Tech support scam
Fraudsters never sleep and find new ways to steal funds. In this example, we will show you an example that is related to support in communities.
Example № 1
The situation happened in the Ever Wallet technical support group. The victim was unable to withdraw the farming reward due to an unknown error. After all possible measures were taken to solve the problem, the victim went to the wallet technical support group and asked a question in the general chat with an appeal to the developers.
1
Immediately after that, a scammer answered victim in private messages, who had a profile in Telegram, which contained all the real links to the official sources of Ever Wallet.
2
The scammer introduced himself as a developer and asked to remove the problem messages from the general chat so that other developers would not be distracted by them. Arguing this by the fact that he himself will personally deal with this problem.
3
After that, there is a long dialogue in which the scammer asks a lot of clarifying questions and tries to solve the problem, which, of course, won’t be solved.
4
Next, the scammer asks victim to fill out a google form, in which victim need to enter the SEED phrase from the wallet.
After filling out such a form, all funds are withdrawn from the address using the received SEED phrase.
Example № 2
A scammer can slip a developer's phishing site that requires you to connect to the site. The site can completely visually copy the style of official sources, and often does not arouse suspicion.
Phishing site example: multidapps.netlify.app/wallets
Phishing site example: multidapps.netlify.app/wallets
On this site, a scam victim may try to connect to the site using the Metamask wallet. Only, after clicking on the Metamask icon, the automatic connection loading animation occurs, and the service offers to manually connect the wallet:
After that, the site asks you to enter a SEED phrase. It is noteworthy that there are also options to connect via your wallet's JSON file or using a private key.
After that, the site asks you to enter a SEED phrase. It is noteworthy that there are also options to connect via your wallet's JSON file or using a private key.
Of course, nothing happens after the site accesses your SEED phrase data (or any other option). It gives an error that it is not possible to connect now, please wait. At this point, the hacker is already entering the wallet according to your SEED phrase. But even in this case, the attacker may not immediately steal your funds.
We conducted an experiment in which we connected several wallets to a phishing site.
In the first case, we registered a new wallet and replenished it with a very modest amount. After connecting, we monitored the process of the theft of funds, but the money was never withdrawn.
Then we tried to connect a wallet with a lot of transactions to the phishing site and also replenished it with a modest amount. Neither in the first nor in the second case, the funds were not stolen from the wallet.
Then we tried to connect a wallet with a lot of transactions to the phishing site and also replenished it with a modest amount. Neither in the first nor in the second case, the funds were not stolen from the wallet.
Answer the question: why not stolen?
The answer is quite logical - the scammer is pursuing profits, and also so that no one knows that the user has just contacted the scammer. Therefore, when a fraudster gains access to a SEED phrase, it is important for him to have something to steal. Due to lack of funds, or, in our case, if there is a very modest amount, there is no reason to steal funds. The fraudster will monitor the receipts on the wallet until the amount is sufficient for the theft.
Be careful!
Don't let scammers fool you - always study and double-check the information available to you.
If you have been a victim of fraud or if you know of any such cases, tell us!
We also recommend