It seems that everyone is talking about NFTs lately. Have you caught on to the trend? They’ve exploded and redefined the art market A LOT recently with tons of people getting super excited about them, but scammers have also been getting excited — about the prospect of scamming lots of people with NFT-related scams!
In this post, we introduce some of the most common NFT scams and share some tips to avoid them. Check it out!
What are NFTs?
Non-fungible tokens (NFTs) are artworks (physical or digital) with digital signatures that represent their ownership. They can be viewed as digital assets and can be used as real money, like cryptocurrencies (Bitcoin, Ethereum, etc.). What’s different is that each NFT is UNIQUE and can’t be replaced or reproduced, and that’s why they’re now popular among art enthusiasts, gamers, and those involved in real estate.
5 common NFT scams
#1 — Fake NFT websites
If you’re interested in investing in NFTs, the first thing is to find out WHERE you can buy and sell NFTs. When searching online, you’ll be flooded with millions of search results, but there are many fake NFT trading websites among them. It can be hard to tell these scam websites apart from genuine ones as they often look extremely alike.
First of all, there are no legitimate NFTs on scam sites, so if you purchase one, you are just throwing your money away. What’s worse, scammers can record all the credentials you submit on the sites. Normally you only have to provide your MetaMask wallet address to make transactions, but scammers may request for the seed phrase of your Ethereum wallet (the master key to your cryptocurrency wallet) and use it to hack into your wallet and steal all your cryptocurrency.
Choose legitimate NFT trading websites
The easiest way to stay safe is to choose legitimate NFT trading websites. There are lots of different types of NFTs — there are ones relating to sports, video games, real estate, and lots more. Besides the most famous NFT trading platform OpenSea, here are some other legitimate NFT marketplaces/NFT collectible websites:
NFTs for art
NFTs for sports
NFTs for gaming
NFTs for digital real estate
NFTs for Tweets
Use Trend Micro Check to browse the web safely!
Trend Micro Check is an all-in-one browser extension for detecting scams, phishing attacks, malware, and dangerous links – and it’s FREE!
After you’ve pinned Trend Micro Check, it will block dangerous sites automatically! It is now available on Safari, Google Chrome, and Microsoft Edge.
Check out this page for more information on Trend Micro Check.
#2 — Fake offers
Impersonating famous NFT trading platforms, scammers send you fake emails claiming that someone has made an offer for your NFT. They prompt you to click on an embedded button:
Like all the other phishing scams we’ve reported on before, the button leads to a phishing website. The fake page will ask you to link your wallet and submit your seed phrase/recovery phrase. Scammers can record the credentials and hack into your wallet and steal everything you’ve got!
#3 — Fake technical support
Besides fake offer email notifications, fake customer service/technical support is also a common scam tactic.
Imagine encountering some technical problems and seeking help on Discord. Someone who claims to be from OpenSea then comes to your rescue.
The fake support agent (the scammer) may ask you to share your screen to check what’s going on, making you inadvertently reveal your cryptocurrency wallet’s credentials. When you do so, they can take screenshots of your seed phrase (the recovery key to your wallet) or the QR code linked to it. Or, the scammer could redirect you to a website that looks like the official OpenSea website and coerce you into entering detailed personal information there. You know what will happen next. Don’t fall for it!
Scammers impersonate MetaMask and send you fake MetaMask security alert emails, saying your MetaMask wallet is going to be suspended for some security issues. To retrieve your wallet, you are prompted to click on an embedded link in the email to verify your account.
Again, they try to prompt you into clicking on the embedded phishing link that then takes you to a fake MetaMask website – it looks nearly 100% identical to the genuine one. Please take a look at the web address carefully – the legitimate domain of MetaMask should be metamask.io!
Fake MetaMask Website:
Real MetaMask Website:
If you submit credentials like a seed phrase, scammers can hack into your MetaMask wallet and transfer every “bit” away. What’s worse, since cryptocurrencies are decentralized, it would be nearly impossible to get them back!
In some other cases, scammers send you fake security alerts about your OpenSea account/NFT collection, but the tactics are similar. Watchout and don’t click on anything!
#4 — Fake giveaways
Posing as employees from famous NFT trading platforms, scammers contact you via social media (e.g. Discord or Telegram), saying they are holding giveaway campaigns. They promise you free NFTs as long as you spread the giveaway messages and sign up for the campaigns — through scam/phishing NFT websites! When you try to link your MetaMask wallet, your credentials will be stolen.
#5 — Fake NFT projects (rug pull scams)
Many new NFT projects appear every day, for example, Squid — a new digital token for the world-famous Netflix series Squid Game. However, after its price reached its peak, it turned out to be a “rug pull” scam — the creation of an NFT that can’t be circulated. Owners can’t re-sell the tokens, making their prices plummet in a short time. In such schemes, the only ones who profit are the creators of the digital tokens.
In other cases, such scams are committed by romance scammers. Romance catfishers try to lure you into investing in some NFT projects. They might send you links to fake NFT websites, or ask you to wire them money. Be careful!
9 tips to protect yourself from NFT scams
1. Never click on links or attachments from unknown sources. Use Trend Micro Check to check if a website is secure (It’s free!)
2. Use strong passwords and enable two-factor authentication (2FA) to protect your accounts. Try ID Security to monitor your personal information with ease.
3. Add an extra layer of protection to your device with Trend Micro Maximum Security. It includes Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection to help you combat scams and cyberattacks.
4. Check the price. If the offer of an NFT on a site is much lower than that on legitimate websites like OpenSea, it’s probably a scam.
5. Check verification marks. Most legitimate NFT sellers will have a blue checkmark beside their usernames, and the properties of the collection will be listed clearly.
6. Check the contact address. It should specify where the NFT was minted. You can check the creator’s website to make sure the information is genuine.
7. Turn to the official customer service of the NFT trading sites for help instead of someone who contacted you via social media.
8. Be smart with your wallet credentials and NEVER share your seed phrase (recovery phrase).
9. Use legitimate wallet apps and browser extensions to avoid phishing. There are lots of malicious apps impersonating official ones.
If this article’s been of use and/or interest to you, please do SHARE with friends and family and help keep the online community informed and protected — and remember to give them a try:
You Might Also Be Interested In...
Get all the latest cybersecurity news