Table of Contents
Please also check out the other posts regarding exposing scammers, Exposing Scammers and Exposing the Scammers Part two.
Talking to the scammer
Get personal data of the scammer
I wrote in a Ravencoin Telegram chat that I was new to RavenCoin and looking for help. Almost immediately, I received a private message from “RavenCoin admin support.” His exact username was “@ravencoinsadmin.”
| Phone Number | +1 (951) 421-3732 |
| Country Code | USA |
| Area Code | Riverside County |
| Phone Company | T-MOBILE |
| Phone Location | MORENO, CA |
| Telegram Username | @ravencoinsadmin |
The information above was gathered by social engineering the scammer into clicking a link that logged their IP address, and I was able to use this information to obtain more details about the scammer, as shown in the table above.
I used archive.ph to make a permanent copy of the phishing page.
What is interesting about this phishing page is that the scammer is using a third-party site to try to get seeds. The site is used by people to show all their social media profiles in one place. It is often used by semi-celebrities or influencers to get more exposure or to promote affiliate links. It by itself is not malicious, the user is the one abusing a legit platform to phish users.
The image above shows the page. The site is usually used by honest people to show accounts they have or as a “link tree”. This makes it easy for a low-skill level scammer to get cryptocurrency seeds because they do not need to buy a domain or purchase hosting. The page has multiple different coins and services that the victim could enter.
The phishing page below shows the Monero phishing page where the victim would enter their Monero seed. If a victim were to enter their seed, the scammer would have access to their Monero or other cryptocurrencies.
The site, LinkFly even has a captcha that might add creditability to the site and stop people from spamming fake seeds. Of course, I reported the user to LinkFly so hopefully, the scammers will not be able to scam any more people.
Moral of this Story
The moral of this saga is if you are going to join online chat rooms no matter the topic, especially chat rooms related to cryptocurrencies please do not trust anyone. After asking a question in public chat, the scammers will often privately message you pretending to be a mod or the admin and try to scam you.
They might have a different account in the room so that if they are detected they do not get kicked. Do not click any links from them or enter any personal information. Report it to the administrators of the chat immediately. I would suggest to private message a person that you are positive is an administrator of the group.
You should guard your seed or password like you guard your social security number or any other personal information. With Cryptocurrencies YOU are the only one responsible for keeping your money safe.
If you do fall for this scam, please change your password immediately and enable 2-factor authentication. If you get phished but have 2-factor authentication enabled for your account, this will make your password and username for the site useless. 2-factor authentication will not protect your seed.
If you enter your seed into a phishing page, immediately create a new seed or wallet and quickly send the balance to the newly created seed. Even if you do not have any money tied to that seed, I would still create a new seed and delete or remove the seed from whatever way you store your seeds.
Hopefully, you use a Password Manager like KeeWeb or KeePass. I would also write down the seed on a piece of paper and put it somewhere safe like a Safe or somewhere hidden.
UPDATE: Linkfly has taken down the phishing site.