How to Identify Scams and Prevent Phishing Attacks
As cryptocurrencies grow in popularity, scams have also evolved.From impersonating customer support to creating fake websites and phishing links, attackers are becoming more sophisticated.This guide provides practical and easy-to-understand methods to help you identify scams and protect your assets.
Scammers often pretend to be:
Exchange customer support
Project team members
Regulators or “security audit departments”
Airdrop administrators
Typical scam messages include:
“Your account has an issue and needs verification.”
“A large transfer is frozen. Please provide your verification code.”
“We can upgrade your account permissions for you.”
“Send me your seed phrase so I can help recover your funds.”
⚠️ No official representative will ever ask for your password, verification code, private key, or seed phrase.
Scammers create fake pages such as:
Fake exchange app download pages
Fake airdrop portals
Fake “Connect Wallet” pages
Fake announcement or event pages
Their goal is to trick users into:
Entering seed phrases
Signing malicious smart contracts
Authorizing unlimited token approvals
Common red flags:
Domains that look similar but slightly altered
Urgent prompts like “Authorize Now” or “Upgrade Immediately”
Requests to sign unknown permissions such as unlimited approvals
Scammers may DM you directly, claiming to:
Help with trading issues
Offer insider information
Invite you to “VIP profit groups”
Provide “guaranteed returns” investment schemes
Once you engage, they will find ways to drain your funds.
Examples include:
Fake MetaMask extensions
Fake exchange apps
Fake project tools
These can record private keys, passwords, and transfer your assets.
If someone asks for any of the following, it's a scam: ❌ Seed phrase ❌ Private key ❌ Verification code ❌ Wallet screenshots showing sensitive data100% of legitimate platforms will never request these.
A legitimate website must match the official domain exactly.Tips:
Check for HTTPS
Don’t click third-party links; only use official sources
Watch for fake domains such as:
yub1t.com (i → 1)
yubit-exchange.co (fake extension)
Scammers often copy profile pictures, bios, and names.Always access official channels through:
Official announcements
Links on the official website
Verified accounts
Links embedded inside the exchange app
Messages are almost always scams if the sender:
Contacts you privately
Urges you to act immediately
Promises high or guaranteed returns
Asks you to join unfamiliar groups
Sends shortened URLs (bit.ly, tinyurl, etc.)
Especially links sent via:
Direct messages
QR codes in group chats
Google search ads (which can contain fake listings)
Always access platforms through the official website or app.
Avoid blindly signing:
Unlimited approvals
Custom contract calls
“Max spending” permissions
Useful tools for checking approvals:
Revoke.cash
Etherscan Token Approval
DeBank Authorization Manager
Recommended setup:
A hot wallet for daily use
A cold wallet for long-term storage
Never connect your main asset wallet to unfamiliar websites.
Enable 2FA on exchanges, email accounts, and social media.Recommended:
Google Authenticator
Authy
⚠️ Avoid SMS verification — it is vulnerable to SIM-swap attacks.
Regularly update:
Mobile OS
Browser
Wallet extensions
Exchange apps
This prevents attackers from exploiting old vulnerabilities.
Do not authorize, transfer, or click anything else.
Use Revoke.cash to remove suspicious contract permissions.
Do not feel embarrassed — security is the priority, not blame.
- Golden Rules for Spotting Scams
🚫 Official staff will NEVER ask for your seed phrase 🚫 Never solve issues through private messages 🚫 Ignore “guaranteed returns” or secret profits 🚫 Don’t click unknown links 🚫 Don’t sign unknown contract permissions If you follow these five rules, you will avoid 95% of Web3 scams.
Last updated