tayvano/ 2 Call To Action: Help us phuck these phishers up, please.

## 2 Call To Action: Help us phuck these phishers up, please.
I'm really tired, folks. We're spending far too much time dealing with the shit that we *hate* dealing with:

1. Breaking the news to someone that they lost all their ETH/Tokens

2. Writing emails and takedown letters

3. Talking & paying layers

4. Making lists (well...actually I love lists. But these types of lists suck.)

**These phucks will not stop until they stop getting money or get caught.** We don't have the time or manpower to do it all. There are so many things to do and watch and document.

I'm asking you to help us by turning your attention towards the community around you. Not just the people you like, either. Help the idiots, tired assholes, nice happy people, greedy fucks, smart devs, and everything in between. I do not want to hear *"natural selection*" or *"that's how people learn"* or *"love the rant but it's not going to do anything so why rant?"*.

I may be idealistic, but do not mistake that for naïveté. I do not think a tweet will stop scammers in their tracks. I do think that the effort we put in—even if it doesn't make a tangible difference—is worth it. If you manage to save one person, that is one less ETH for the scammer.

Help us spread the word. Help educate. Help us maintain the lists. It's been 13 days now. There are obviously channels we are missing because people are still losing money. Are you in one of those channels?

---

### 1. Educate when you see a message

- If you see a link to one of these sites or a fake Token Sale address, comment on it in #general or on Twitter or on Reddit or wherever. Warn people QUICKLY & LOUDLY.

> "There are scammers that are DMing, posting links, posting comments, and trying to get you to navigate to fake URLs. DO NOT CLICK IT!" (Yes. People still don't know this. I don't know where they are, obviously not here on reddit).

> Remind people: "If it's to good to be true, it probably is."

> ⚠ PSA! Do NOT click the link or listen to the scammer! That is a phishing site. Always check your URL and/or consider getting a Ledger or TREZOR hardware wallet.

> If you have a moment, please report the recent malicious site ` myetherwallet[.]su ` as phishing to Google via https://safebrowsing.google.com/safebrowsing/report_phish/ and https://safebrowsing.google.com/safebrowsing/report_badware/. If you have IE, do the same via Tools -> Report as Malicious Site so they can't trick anymore people.


---


### 2. Educate *before* you see a message

This is too much for one post so help spread the word: Private keys are *private*. Use hardware wallets. Use cold storage. Go offline. Check URLs.

*   [Creating a wallet offline is the shit](https://myetherwallet.groovehq.com/knowledge_base/topics/how-do-i-safely-slash-offline-slash-cold-storage-with-myetherwallet)

*   [Getting a](https://myetherwallet.groovehq.com/knowledge_base/topics/how-do-i-create-a-new-wallet) [Ledger or Trezor Hardware Wallet](https://myetherwallet.groovehq.com/knowledge_base/topics/hardware-wallet-recommends) is even better.

*   [You can sign transactions offline so your key never touches a phishing site!](https://myetherwallet.groovehq.com/knowledge_base/topics/how-do-i-make-an-offline-transaction)

*   Never enter your private keys, passwords, sensitive data on a website that you were sent via message

*   ONLY unlock your wallet when you want to send a transaction. Check your balance via [https://etherscan.io/](https://etherscan.io/) or [https://ethplorer.io/](https://ethplorer.io/)

*   Do not trust messages or addresses or URLs sent via private message. Always verify information w/ a secondary source.

*   [Install the Chrome Extension that will warn you if you attempt to navigate to a malicious site](https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn)

*   [Install the MyEtherWallet Chrome Extension](https://chrome.google.com/webstore/detail/myetherwallet-cx/nlbmnnijcnlegkjjpcfjclmcfggfefdm)

*   Guide on [How to Prevent Loss & Theft](https://myetherwallet.groovehq.com/knowledge_base/topics/protecting-yourself-and-your-funds).

*   [Protips: How not to get scammed](https://myetherwallet.groovehq.com/knowledge_base/topics/pro-tips-how-not-to-get-scammed-during-a-token-sale) *(needs cleanup and to be more generic)*


**(That seems like a lot of stuff I've written bc I know where it is. Dump helpful links in this thread. Write posts on how you did it. Share.)**


---


### 3. Report the absolute living daylights out of the malicious URLs

- Report: https://safebrowsing.google.com/safebrowsing/report_phish/

- Report: https://safebrowsing.google.com/safebrowsing/report_badware/

- If have IE / Edge, report there: https://support.microsoft.com/en-us/help/930167/how-to-report-a-phishing-web-site

- Notify host regarding malicious website / DMCA / copyright violation / trademark violation

- Notify registrar regarding malicious website / DMCA / copyright violation / trademark violation

- Notify SSL Cert Issuer of misuse of cert / malicious / phishing website

Seriously. Not enough people are doing this and I'd love to just take them all down. I want to *overwhelm* these hosts and registrars and SSL cert providers who have been ignoring our 3 emails / day. Hosting thieves is not acceptable behavior. Not reacting quickly is unacceptable.

**To find their host, whois their info and find the abuse contact**
https://whois.icann.org/en https://www.whois.com/whois/myetherwallet.com.ua https://whois.domaintools.com  https://mxtoolbox.com/Whois.aspx

A list of current active domains:

> xn--mytherwallet-fvb[.]com   reg: abuse@godaddy.com +1.4806242505 host: DIGITALOCEAN.COM

> myetherwalliet[.]com     reg: abuse@reg.ru     host: ns1.rivalhost.com

> myetherwallet[.]com[.]am   host: abuse@reg.ru

> myetherwallet[.]com[.]ua   host: abuse@reg.ru      http://drs.ua  contact-id  cuuqe771

> myėtherwallet[.]com

> myethervvallet[.]com   host: carter.ns.cloudflare.com https://www.cloudflare.com/abuse/form    Registrar URL: http://www.namecheap.com

> district-0x[.]io     Registrar URL: http://www.gandi.net       host: LANA.NS.CLOUDFLARE.COM

> ether-wall[.]com    abuse@reg.ru

> myetherwallaet[.]com      registrar-servers.com   Registrar URL: http://www.namecheap.com Abuse email:    abuse@namecheap.com Abuse Phone: +1.6613102107

> my-etherwallet[.]in      cloudflare https://www.cloudflare.com/abuse/form

---


### 4. Add to the growing lists! PR & Review other's PRs!

I have converted various lists from various parties into a single master happy place.

The lists are here: https://github.com/MyEtherWallet/ethereum-lists.

They include darklists and lightlists of `addresses`, `URLs`, `ENS names`, `MEW's default token lists`, `Email Addresses`, and our `Contract ABI lists`(which will be deprecated but is nice to have anyways).

**If you see a malicious link or message or a fake ICO address, or anything else nefarious....**

- Go to https://github.com/MyEtherWallet/ethereum-lists

- Read & follow the instructions on how to create a PR (pull request)

- Submit it.

If you see a Fake ICO address, make sure its on `addresses-darklist` or add it.

If you receive another phishing link via Slack, make sure its on `url-darklist` or add it.


---


### 5. Make, share, warn a de-facto guide on how to avoid phishing / badware, targeted for phishers a la https://www.google.com/safebrowsing/static/faq.html#q1

- **Shamelessly steal from the pros:**

    - https://www.google.com/safebrowsing/static/faq.html#q1

    - https://www.fdic.gov/consumers/consumer/news/cnwin16/phishing.html

    - https://www.stopbadware.org/badware

    -  https://www.wired.com/2017/03/phishing-scams-fool-even-tech-nerds-heres-avoid/

    -  http://www.phishing.org/10-ways-to-avoid-phishing-scams

    - http://www.which.co.uk/consumer-rights/advice/how-to-spot-a-scam

- **Other References:**

    - https://myetherwallet.groovehq.com/knowledge_base/topics/hacks-thefts-and-stolen-funds-due-to-phishing-links-between-7-slash-5-slash-2017-slackbot-scambot-phishing-slash-reddit-dm-slash

    - https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn (Anti-Phishing CX)

    - http://imgur.com/a/cznsy (Screenshots that can be used for examples)

    - https://www.reddit.com/r/ethereum/comments/6o04b2/protips_how_not_to_get_scammed_during_a_token_sale


---


### 6. Only if you are careful and you really really really game:

- Spam with fake private keys: https://gist.github.com/kvhnuke/f2e69fd552827a35e8b1a885e5587c1c

- Help add to growing list of stuff and link things: https://docs.google.com/spreadsheets/d/1ErQGI2elbzVAapLBYzDePV7jqpiDnsJoSlmAlQ9_zno/edit?usp=sharing

- Help others find whois info, track domains, track emails.

- Help us build things, faster. https://github.com/MyEtherWallet/ https://github.com/409H/EtherAddressLookup

- [Join our Slack to discuss and coordinate](https://myetherwallet.herokuapp.com/)

---

Thank you for everything. We literally wouldn't be in this shit situation without you supporting us. 😒 Kidding—it's all part of this crazy wild adventure called the future. We'll figure it out, but it's better together. 🤗

#\#phuckphishers
	I'm really tired, folks. We're spending far too much time dealing with the shit that we hate dealing with:

	1. Breaking the news to someone that they lost all their ETH/Tokens

	2. Writing emails and takedown letters

	3. Talking & paying layers

	4. Making lists (well...actually I love lists. But these types of lists suck.)

	These phucks will not stop until they stop getting money or get caught. We don't have the time or manpower to do it all. There are so many things to do and watch and document.

	I'm asking you to help us by turning your attention towards the community around you. Not just the people you like, either. Help the idiots, tired assholes, nice happy people, greedy fucks, smart devs, and everything in between. I do not want to hear "natural selection" or "that's how people learn" or "love the rant but it's not going to do anything so why rant?".

	I may be idealistic, but do not mistake that for naïveté. I do not think a tweet will stop scammers in their tracks. I do think that the effort we put in—even if it doesn't make a tangible difference—is worth it. If you manage to save one person, that is one less ETH for the scammer.

	Help us spread the word. Help educate. Help us maintain the lists. It's been 13 days now. There are obviously channels we are missing because people are still losing money. Are you in one of those channels?

	---

	### 1. Educate when you see a message

	- If you see a link to one of these sites or a fake Token Sale address, comment on it in #general or on Twitter or on Reddit or wherever. Warn people QUICKLY & LOUDLY.

	> "There are scammers that are DMing, posting links, posting comments, and trying to get you to navigate to fake URLs. DO NOT CLICK IT!" (Yes. People still don't know this. I don't know where they are, obviously not here on reddit).

	> Remind people: "If it's to good to be true, it probably is."

	> ⚠ PSA! Do NOT click the link or listen to the scammer! That is a phishing site. Always check your URL and/or consider getting a Ledger or TREZOR hardware wallet.

	> If you have a moment, please report the recent malicious site ` myetherwallet[.]su ` as phishing to Google via https://safebrowsing.google.com/safebrowsing/report_phish/ and https://safebrowsing.google.com/safebrowsing/report_badware/. If you have IE, do the same via Tools -> Report as Malicious Site so they can't trick anymore people.


	---


	### 2. Educate before you see a message

	This is too much for one post so help spread the word: Private keys are private. Use hardware wallets. Use cold storage. Go offline. Check URLs.

	* [Creating a wallet offline is the shit](https://myetherwallet.groovehq.com/knowledge_base/topics/how-do-i-safely-slash-offline-slash-cold-storage-with-myetherwallet)

	* [Getting a](https://myetherwallet.groovehq.com/knowledge_base/topics/how-do-i-create-a-new-wallet) [Ledger or Trezor Hardware Wallet](https://myetherwallet.groovehq.com/knowledge_base/topics/hardware-wallet-recommends) is even better.

	* [You can sign transactions offline so your key never touches a phishing site!](https://myetherwallet.groovehq.com/knowledge_base/topics/how-do-i-make-an-offline-transaction)

	* Never enter your private keys, passwords, sensitive data on a website that you were sent via message

	* ONLY unlock your wallet when you want to send a transaction. Check your balance via [https://etherscan.io/](https://etherscan.io/) or [https://ethplorer.io/](https://ethplorer.io/)

	* Do not trust messages or addresses or URLs sent via private message. Always verify information w/ a secondary source.

	* [Install the Chrome Extension that will warn you if you attempt to navigate to a malicious site](https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn)

	* [Install the MyEtherWallet Chrome Extension](https://chrome.google.com/webstore/detail/myetherwallet-cx/nlbmnnijcnlegkjjpcfjclmcfggfefdm)

	* Guide on [How to Prevent Loss & Theft](https://myetherwallet.groovehq.com/knowledge_base/topics/protecting-yourself-and-your-funds).

	* [Protips: How not to get scammed](https://myetherwallet.groovehq.com/knowledge_base/topics/pro-tips-how-not-to-get-scammed-during-a-token-sale) (needs cleanup and to be more generic)


	(That seems like a lot of stuff I've written bc I know where it is. Dump helpful links in this thread. Write posts on how you did it. Share.)


	---


	### 3. Report the absolute living daylights out of the malicious URLs

	- Report: https://safebrowsing.google.com/safebrowsing/report_phish/

	- Report: https://safebrowsing.google.com/safebrowsing/report_badware/

	- If have IE / Edge, report there: https://support.microsoft.com/en-us/help/930167/how-to-report-a-phishing-web-site

	- Notify host regarding malicious website / DMCA / copyright violation / trademark violation

	- Notify registrar regarding malicious website / DMCA / copyright violation / trademark violation

	- Notify SSL Cert Issuer of misuse of cert / malicious / phishing website

	Seriously. Not enough people are doing this and I'd love to just take them all down. I want to overwhelm these hosts and registrars and SSL cert providers who have been ignoring our 3 emails / day. Hosting thieves is not acceptable behavior. Not reacting quickly is unacceptable.

	To find their host, whois their info and find the abuse contact
	https://whois.icann.org/en https://www.whois.com/whois/myetherwallet.com.ua https://whois.domaintools.com https://mxtoolbox.com/Whois.aspx

	A list of current active domains:

	> xn--mytherwallet-fvb[.]com reg: abuse@godaddy.com +1.4806242505 host: DIGITALOCEAN.COM

	> myetherwalliet[.]com reg: abuse@reg.ru host: ns1.rivalhost.com

	> myetherwallet[.]com[.]am host: abuse@reg.ru

	> myetherwallet[.]com[.]ua host: abuse@reg.ru http://drs.ua contact-id cuuqe771

	> myėtherwallet[.]com

	> myethervvallet[.]com host: carter.ns.cloudflare.com https://www.cloudflare.com/abuse/form Registrar URL: http://www.namecheap.com

	> district-0x[.]io Registrar URL: http://www.gandi.net host: LANA.NS.CLOUDFLARE.COM

	> ether-wall[.]com abuse@reg.ru

	> myetherwallaet[.]com registrar-servers.com Registrar URL: http://www.namecheap.com Abuse email: abuse@namecheap.com Abuse Phone: +1.6613102107

	> my-etherwallet[.]in cloudflare https://www.cloudflare.com/abuse/form

	---


	### 4. Add to the growing lists! PR & Review other's PRs!

	I have converted various lists from various parties into a single master happy place.

	The lists are here: https://github.com/MyEtherWallet/ethereum-lists.

	They include darklists and lightlists of `addresses`, `URLs`, `ENS names`, `MEW's default token lists`, `Email Addresses`, and our `Contract ABI lists`(which will be deprecated but is nice to have anyways).

	If you see a malicious link or message or a fake ICO address, or anything else nefarious....

	- Go to https://github.com/MyEtherWallet/ethereum-lists

	- Read & follow the instructions on how to create a PR (pull request)

	- Submit it.

	If you see a Fake ICO address, make sure its on `addresses-darklist` or add it.

	If you receive another phishing link via Slack, make sure its on `url-darklist` or add it.


	---


	### 5. Make, share, warn a de-facto guide on how to avoid phishing / badware, targeted for phishers a la https://www.google.com/safebrowsing/static/faq.html#q1

	- Shamelessly steal from the pros:

	- https://www.google.com/safebrowsing/static/faq.html#q1

	- https://www.fdic.gov/consumers/consumer/news/cnwin16/phishing.html

	- https://www.stopbadware.org/badware

	- https://www.wired.com/2017/03/phishing-scams-fool-even-tech-nerds-heres-avoid/

	- http://www.phishing.org/10-ways-to-avoid-phishing-scams

	- http://www.which.co.uk/consumer-rights/advice/how-to-spot-a-scam

	- Other References:

	- https://myetherwallet.groovehq.com/knowledge_base/topics/hacks-thefts-and-stolen-funds-due-to-phishing-links-between-7-slash-5-slash-2017-slackbot-scambot-phishing-slash-reddit-dm-slash

	- https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn (Anti-Phishing CX)

	- http://imgur.com/a/cznsy (Screenshots that can be used for examples)

	- https://www.reddit.com/r/ethereum/comments/6o04b2/protips_how_not_to_get_scammed_during_a_token_sale



	---


	### 6. Only if you are careful and you really really really game:

	- Spam with fake private keys: https://gist.github.com/kvhnuke/f2e69fd552827a35e8b1a885e5587c1c

	- Help add to growing list of stuff and link things: https://docs.google.com/spreadsheets/d/1ErQGI2elbzVAapLBYzDePV7jqpiDnsJoSlmAlQ9_zno/edit?usp=sharing

	- Help others find whois info, track domains, track emails.

	- Help us build things, faster. https://github.com/MyEtherWallet/ https://github.com/409H/EtherAddressLookup

	- [Join our Slack to discuss and coordinate](https://myetherwallet.herokuapp.com/)

	---

	Thank you for everything. We literally wouldn't be in this shit situation without you supporting us. 😒 Kidding—it's all part of this crazy wild adventure called the future. We'll figure it out, but it's better together. 🤗

	#\#phuckphishers