shitcoin (a crypto token without a value or future) simultaneously to inflate its value artificially. This value increase is called the pump, while selling this now expensive token to naive bystanders is the dump phase.
How often the pumps happen depends on the group. Some pump several times per day, and others pump once per week or once per month even.
Learn more about P&D!
Tips for how to stay safe
- Never share your private key or seed phrase with anyone.
- Use strong and unique passwords along with multi-factor authentication whenever it’s available.
- Always check that the DM you’ve received is legitimate.
- Review the transaction history of NFTs. Be wary of NFTs with transactions on one day.
- Never click a link that promises freebies or requires you to answer quickly. And if you’re tempted to do so, check first the origin of the link. This applies even more on Discord.
- Watch the bids. Before accepting any bid, be sure to double-check the currency. Don't accept anything lower than expected.
- Use reputable NFT exchange markets. Don't believe offers that sound too good to be true.
You can reach out to her, Katarina, on Twitter or Telegram.(Katarina_Mihalj)