This article is one in a series which is designed to educate users around the importance of understanding the role we all have in protecting ourselves against theft.
Sharpening the Spear
As we have continued to streamline our customer service, we made the decision to discontinue providing support via the Telegram group and replace our presence there with a read-only channel. All support is now rendered via the ticket system and email in conjunction with real-time communication on our official Discord channel. While this eliminates one potential vector of attack that bad actors may use to target our users, we still need to be on the alert.
A number of different cryptocurrency project and related communities have experienced users impersonating official team members from outside the particular Discord server they use. These malicious doppelgängers use social engineering to trick unsuspecting users into installing malware or handing over sensitive data which is then used to compromise their security and steal their funds.
We’d like you to familiarize yourself with a couple of simple verification methods for when you are in doubt.
Let’s walk through one hypothetical scenario. Say you’re having trouble and you ask for assistance in the #support-help-desk channel. Our faithful sherlock-holmes has been assisting you there, but suddenly you receive a direct message which appears at first to be from him (official agents will generally not do this, and request that you send them a direct message instead).
If we compare the two account IDs, we can easily see that the genuine sherlock-holmes has a number of roles within the channel, is not “new to Discord” and has the correct ID number (which can be confirmed by right-clicking his user name in the CryptoBridge channel). This is why we’d ask you to send a direct message to the agent rather than the other way around: you can be certain you’re speaking to the genuine user.
There are also some instances where exactly the same visible characters and tag appear when using the method above. This is because a bad actor is sometimes able to use special characters which are seen same on the display, despite being different. The most definite way to eliminate this is to turn on developer mode and compare each account to verify its unique user ID. To find out how to display this, follow the instructions in this link:
Spread the Word
Now that you know about this hidden pitfall, we hope it encourages you to learn more about how to effectively protect yourself, and for educating other new users you may encounter. When we all work together to make our communities a more informed and healthier place, we all benefit.