A newly designed scam that started in Bitcoin, in order to deanonymize the wallet owners for further socially-engineered fraud attacks, has spread across other cryptocurrency networks.On the Stellar Network it can be known as 'Memo-Phishing'. When sending payments on the Stellar Network, you have the option to include a memo.Just like dusting attacks, Memo-phishing is when a bad actor attempts to send small amounts of crypto (in this case, XLM) to random people in the network with a malicious link in the memo. The memo will most likely entice you by stating they will give you free Lumens/XLM if you go to the link. NEVER GO TO THE LINKS IN THE MEMO.If you see small amounts of XLM in your wallets, it's best to avoid it and report it.Click here for more tips to guard yourself from Dusting attacks and Memo-phishing.
The attempt to get your confidential information by disguise and impersonation of an official.Methods of delivery include: EMAIL, TRANSACTION MEMO, TEXT-MESSAGE, PHONE-CALL, and SOCIAL-MEDIA POSTS. Example: A scammer uses a Facebook account similar to the official's profile name of the Stellar Development Foundation (SDF), and disguises a post to lure people in so they enter their confidential information.Key tip is to never give your confidential information to anyone, officials of companies/entities; even government officials. No one will ask for your confidenteial information, only a scammer will. Click here for more tips to guard yourself from Phishing attacks.
The attempt to impersonate an official message that was sent through a communication channel (email, social media, or phone).Methods of delivery include: EMAIL, TEXT-MESSAGE and SOCIAL-MEDIA POSTS. This message will include a malicious link that takes you to a spoofed/impersonated version of an official website where they ask for your confidential information.Same with Phishing above, a key tip is to never give your confidential information to anyone.Click here for more tips to guard yourself from Spoofing attacks.
The attempt to infiltrate a device in order to retrieve confidential information.Delivery methods can be multiple ways, but is usually done by a victim giving access to a bad actor via downloading malicious software that lets them take control of their computer.An important tip is to never download anything on the internet without you fully vetting the program, and turn off automatic downloads on your browsers as well as SMS/MMS downloads on your phones.Manually approving downloads is one way to monitor man-in-the-middle attacks (and a few seconds of awareness can save you hundreds of hours of work).Click here for more tips to guard yourself from Hacking attacks.
Fake airdrop / account viewer / wallet
The attempt to retrieve your secret key by luring you into believing there's an airdrop.This tactic works in 3 steps:
1) Spoofed messages of officials (usually impersonating the SDF) in order to gain your trust.
2) The message includes instructions for you to go to a website (spoofed account viewer) to retrieve 'free lumens' or to 'opt into a program'.
3) The instructions on the spoofed website will ask you to put in your secret key into the input field.
The attempt to defraud the community by spoofing as an official.This can be done to impersonate anyone in the community. It's always wise to know the official delegates of the organzations and services you use.Never respond to unsolicited messages (unsolicited means you never asked them to message you), and in any case NEVER give any confidential information away.If you are approached by an impersonator trying to be an official, try contacting the website or main address of the organization and service. In some cases this may be spoofed, so please reach out to us for a second look.Click here for more tips about impersonators and how to guard yourself from them and warn others.