Scams to Look Out for When Using Monero
For as long as there has been money, there have been scams to get people to part with it, and the cryptocurrency space is no different. In fact, the finality of transactions in cryptocurrency, coupled with the fact that there is no central organization to help recover them, has led to new and innovative ways by which scammers can steal from unsuspecting users and disappear into the digital void with their funds. In this article we'll take the time to inform new users on some of the most pervasive scams in the space, but this list is by no means comprehensive, and users are encouraged to both stay informed of recent scam trends, and be on constantly aware and skeptical of their digital surroundings.
The Impostor Scam
One of the oldest scams in the book, and one that can take place on any and every discussion platform in existence. In this scam, the scammer will pretend to be a trusted individual of the community or a high ranking official of a related business. Once the victim's trust is earned through this established reputation, the scammer might send a user to a malicious site, have them download a program designed to steal their funds, or even just get the user to send them funds directly. Always triple check that the person you're talking to is indeed the correct person. Businesses will have emails to contact to verify identities (i.e. "Did the CEO of your company just contact me on Telegram?") and other community leaders will usually be able to be contacted through other means. Verify before taking any action. ESPECIALLY if they initiated the conversation with you rather than you with them.
The Business Look Alike Scam
Similar to the impostor scam, here the scammers will attempt to have a website or app that is identical in appearance to existing and trusted businesses, but with code and infrastructure that is designed to steal your Monero. Oftentimes a malicious website will have an almost identical domain name as the original, and have even been known to take the top results of internet searches for the site by purchasing advertising space. If an example trusted website is themonerowallet.com, a scammer site might be the-monero-wallet.com or, even more sinister, themonerȯwallet.com. Did you catch the issue with the last one? The o has a dot above it. Take a look: ȯ. But on first glance it may not be visible, and if the domain name looks correct, and the website appears identical to what one might expect it to be, it's all too easy to fall for the trap and give away your Monero seed, only to find your Monero missing before you know what hits you.
But as said in the beginning of this section, this is not just true of websites. There have been instances where scammers can sneak a malicious app that looks identical to existing wallets through the Google Play Store or App Store, where it goes undetected until it is reported (which may take quite some time). In this time, users think they are downloading the correct app, but are really losing their funds to scammers.
The solution to these kinds of scams is vigilance. Always double check before utilizing the services of any website or app. When at all possible, type the name of a known website into the url bar directly rather than using search engines, and be extra thorough when something will be downloaded or your seed will be utilized in any way.
The Outright Scam
Sometimes scammers don't even try to be subtle. They make huge, grandiose claims and know there will always be fools that will believe them out of desperation, greed, or ignorance. These scams take many forms, from coin projects that promise ludicrous returns on investments where you first give them money (like Bitconnect), to special, secret groups that promise to tell you all of the market movements in advance so you can make money...for a fee. Remember. If something sounds too good to be true, it probably is. This advice is especially true in the cryptocurrency space, as deploying a coin or smart contract is trivial these days, and posting your shady claims online is free. Remember, if somebody really did find a way to time the market or discover a way to make tons of infinite money, then why would they tell you? They would just use it themselves to get rich. Why would they share it? Be smart. Use your brain. Trust no one.
The Role of Your Monero Seed in Scams
Your Monero seed IS your Monero. You must write it down when you first make a wallet, because if you lose your seed, you've lost your Monero and nobody can help you. BUT ALSO you must keep this seed safe from others. If someone steals your seed, they can send the Monero out of the wallet as if they were you, and, again, nobody can recover this money for you. It's gone.
Far too often has an individual kept a cold wallet of Monero, been curious about their funds, and wanted to check on it. But rather than going through the hassle or reinstalling the entire wallet application, they just decide to use a web wallet to quickly restore their seed and look at their money. If they fall victim to the Business Look Alike scam, then the very act of inputting their seed gives it to the scammers, who can then move the money to a different wallet that they control at their convenience.
ANYTIME a site, application, or wallet has a 'restore with seed' option, be very careful that the application you are using is a legitimate one. Check the hashes of the program (the Monero website has instructions on how to do this) to ensure the program has not been tampered with by outside forces, and be constantly aware of where and how you expose your seed. The double check may be annoying, but the loss of funds from carelessness would be even worse.