Crypto currencies and Initial Coin Offerings opened up a new chapter in the finance book. Unfortunately, their success also attracted actors from the dark side of the Internet: scammers, hackers and no-good people.

A phishing message purports to be from a trustworthy sender and often invites you to open a link that will either lead you to a malicious website. When you click on the link, it goes to a malicious website that encourages you to enter details like name or password, which may be captured and sent to the scammers.

With Initial Coin Offerings specifically, we have seen three major types of scams.

Fake ICO Sites

These websites are designed to look as genuine and innocuous as the real ICO website. However, they contain a wallet address to send funds that is not the ICO’s – but the scammers. Recovering funds from this is almost impossible.

These sites are advertised via messages or email that may look completely trustworthy.

How to avoid: Dave Appleton from our Advisory Board warns in a Medium post:

NEVER go to an ICO site linked by a PM on a slack channel. Never trust the website unless you typed in the address yourself.

Fake Messages

Most ICOs have dedicated Slack or Telegram support channels for the community. Unfortunately, these platforms make it difficult to identify legitimate representatives of the ICO. Scammers sign up with usernames that are similar to those of ICO officials, or hack the software to send personal messages to users with the scammer’s message or wallet address.

How to avoid: Use this Chrome extension that will try to protect you from blacklisted phishing domains. Do not trust links sent on Slack or Telegram.

Fake Crypto Sites

In an effort to gain the trust of unsuspecting victims, phishing emails will often purport to be from some of the largest crypto sites, for example wallets or exchanges. The most effective phishing emails or messages use similar language and graphics to what you’d expect the real deal to look like. To add to the convincing effect, criminals are buying domain names similar to the sites they are impersonating, for example myetherwallet.com.de (don’t go there!).

How to avoid:  Don’t click on any links in any emails. Instead, go directly to the sender’s website in a browser. Always double check the domain in the browser.

DDF was also one of the major ICOs targeted by scammers. There are scammers out there using a website very similar to DDF. Please be aware that the only legit site is https://www.digitaldevelopersfund.com/ and do not trust any wallet addresses from outside this site.