Scammers all over Telegram and other social apps (Twitter, Facebook, Discord etc) trying to steal your crypto.
Learn how they do it and follow some simple steps to avoid being scammed.
Telegram ‘technical support’ crypto scam
The scam is simple: the scammer sets up a Telegram profile and joins a group that they expect to find people asking technical questions.
They then watch the group waiting for someone to ask a technical question or report a problem…then the scammer sends a direct message to the person. They pose as technical support and offer to ‘help’.
Sometimes they will even duplicate an official profile or that of a community admin (eg after joining the group, they change their display name, profile photo and bio to be the same as the admin).
This scammer even tried to phone me!
Then, the person will then either;
- Chat with you and eventually ask for your secret recovery phrase
- Direct you to a ‘support form’ that asks for the recovery phrase or similar.
- Link you to a fake phishing site that will ask for your phrase or to connect your wallet
If you give them your details (or connect your wallet to a fake website / download something fake), they have access to all your funds and they will empty your wallet 🙁
This social engineering scam works well because the victim is already confused / frustrated and likely unaware of how many scammers are on the platform. They have asked for help, and now someone is helping them.
Furthermore, because the communication happens via DM, it can go unnoticed by real members of the community.
It is very easy for a new (or semi-new) person to fall for this scam. And it’s getting more and more elaborate — the fake sites are looking more and more authentic.
Other messaging apps with groups have similar problems with scammers — in Discord, the same method is used.
An example scam ‘phishing’ site
This is the type of thing that might happen – the ‘support agent’ directs you to a legitimate-looking site, and you are prompted to give the website your details.
At first glance, the site looks like an official WalletConnect site.
However, it’s a fake.
They have all the logos you recognise, however this site is about to try and scam you….
And that helpful fake support agent on Telegram is with you all the way, ready to assist!
In this example, clicking on ‘Unlock Wallet’ led to a simple form that requested my secret phrase, keystore JSON or private key:
There are more elaborate scams, with fake software etc – be careful, folks!
You can also do a WHOIS lookup of the domain to see when it was registered https://lookup.icann.org/lookup.
This one was registered just 5 days ago!
Unfortunately, getting rid of these scammer profiles and websites is like Whack A Mole.
I’ve reported this domain to Namecheap so I expect it will be gone soon. However, the scammers will simply recreate the site on a new domain (or change domain registrar/hosting) and repeat. ☹️
Update: I checked back a week later and the site was gone...
Image by TPai, Flickr
Scroll to the bottom of this post for my full chat transaction with this scammer!
Stopping the Telegram scammers
Some Telegram groups (and Discord etc) have strict criteria for allowing members to join in order to help reduce the likelihood of scammers abusing and taking advantage of their community.
If you’re trying to join a group and feel frustrated because you cannot join immediately and need to ‘jump though hoops’, understand they are trying to protect you 😉
However; also be wary of fake groups! And no matter what, stick to the golden rule (see bottom of post).
You should always block and report scammers.
Twitter ‘technical support’ crypto scam
This scam is very similar to the Telegram scam or that used on other messaging apps. Because Twitter does not operate via channels or groups, people post publicly that they are experiencing a problem. Scammers will either DM them or reply.
Below are two ‘reply’ examples found via a basic search for ‘MetaMask support’ posts.
You can see they are from scam accounts.
The ‘Pacee‘ account tells the user to go to a Google form and it is a reasonably obvious scam, although I’m sure many newbies have been fooled by it.
The other account, ‘MetaMask Support‘, is a bit more cunning…it is clearly doing it’s best to look legitimate.
If we take a closer look, the account re-tweets crypto content in order to appear authentic. And it’s profile bio links to official MetaMask website and is written to appear legitimate.
However, what the account is doing is similar to that of those on Telegram or Discord groups; monitoring Twitter for people asking MetaMask-related technical questions or discussing problems related to crypto transactions or wallets.
The fake account then replies, asking the person to direct message them… So I thought I’d give it a go!
No prizes for guessing what information the scammer asked for.
Yes, that’s right; the fake MetaMask Support account gave me a link to a Google form that requested I send my wallet security details.
For reference, MetaMask support is provided from within MetaMask itself. MetaMask do have a Twitter support account https://twitter.com/metamasksupport , hoever it simply tells everyone never to reply to DMs, open links or share your secret phrase.
Stopping the Twitter scammers
Sadly, Twitter to not make it clear and obvious when reporting scammers from within a DM:( When you click the ‘report’ button in a DM, you are given the ‘spam’ option which deletes the messages and blocks the user, or ‘report abuse’, for which there are zero scam-related options.
What you can do, is find a tweet from the account and report that. Use the “it’s suspicious or spam” link…then choose whatever you feel is the most appropriate option. It’s difficult to tell what Twitter do with this data, but I’m sure it helps. In the above case, the scammer had their Twitter account suspended within a few days (likely due to multiple reports, not just mine!).
Similar to domains and other social platforms, it’s like whack-a-mole. Whilst I’m sure there are measures to try and prevent these scammers re-registering, there are so many ways of getting new accounts that they simply spring up again under a slightly different name.
Be on guard people!
How to NOT get scammed by the ‘technical support’ crypto scam
Now you know about these scams, it’s pretty easy to spot them and avoid them.
- Never reply or click on links from anyone who direct messages (DM) you first about a support issue. Ignore them, or block them.
- If you want to ask for support on Telegram, find the group admin yourself and you message them (ie. YOU send them a DM them first).
- Be extremely wary of ANYBODY who DMs you first in Telegram – they could be trying to build a relationship before initiating a scam.
The 3 golden rules to avoid being ‘tech support’ scammed
These are the 3 rules that rule them all. Abiding by them (and ensuring your device security is up to date) will help you to avoid most scams:
- NEVER give your crypto wallet recovery phrase (or private key, password/pin etc) to ANYONE or ANYTHING.
- NEVER input your details to, connect to or download from ANYTHING you are not 100% confident in.
- If in doubt, refer to rules #1 and #2.
Stick to the rules above and you will stay safe from the ‘technical support’ scammers!
A real tech support scam chat from Telegram…
This scammer found me on the HyperPay Telegram chat when I asked a (fake) question related to issues with my wallet.
They decided to DM me and offer their ‘help’.
Here’s the full conversation…Yes – helpful scammer Nancy even tried to phone me multiple times!
The scammer then new it was all over and removed themself;
So there you have it, folks! It’s a pretty simple social engineering / phishing-style scam, but it works.
Be on guard! And click here if you’d like to learn more about the other ways scammers steal crypto — or even get you to simply send it to them!