Fear Of Missing Out (FOMO) is going to the moon
Slack was designed for teams in an organization to collaborate. The concept of a team has a fundamental assumption of trust built into it.
As a result Slack has a bunch of scam vectors.
A lot of cryptocurrency projects are using Slack as a medium of communication. Ethereum introduced the Initial Coin Offering (ICO) concept with its crowd sale. Raising funds before the project was finished in exchange for tokens.
Yielding 96,560%, the Ethereum crowd sale worked out ok for those still holding.
Now if you’re not deep into crypto you might think Ethereum was a fluke. To give you context for why there is epic FOMO happening right now take a look at these returns.
Returns like this have never been available before, let alone to regular people. This has lead to a willingness to believe in the unbelievable. Combine:
- No regulation
- No recourse
- A direct channel to targets
- Unprecedented gains that put a get rich quick scheme to shame
and you have a scammers paradise.
Attack 1 — Direct Messages
Slack is kind enough to send users an email to let them know they have unread direct messages. Naturally scammers have started sending direct messages to users. This bypasses email scam filters since the email is coming from firstname.lastname@example.org.
When an ICO happens the process is communicated through a variety of public channels. These announcements create a very convincing template for scammers to use.
I want a 100% bonus …. like, who doesn’t?
Blockchain provides transparency into how much was scammed.
etherscan.io makes it easy to look up transactions on the blockchain to a particular address. Using the address in the scam we can see 106 transactions and a balance of $102,680.35 USD
A variation involves an alert from the security team.
Seems legit, except for the dodgy My Ether Wallet URL…
Also a quick google of the sender shows that the CTO of Golem Project isn’t called Pedro.
The effectiveness of this one is harder to measure since we don’t know the wallet details.
Teams are able to deal with this type of scam by kicking the scammers out of the slack group. This deletes all the direct messages from the scammer.
Attack 2 — Slackbot Tasks
A scammer can set tasks for every user via slackbot. Once the scammer is detected and kicked out of the slack group there is no way to delete the tasks. As a result slackbot sends the message even after the scammer is removed.
This makes sense in a large organization, tasks still need to be completed if employees leave. In an open organization it makes it hard to clean up a scammers mess.
Attack 3 — Talking about upcoming ICO’s that have scam sites running in Google Ads
There is a lot of Fear Uncertainty and Doubt (FUD) in the trading channels. Aside from the noise they can be a great source for ICO’s to checkout. Clicking on links from slack is not such a great idea, so just Google it right? I heard a few people talking about Red Pulse along with Kyber (an ICO that is so hot right now). So naturally I was curious to know more.
Now the Ad at the top takes you to this site.
The top ranking organic result goes to a very similar looking site
It is difficult to know if a site is real when its so easy to clone the original. In the case above the site saying that the registrations are closed is the real one.
If you’re getting into crypto and using the communities, if it sounds to good to be true it is probably a scam. Look for official channels to verify everything.
Always be skeptical.
The official channels can get hacked. The Enigma ICO accounts got hacked resulting in nearly $500,000 being stolen.
Trust no one
Follow me if you want to learn more about crypto and how to invest safely.
Hacks are pretty common in the crypto world: