How to spot scam mirror websites (an open checklist)

disBalancer
5 min readFeb 10, 2022

--

Fake mirror websites are widespread during token launches.

It is common for scammers to trick investors by designing a website by copying another one that has already existed. Following scam links, users lose money by investing in a scam project instead of the real one.

disBalancer Token Launch Protection service is now on the way to deliver to businesses that suffered scams. As well as we aim to protect promising projects against fraud, we care about individual users’ security who have spotted a project that seems to be dubious. Having scam websites list kindly delivered by disBalancer community members within the beta testing, we are pleased to introduce our first checklist on identifying scam token launches. We are calling you in to complete it along with the disBalancer team!

Typosquatting

It is common for scammers to register domains that are very similar to well-known web addresses, differing by a typo, misspellings, wrong domain extensions, alternative spellings, added hyphens, or incorrect domain ending.

See the difference between original and fake links below:

Be aware of a difference from the original project name as one of the common frauds.

No SSL certificate

SSL certificate is a digital certificate that provides authentication for a website and enables an encrypted connection.

Be sure to check whether its protocol is HTTPS, not HTTP while visiting any token sale websites. The difference between the two protocols is that HTTPS uses TLS (SSL), a more secured connection, to encrypt HTTP requests and responses. HTTPS is the single measure that can help mitigate threats and attacks.

Unfortunately, there is no 100% guarantee that an SSL certificate verifies website credibility. Nowadays, fraudsters can get SSL certificates even for a fake mirror website, but they often do not bother with it.

Invalid Team Page

Team Page could also be helpful when it comes to scam detection. When investing, you should know the team stays behind the project launching its token. So, there are a few ways to identify a fake:

  • A team does not exist, or there are no mentions.
  • There are mentions of people who do not work on the project. Sometimes scammers list influencers or crypto celebrities and even add links to their social media pages. They hope the user will not do his research. Just keep it in mind.
  • Sometimes there are mentions of random fake accounts. By following their links on Twitter or LinkedIn, you see they are probably blocked.
  • Once in a way, people who really work on the project you are interested in can be mentioned. So the best decision is to look through their official profiles closely and find the official project group there.

No Project Info Defined

The lack of information on a project can also be a red flag, defining scam activity. Instead of the project story and description, a scam website may contain public sale data entirely where you can connect your wallet to buy tokens right away. It may indicate that some wicked people did not manage to make the site interface as close to the real one as possible.

To avoid getting caught out by fraudsters, be sure you follow the link on the public sale website using the authentic website.

Fake Social Media Accounts

Be sure to check them out in the footer. There are a few scenarios that can have a place in here:

  • Social media links may not exist. Each project that cares about its brand awareness develops its social media channels and will definitely mention them on its website. If it is skipped, you are probably dealing with a scam.
  • Links on social media profiles are invalid or they have already been banned.
  • Links on social media profiles refer to enabling social media groups. But here is the question of whether they are real. It may be hard to verify by yourself, but try to find other pages related to the project using the social media search and compare their activities, official verification, number of followers, etc.

Endless Countdown Timer

to the end of a public sale. Usually, it indicates less than 24h or 1h when the offer with an attractive price ends to manipulate and rush you to buy and don’t miss the opportunity.

If you see a countdown timer, try to reload the page and check out the time again. You will see on scam websites that the countdown timer usually starts from the same time point.

Bad Website Design

Scammers have succeeded in copying website design as well too.

The good news is that to make a well-copied website design that would look like an authentic one is not that easy. For instance, scammers can place corporate design elements like logos or graphics into a web page that looks different, so there is a lack of design integrity. You can see how it looks on the pic below: a logo in a mid-century style doesn’t match the website design and looks like it is out of place.

Lack of corporate style integrity is one of the scam red flags.

Have you ever come across any type of token launch scam?

Leave your tips on detecting scam mirror websites in disBalancer Telegram group, so we add them to the checklist. Do not hesitate to share this article so that as many crypto enthusiasts as possible get to know about easy ways to scam protection.

👺 No impersonators will have a chance to fraud people.

--

--

disBalancer

A decentralized cybersecurity solution that performs stress testing to identify DDoS vulnerabilities and protect projects against fraudsters.