Fraudulent schemes have taken more sophisticated dimensions and continue to bedevil the entire crypto ecosystem. Given that crypto wallets can be accessed by simple entry of corresponding mnemonic phrase/private keys, an understanding of some common schemes used to trick unsuspecting users into exposing their sensitive wallet credentialss is key to preventing unauthorized access and assets theft.
Phishing attacks: Scammers commonly deploy cloned websites, look-alike emails to trick users into exposing their confidential information. These bad actors may pose as imToken by sending unsolicited emails containing malicious links which redirects users to fraudulent sites where their confidential information is requested on unfounded basis…While it is unarguable that imToken continues to demonstrate prudence in the secure management of digital assets, it does not store or have access to users’ sensitive wallet information (mnemonic phrase, private key and keystore); as such will not compromise its standard by requesting this critical info from users under any guise.
Questionable over-the-counter trades and giveaways: In an attempt to induce unsuspecting users to subtly expose their mnemonic phrases/private keys on phoney platforms, malicious actors propose juicy over-the-counter offers. This scheme which is usually promoted on social media is solely intended to part with users’ hard-earned money. Every offer that prompts you to enter your confidential wallet information as a means of unlocking bounties/airdrop rewards or multiplying your assets is fraudulent and should be avoided. Remember, if it is too good to be true then there is urgent need to exercise extreme caution.
How to Stay Safe
-
Always refer to imToken’s official website as it remains the go-to reference for resources on wallet security. (double-check the individual characters of imToken’s URL to ensure you’re not visiting a phishing website).
-
All attempts requesting you to provide your sensitive wallet credentials should be considered as fraudulent and disregarded forthwith.
-
Never trust third-party platforms promoting airdrop campaigns on behalf of imToken without verifying from imToken’s trusted platforms (official website, Twitter account, Medium account and in-app notifications) of disseminating information to the community.
-
Refrain from submitting your email address recklessly on airdrop promotion websites/platforms.
-
Never attempt to install imToken app on a rooted device as it poses serious threat to the safety of your assets.
-
Keep your wallet credentials offline; do not key in your mnemonic phrase into computers with active internet connection. Details here
-
Never reveal your mnemonic phrase to anyone including persons claiming to be imToken’s support representatives.
-
Lock your smart phone at all times in order to restrict access; further fortify the security of your wallet by enabling the touch/face ID functionality in the security settings of your app.
-
To address issues encountered while using the app, imToken’s support center can be reached either directly from the app (“My Profile” >> “Support and feedback” >> tap support icon on the top-right corner of the page) or by sending an email to [email protected].