NFT Safety Rules

  • NEVER give out your seed phrase.

  • Never enter your seed phrase onto a website.

  • Ignore discord DM’s with offers/promotions.

  • Don’t click on links from your DMs.

  • Do your own research (DYOR) before purchasing.

  • Use official links only. Double check the domain you are on.

  • If it’s too good to be true, it is.
  • If you win a giveaway you will only be asked for your public ETH wallet address.

  • Don’t interact with polygon airdrops.

Wallet Safety:

As a summary to my last post NFT Beginners Guide. Your seed phrase (also known as recovery phrase) is the series of words you get when you create a wallet. Make sure you have your seed phrase securely stored. NEVER EVER share this phrase with anyone, especially online. You will never be in a situation where you need to give someone your phrase, if they are asking it’s a scam! If you give out your phrase they can hack your wallet, and you will loose all your money/NFTs.

A PUBLIC address like your Ethereum public wallet address is okay to share. Your wallet address is the one you copy/paste to send money into. Your ETH public wallet address starts with 0x……. It has 42 numbers/letters.

If you get whitelist on a project you’ll be asked to provide your public Eth wallet address in the discord whitelist group or by submitting a ticket. But they will NEVER ask for your password, recover phrase, seed phrase etc. If they do it’s a scam.

Let’s get into the common scams:

Meta Mask Pop Up Scam

I want to put this one first because it’s a huge scam and not talked about enough.

There is a fake meta mask pop up on scam websites. It looks real but any Meta Mask pop up is indeed Fake! Meta mask is a chrome extension tab drop down ONLY. Some scam websites are smart and make the pop up show by the chrome extension. To tell the difference Meta Mask is a dropdown menu, the scam one won’t be. So click on your chrome extension to double check.

How the scam works: The fake pop up will ask you to put in your password (on the real meta mask you have to put in your password if you locked your account). Heres where it get’s sketchy! Once you put in your password it will say incorrect. So you pushed to enter your seed phrase. Once you enter your seed phrase into that fake pop up window your funds are now compromised. The scammers now have both your password and your seed phrase! They will drain your wallet.

The only time you have to put in your seed phrase is when you first download meta mask chrome extension, never will you have to enter your seed phrase on a website. Once you initially set up your wallet you will not be asked for your seed phrase.

When you go to mint an NFT Meta Mask will NEVER ask for your seed phrase.

How To Avoid

Always make sure you are only using Meta Mask chrome extension, never put your seed phrase in if you already have your wallet set up. If you are ever unsure click on the chrome extension to double check=, it will drop down from the top.

Sliding Into Your DMs

Bot’s/scammers will DM you with fake links. They will mention something like: Minting ends in x minutes, you won a contest, early access to mint the project, you need to send ETH to get an airdrop, mint almost sold out, stealth mint, asking you for help, a sob story, or make up that they’re a founder of a project.

No matter what they say if they’re asking you to click a link, send your seed phrase, or send them ETH it’s 100% a SCAM.

Discord Server Moderators will never DM you! Unless asked beforehand in the chat. The scammers will use the same profile photo as the mods or the same server pfp. Sometimes they get hacked so watch out for that as well.

Takeaway: All DMs are a scam. Turn off your DMs.

Some of the most common DM scams are:

  • Telling you there is a stealth drop, and sending a fake link to mint on.

  • A message saying they will airdrop you an NFT, but you have to send them some ETH for gas.

  • You won a contest: Next step will either be -> Click the link, Send seed phrase, Send small amount of ETH to this address, and so on. If you win a contest it will be announced publicly on the discord first. They will not ask for: money, to click a link or for your seed phrase. Instead you will be asked to send your public ETH wallet address over. So if they only ask for your wallet address it can be legit.

How To Avoid

Change your settings on discord to only allow your friends to message you. To do so go into Settings -> Privacy & Safety -> Turn OFF “Allow direct messages from server members.” Trust me this will save you in the future!

Scammers really like to DM on the day of mint, and end up getting a lot of members because users are in a rush to mint before it’s sold out. If you do receive a message like that block them immediately. You can also report it to the discord server in #scam-reports.

I know for other platforms the options are limited, if you start getting scam messages block and delete (Do not engage). If it’s too good to be true leave it alone.

What if you click on a link by accident? Don’t connect your wallet and whatever you do don’t sign anything!

Fake Links

Always check the domain before connecting your wallet.

Make sure the spelling is correct, the domain ending is right, and check that there is no random punctuation.

Use #official-links server in the discord to find the official website. Cross check it with social media pages.

Write down the website URL on the #official-links discord server before the mint and make sure the website you are on matches.

What to look out for:

  • The domain has an underscore, hyphen or misspelt.

  • Example: So instead of sandbox.game the scam website domain is sand-box.game or sandbox.gamse This is the most common scam I see.

  • The domain ends differently.

  • Example: Instead of cryptobullsociety.com the scam website is cryptobullsociety.de OR for other projects ending with .io the scam website ends with .com / .ca instead.

Fake Support

Fake support Links/Email

Fake links and emails to support are posted everywhere. All @gmail.com support emails are fake. The only legit support emails will have a domain that matches the official website like support@metamask.io

Try to reach out through the official sites form before emailing (“Open a Ticket”), use email as a last option.

If you want to open a ticket for support make sure you are on the official website for example metamask.io, don’t trust support links sent to you through DM or on a twitter comment.

Screen Share Scam

Support will never ask you to share your screen. If you are asked say you don’t feel comfortable. If they get mad its a scam, legit support lines shouldn’t ask you.

Seasoned traders are getting tricked by this.

Heres how the screen sharing scam works: They do this so many different ways but the goal is to trick you into revealing your seed phrase. A sneaky way the fake support does it is by asking you to change the language on your screen so they can understand what’s going on. Then they give you a bunch of instructions and eventually gets you to reveal your secret phrase but you don’t know what you’re doing because it’s in a foreign language.

How to avoid

If something feels off don’t follow through.

  • Don’t share your screen! Legit support lines won’t ask you.

  • Never give out seed phrase. Again legit support will never ask you for that.
  • Do not click any links from support to “fix” your wallet.

  • If you are seeking support on a NFT platform like Opensea or NFT trader never share screenshots of your wallet if asked.

  • @gmail.com support emails are all fake.
  • Go through official sites only to get support.

Sponsored Search

Adding on to fake websites:

Scam websites sometimes show up first on Google under sponsored, so when you go to search for your project it’s the first result.

For this example i’m going to use Sandbox again. Sandbox is 100% legit and a great platform. That is only if you are on the official website.

There are scammers out there creating a duplicate website: it looks like sandbox but here is the difference: The domain is spelt wrong one letter is off sandbox.gamse instead of sanadbox.game

The fake website would show up first as a sponsored site until it got banned.

How To Avoid

Always check the domain of the website you click on, and avoid clicking on the sponsored website that pops up first via google search.

Discord Hack

The next common scam is discord servers getting hacked. This typically happens on mint day. All of a sudden you will be getting DMs from the group staff or fake announcements will be posted.

How To Avoid

Before the mint date write down the official link for minting. Only use that one.

Fake Opensea Collection

1st search result is legit. Spelling is correct and the number of NFTs line up (7,777). The other options have less NFTs, and there are spelling errors.

The first search result is correct. The spelling is right, and has the blue verified checkmark next to their name.

Fake open sea collections are way too common. Not all projects are verified so sometimes it can be hard to tell.

How To Avoid Fakes

Always use official links from discord, cross check them with the website and social media pages.

Check how many NFTs are in the collection, fakes will have less.

Check the spelling, fakes will usually have a random punctuation mark or the name will be misspelt.