Although we have been set many different protection mechanisms to prevent the fraud happen to our users, we want to list our detailed user experience once they concurred the fraud in our community to help all of our users to protect their assets and personal information from getting stolen.
Scenario:
User A had issue with her Cloud Wallet and ask for help in the group, soon after that one account named Rainie Math wallet reached to her:
User A checked the name and profile photo, knowing it’s like Admin of MathWallet and started to chat with this account, the account holder sent her one link and ask for a complaints survey:
Soon user A opened the link and found it is a questionnaire the interface design looks sketchy but it is very short questionnaire with 5 questions:
She relied without second thoughts since she was in a rush to fix the problem.
Until the last question, she hesitated since the questionnaire was asking for mnemonic phrases and recovery seeds, which are very private information related to account safety, even to the official staff of MathWallet…So she posed her doubts and got replied as:
That means she still needed to submit her walletmnemonic phrases, so she tried to ask if there is another way to get verified such as telephone number or verification code sending to mobile phone:
However the “admin” seems very persistent and asked for mnemonic phrases/recovery seeds to fix the problem.
Also “admin” sent one picture with mosaic effect showing he is the staff of MathWallet, but this picture proved that he is not the staff!
User A got suspicious about the mosaic effect and searched the account name in official telegram group.
The last seen time of group Admin is totally different than the “admin” who talked with her. So it proved the account holder is a fake admin.
Here are 4 ways to protect your personal information being stolen:
1. Mnemonic phrases, recovery seeds and private keys are not supposed to be shared with another one!
The ownership of those information is equivalent to the ownership of your assets in the account!
2. Do not click the link in the chat box!
Official staff will never ask for putting information in the form.
3. Do not transfer asset/token to the people who claim to be MathWallet staff or so!
Even they have the same name and profile pictures, it doesn’t mean they are same people
4. Easiest way to tell who is real official staff:
Anyone who DM you first is not staff! Even though you have special issue to ask/be solved, staff will not ask you outside of the official group chat, they will always DM you in the official group!
Last, if you are scammed, the only way is contact the policy for help. But since the anonymous of blockchain account and telegram account, it may very hard to find out the sammer.
Please do remember all those ways to protect your wallet and avoid to talk to the people who are trying to get your wallet information.