Tip#0: NEVER TRUST, ALWAYS VERIFY!

This is a popular phrase in the security world. It means that bad actors can easily join our space or are already inside.

We are all on the frontline to protect the community, therefore the only true way to protect the community, and yourself, is to verify whatever it is you are doing to ensure no bad actor enters our space.

Say it, repeat it, and live by it.


Tip#1: NEVER GIVE OUT YOUR SECRET KEY / NEVER GIVE OUT YOUR EMAIL

The main objective of any scam is to retrieve your personal information. On Stellar, this will most likely include your secret key (or email/phone number to attack you later). In order to achieve this objective, they must get you to TRUST them.

It is crucial you understand that these scams are socially-engineered and designed to garner trust from people who would assume they are real. This is why these scams happen, they're different and all depend on a victim making a mistake! Always be vigilant in anything you do, ESPECIALLY if it asks for your confidential information. DO NOT be afraid and DO NOT rush into anything. If you need a second pair of eyes for verification, please reach out to us ASAP.

Email Phishing - Blockchain.com Giveaway

Example 1

Tip#2: WATCH OUT FOR THE IMPERSONATORS

Usually referred to as "phishing", this technique is done by fraudsters to trick people into thinking they're receiving something from a reliable source.

By changing a few letters around, they hope to trick people into trusting them that they are official representatives. After trust is secured, the next goal is to retrieve your information.

Phishing, in general, is all about creating a sense of trust, plausibility, and urgency. There's a few tips to look out for:

  1. They usually dont have your name and start off as 'Dear Customer'
  2. They have a strange address with multiple numbers and letters that don't look like an official
  3. They ask for confidential information, usually in a urgent setting such as 'an emergency happened, your funds are lost, we require your name, banking account immediately, hurry and put your secret key here before the airdrop is gone!...'. Before sending private information, please review the email address/social media name/title of sender so as to ensure they are official.
  4. The message came out of no where; you didn't ask for it nor were you expecting any type of solicitiation. This is how spam and scam are one and the same: they promote unsoliciation and so the likely hood of you "clicking here" is high.

Attempts of impersonation in the past include: fake account viewers, fake airdrops, and fake marketing campaigns.

Email Phishing - Stellar Development Foundation Staking Campaign

Email Phishing

Email Phishing - Blockchain.com Giveaway

Email Phishing

Social Media Phishing - Facebook Bot Impersonators

Social Media Phishing

Spoofed Account Viewer - Fake Account Viewer

Spoofed Account Viewer

Tip#3: "IS IT TOO GOOD TO BE TRUE?"

"Well then it usually is", is another popular phrase. Though it may sound like a sarcastic statement, it's a powerful question to take a step back and analyze the situation.

You might be estatic to receive 50,000 XLM from Stel1ar Foundations and all you have to do is put your secret key here: _____, you should ask yourself: "Why did I just receive this email?".

Sometimes a quick moment to analyze the situation will allow you to observe that first, you never asked for this message, and second, someone is asking for your secret key which will give them access to your wallets (this is usually done by bots so they automatically deplete your wallet). It's all about being vigilant and proactive about every single action you take that requires you to use confidential information.

Social Media Phishing - Facebook Post

Social Media Phishing

Tip#4: WATCH OUT FOR THE LETTERS

Does SteIlar and Stellar look the same?

I hope you answered "No" because they are NOT the same

If I capitalize all the letters, what appears is STEILAR and STELLAR. Notice the I in the middle? Capitalized I (i) and uncapitalized l (L) sometimes look the same, depending on the personalization settings in your device. Moreover, there will be other spelling mistakes (intentional or not), and may include special characters (Ş, ţ, ë, ļ, Ľ, ạ, ř), or even switching a letter "l" with the number "1".

To see if any word has any capitalized or uncapitalized letters, go to www.capitalizemytitle.com, and copy/paste to verify. Try copy/pasting "SteIlar and Stellar" to see the difference yourself.

Email Phishing - Stellar Development Foundation Staking Campaign

Email Phishing