Stop getting phished. Here’s how:

3 min readSep 21, 2017


Phishing is happening every day. Don’t be the next victim.

Who’s getting targeted (spoiler: it’s everyone)

What we are experiencing in the cryptospace is not new. Apple / Google Docs / Skype / Facebook / Paypal have all been used as lures for phishing attacks. You may get a purported charge email from Paypal. You may get a “Your Mom sent you a Google Doc” email. You click, you aren’t logged in, you enter your information, and suddenly you are charged for something or spam your entire contact list.

Gmail has done a tremendous job of warning you, automatically sending things to spam, and removing links for “dangerous” emails. One day, perhaps Slack and Reddit will do this too. But for now, you are in crypto and you are responsible for your security.

How Phishing Works (crypto-edition)

Phishing is typically done through email, ads, or by sites that look similar to sites you already use.

Phishing in crypto is via Slack DM’s, usually promising insane rewards or scaring you by telling you that there is an impending fork or MyEtherWallet has been hacked. We have also seen targeted Reddit DMs and Google Ads.

How to Protect Yourself

  • Even if you get a scary message, navigate to the site yourself.
  • Check the URL. Check the URL again.
  • Use bookmarks.
  • Be aware of what Google Ads look like. Never ever click them. Get an adblocker.
  • Don’t ever trust DMs.
  • Verify, verify, verify.
  • If the offer seems too good to be true, it isn’t true.
  • Don’t let fear overcome your common sense.
  • Turn off Slack emails. This prevents malicious DMs from getting you via email.
  • ONLY unlock your wallet when you want to send a transaction. Check your balance via Etherscan or Ethplorer.

Actionable Items You Should Do

Block malicious URLs by installing
— Report to the Ethereum Scam Database so EAL/MetaMask are up to date.
— Report to Google & Firefox via Report a Phishing Page
— Report to Microsoft IE & Edge via How to report a phishing Web site
— Report Google Adwords Campaigns via Feedback on AdWords ads

Get a Hardware Wallet
Protip: Find your favorite service, buy via that services affiliate link (ie: the footer on MyEtherWallet). The price is the same for you, but your favorite service gets a % of the sale! Win-Win-Win!!!

Other Tips

  • In Chrome and most email clients, hovering over a link reveals the actual link. Do not trust your eyes; these links are NOT the same:
    This is actually a pretty easy way to tell a fraudulent message from a legit one.
  • The offer seems too good to be true.
    — If you receive a message from someone unknown to you who is making big promises, the message is probably a scam
  • Don’t let fear overcome your common sense.
    — Although some phishing scams try to trick people by promising instant riches, others use scare-tactics. If a message makes unrealistic threats, it’s probably a scam.
  • Any URL that ends in `.php` in crypto is probably a phishing site.
    — The young developers combined with client-side focus means old tech like PHP isn’t used much, especially for serving websites. EtherDelta does not use PHP. MyEtherWallet does not use PHP. If the URL ends in `.php`, it’s a phish.
  • Subdomains of subdomains of subdomains.
    — is probably okay (but you should double check). is NOT okay. Why are there two TLDs (those things at the end?)
  • Typos, poor grammar, and cringeworthy word-choice.
    — No offense scam-artists, but your writing sucks. If it isn’t easy to read, contains grammatical abnormalities, double check it.
  • Phishing sites consistently have SSL certificates.
    — SSL ensures information you send from point A to point B is encrypted. It does NOT mean a site is trustworthy.
  • Due to the increased phishing-via-mass-DM scams, most (if not all) Slack communities now post announcements via a locked-down #announcement channel. For this reason, no announcements will come to you via DM. None. Not a single one. Just ignore them.
  • Take a moment and look through this imgur album of phishing examples. — See the trends? They haven’t changed. Every one of these phishing messages resulted in some loss; don’t let the next one be you.