Wallet security letter #2: Exchange customer service scams
Below, we dive into the story of a recently popular scam our users reported to us. We hope everybody can learn something!🧐 If you have any question, you can reach us at email@example.com 🙏
Exchange customer service scams
One day at noon, I received a call from someone who stated he was from Huobi, a well-known Chinese exchange, and asked if I was Mr. xxx. He informed me that my account was at risk, suspected of black money trading, and the funds had been frozen.
At that time, China’s regulatory policies were tightening and I took him for his word that my account was associated with black money. So I confirmed with the scammer the details of my frozen funds and he gave me the exact information of my account and the transactions I recently executed.
I have to admit these scammers are really sophisticated. But thanks to my due diligence, I hung up the phone, opened the App of that exchange to check the status of my account and contacted the customer service again within the App. They told me that the caller was a scammer and my account was safe.
As a blockchain practitioner, I consider myself to be intelligent with healthy skepticism. But what about common users? When faced with a sophisticated scammer, the chances of a customer falling for the scam are very high.
As of July 15, the imToken security team has received a total of 122 reports of such scams, with users being scammed for nearly 1 million dollars. After communicating with the scammed users, we found out the scheme of the fraudsters:
After gaining trust by providing the information about the user’s identity and transaction, the scammer tells the user that his account is suspected of black money trading and that the user needs to verify the funds to clear his suspicions, otherwise his account will be frozen.
Scam funds verification process：
1. Download imToken and video Apps such as Zoom, share your phone screen with the fake customer service, and exchange all your digital assets for USDT and deposit them into imToken.
2. The scammer informs you the funds have been received and you need to transfer more USDT to start verification. After a while, the scammer tells you that the system starts to verify and the progress reaches XX%. You need to top up RMB to a designated bank account to complete the verification.
Because of the shared phone screen, every step of the process from downloading imToken to backing up the mnemonic is recorded by the scammer. After getting your mnemonic, he then induces you to transfer more assets to the wallet.
You think that’s the end of the scam? No, it’s not.😶
3. After you deposit USDT into imToken, the scammer asks you to transfer another amount of cash on the grounds that the system is stuck or the progress of funds verification has not reached 100%. If you tell him that you don’t have money, the scammer will trick you into borrowing money from Alipay or WeChat Loans. The scammer will only hang up the phone when he is sure that he has got all your tokens and fiat money.
✅ The imToken security team has analyzed this type of scam and summarized the reasons for the high incidence of such scams in the recent past.
- Scammers obtain the personal information of exchange users through illegal channels and trick them into believing them.
- 90% of those scammed have never used a decentralized wallet such as imToken.
- Scammers are sophisticated and clearly understand the blind spots of users.
- Take advantage of tightening industry regulatory policies and exchange’s business adjustments.
Here are some tips to protect you from this scam:
- When you receive calls from someone who claims to be some exchange’s customer service, just hang up the phone and open the official website or App to check.
- Never give out your mnemonic and private key! Anyone who induces you to give them out is a scammer!
- Learn the basics of blockchain wallet security:
- Why is it so important to backup mnemonic phrases?
- 5 Common Cryptocurrency Scams & How to Avoid Them
- What if I forgot my password?
- What should you do if your assets in the wallet are stolen?
Upgraded security system
In Wallet Security Newsletter # 1, we talked about the scammers currently thriving on Tron, airdropping tokens such as OZBT, AAMT, FIL, etc. to users. The information contained in the token airdrop informed the user that they could exchange these tokens for TRX on the official website.
In response to this scam, imToken 2.9.4 fully upgraded the security system in a way that warns users about risky addresses, as reported by users or discovered by the imToken security team.
In June, 36 tokens, 202 DApp sites and 4,754 addresses were marked by the imToken security team as risky.
If you recognize any risky DApps or tokens, please report to us via firstname.lastname@example.org to help more users avoid being deceived.
Read our first story below: