Phishing attacks on ether wallets are very common. I would like to point out a few signs that can help you spot a phishing attack.
Since MyEtherWallet.com is the most well known and possibly most used ether wallet, I am going to focus on it. But the same observations can be used in any other phishing attack.
Phishing usually works like this. A scammer forges an exact copy of a well-known website. This might be a bank’s login page or, in this case, the whole site of MyEtherWallet.com. Then they send a bunch of people a reasonably sounding message with a link to this fake website.
While the fake website’s layout will look the same as the original, there are some features that the fake site simply cannot have. One of these features is a so-called Extended Validation Certificate.
Let’s compare the real MyEtherWallet.com website with a fake one.
This is how the URL address bar of the real site looks like:
And this is how the fake one looks like:
The site visually looks like MyEtherWallet.com but it’s a completely different website.
Notice that the fake site doesn’t have an Extended Validation Certificate. In other words, the company name — MYETHERWALLET LLC [US}, in the green bar is missing.
Also, if you look closely, you will see a little punctuation mark above the letter y. That’s a completely different Unicode character which makes the URL address of the fake website very weird. Again, you can see that in the box that appears after clicking on the green SSL lock icon.
Fortunately this fake website has been already suspended. However, within the 12 days of its existence, the scammers were able to relieve some token holders of their tokens.
These scams are all over the place. You need to be extremely careful when handling money or personal data online. Clients of major banks, insurance companies, and now crypto sites as well, are being deceived by these tactics.
Most people are inherently of a trusting nature. Scammers like to exploit this fact. That’s why you need to take the same precautions online as you would in the real world.
If you take away just one piece of information, let it be this one — never trust a financial or personal data website without an Extended Validation Certificate.