Another day, another scam targeting website contact forms. This time around, it’s fake cryptocurrency wallets posted with eyes on draining yours.
This scam is just as pernicious – if not moreso – than the “copyright infringement” one. In that, a fake photographer threatens legal action for use of their property on your site. The message includes a link, which could download ransomware or a trojan onto your machine.
Rather than preying on fear – “I’m being sued!” – the contact form crypto wallet scam targets greed. Here’s how it works.
First, a bot (or human, but let’s face it; probably a bot) posts a message into a website contact form. It contains the address of a “wallet.” (Think of wallets like bank account numbers.)
The message looks like this; we’ve censored the wallet address:
“MyEtherWallet – 0x3———————ccd – — coconut —– caution —– stick spread —— address obvious —- boring”
If you look at the contents of the wallet, you’ll see quite a bit of cryptocurrency. In the case we documented on Dec. 21, 2021, it contained the equivalent of several thousand dollars. Good deal, right?
NOPE! If you connect the manna-from-heaven MyEtherWallet to your own, you execute a smart contract. This is an automatic and irreversible step that drains your wallet, sending your money to the scammer.
In other words, ignore messages like this if you get them. Don’t bother looking up the contents of the wallet, and certainly don’t try to connect to it. Nobody’s giving you money. It’s just another contact form spam scam.
Hold up. MyEtherWallet? Smart contracts? Is this English?
Welcome to the world of cryptocurrency! Here’s the 101.
Cryptocurrency is any number of digital currencies that aren’t technically tied to governments. This is distinct from “fiat” currency, like the U.S. dollar. Crypto, as it’s known, is typically distributed via a “blockchain,” which allows new coins to be mined or transferred by computers solving complex mathematical calculations. This creates an indelible record of ownership in a “block” in the distributed ledger.
You’re probably most familiar with Bitcoin (BTC), the OG crypto. But there are dozens of coins out there. The particular scam outlined above relies on Shiba Inu, a so-called “altcoin” that trades for a tiny fraction of Bitcoin’s value. The “Ether” in MyEtherWallet comes from Ethereum (ETH), the second-most popular digital token behind BTC. And that’s just the tip of the iceberg.
At the end of the day, crypto is traded like equities or bonds. Some retailers accept payment in crypto (typically Bitcoin), but it’s more commonly a trading and speculation vehicle.
Confused yet? Just wait!
Crypto: Pros and Cons
We aren’t going to litigate the relative value of cryptocurrency here. Sometimes you’ve just gotta value your Twitter mentions. But the crypto wallet contact form scam highlights one huge “watch out” – a lack of instituational oversight.
Cryptocurrency is decentralized. On one hand, you can make the argument that that’s a good thing. On the other, if you lose it – say, to a scammer or literally a lost hard drive – it’s gone. Vanished. Into the ether.
(See what I did there?)
Stories of mistaken transfers and lost BTC abound online. In other words, you need to be careful. Remember that “smart contract” bit before? The key part of smart contracts is the fact that they’re “trustless.” In other words, they’re executed automatically and impartially, by machines. The good: The buyer can’t suddenly disappear or forget to pay. The bad: There’s no oversight, and no takebacks. If a scammer gets you, your digital money is gone.
tl;dr: Nobody’s Sending You Crypto via Your Contact Form
While it’s based in the technical and somewhat arcane world of crypto, the wallet-in-contact-form scam is another in a long line. We’ve seen plenty of examples, and we’ll see plenty more. Remember to use common sense, and never click unsolicited links.
A knock on crypto as a whole? Hardly. That’s another discussion for another day. But be safe, be smart and be skeptical. If it sounds too good to be true, it probably is.
