Avoiding Token Listing Scammers
scam·@lukestokes·
0.000 HBDAvoiding Token Listing Scammers
If you're part of a cryptocurrency community, it's common to be approached in Telegram by "listing agents" who want to help you "get listed" on their exchange. I've come to the conclusion that 100% of the time, these messages are coming from scammers. Usually, a reasonable way to verify if someone actually does work at an organization they claim to represent is to have them email you so you can email them back. You can verify the domain is correct for the website of the actual organization you think you're talking to, and if you reply back you know you're talking to the real exchange once they reply to your reply. It's very easy to fake a "from" display address and use a different reply to, but if you email an address at the actual valid domain and they reply back from the valid domain, you have some confidence you're talking to someone at that organization. I won't get into DMARC, SPF, DKIM, and other email validation protocols. If they spoofed the header when sending to you and you reply back to the actual organization, they will either ignore you or reply back saying they didn't send the message. Often it's an obvious scammer because the domain of their email will not match the organization. In this case, it was quite interesting in that it looked like it was correct. It seemed to be oĸex.com. But... looks can be deceiving. It's possible to <a href="https://stackoverflow.com/questions/9724379/xn-on-domain-what-it-means">encode special characters</a> (such as a delete character) so if you copy it directly you'll see it's actually: `xn--oex-cva.com` ## I DO NOT recommend viewing that url in your browser. It may be an attempt to attack your computer. If you did put it into Google Chrome (don't!) you'll see:  Thanks, Google. :) I'm glad to see they are keeping up with the scammers in this case. If you look _really_ carefully you'll see this is just another phishing attack example using special characters:  The "k" is not a normal K. As you can see from the original email that I copied the domain from, it appears onscreen to be completely normal:  But if you go and "view original" on the email, you'll see the funky domain name:  The lesson learned here is that organizations wanting to contact a project will go through official channels, not use direct messages to members of the community. Don't fall for this and don't even respond to "Hello" messages as they are 100% a scam also. https://twitter.com/lukestokes/status/1336498457771651073 https://twitter.com/lukestokes/status/1339894890222727168 https://twitter.com/lukestokes/status/1373229485626114050 As a community, we need to protect what we value. We need to name and shame those who spend time and energy attempting to extract wealth through fraud instead of creating value through honest effort. Along those lines, here's our scammer friend on Telegram. Feel free to report and block them:  And here's our message back and forth:  It's sad to think how much wasted effort exists in the world. Talented, capable people could be creating value we all benefit from but are instead trying to scam others. Maybe they don't realize they could do so much better for themselves financially if they took their skills and efforts and helped people instead of trying to destroy them. I hope you learned something from this post and will use that information to protect yourself and the people you care about.
👍 soyunasantacruz, unpopular, yucee, kevinwong, slickwilly, cst90, joeyarnoldvn, bpcvoter, tombstone, mrwang, arconite, nurhayati, bilpcoinbot, nikoleondas.leo, dadview, bukiland, techslut, fatman, patriciaphilip, bearableguy123, tamiapt6, julian2013, archisteem, hive.top, revisesociology, ninnu, cookaiss, ctime, therealwolf, roomservice, smartsteem, kgakakillerg, hiveonboard, ausbit.dev, quochuy, epicdice, tinyhousecryptos, roleerob, rawutah, jaybird, freebornsociety, hanshotfirst, burn-it-down, jeffjagoe, warjar, helix, steemitcolombia, futile, luna777, jagoe, caribehub, nicollefiallo, therealyme, netaterra, roxane, ivet, drexlord, mbappe, fsc69, thescubageek, fooblic, kymio, ashe-oro, jigsindian, babakush, nanzo-scoop, mummyimperfect, ak2020, emily-cook, t-bot, mafeeva, scoopstakes, nanzo-snaps, gmlrecordz, espoem, coinfarmer, tfc.panda, consciousangel7, slefesteem, ameliabartlett, trends.google, appreciator, dickturpin, bluemist, inciter, myfreshes, zeesh, actioncats, noalys, panmonagas, aprasad2325, g-7, top.curation, kattycrochet, curation.hive, israel.israel, x-r-p, nathen007, manniman, wsb.mod, dragokazo, daltono, somniumspace, f-35, themonetaryfew, phatima, tony.montana, the.rock, real.estate, x21, b-i-t-c-o-i-n, fredrikaa, jokinmenipieleen, xrp.ripple, stevelivingston, jphamer1, bil.prag, edicted, oldman28, planetauto, tribevibes, burntmd, elamental, rocknrolldm, wearechange-co, antimedia, mountainjewel, vibesforlife, anafae, cripto-kapital, kennyskitchen, dbroze, ura-soul, trucklife-family, cahlen, borrowedearth, news2share, porters, psycultureradio, abundance.tribe, fenngen, binkyprod, artemislives, tribesteemup, catherinebleish, makinstuff, whatamidoing, solarsupermama, firststeps, moxieme, steemsmarter, homestead-guru, haileyscomet, sanderjansenart, taskmaster4450, susie-saver, eaglespirit, truthabides, bia.birch, nonsowrites, heart-to-heart, mannacurrency, colinhoward, canadianrenegade, celestialcow, holisticmom, rzc24-nftbbg, ac-bot, santigs,