P2P Ether (ETH) exchange announced today it is ramping up its security by partnering with the team at PhishFort to help tackle phishing attacks. This will allow localethereum to more effectively detect and take down websites impersonating localethereum.
As the localethereum platform has grown to handle millions of dollars in volume each week, the frequency and sophistication of hacking and scamming attempts have grown with it. Fraudsters have started to employ new phishing attacks that are difficult to keep up with.
PhishFort protects blockchain projects by monitoring various sources across the internet, including social media, app stores, and the web for phishing attacks. Discovered attacks are blacklisted across a number of platforms and then taken down in record times.
Becoming a victim of phishing as a localethereum user is especially unfortunate. The cryptographic nature of the platform means that entering your localethereum password on a fraudulent website is equivalent to divulging a wallet private key; users can’t simply swap their wallet’s private key out for a new one. If an account is hijacked, sadly users need to say goodbye and create a new one.
Localethereum is joining other big-name dApps such as IDEX by working closely with PhishFort’s team of experts to protect its decentralized application from attackers.
The team said to be wary of suspicious e-mails. It will only ever use a “@localethereum.com” sender address, and will never e-mail users to say an account is being “suspended” or “under review.” Further, always check the URL when logging in. The company only uses the “localethereum.com” domain name. Also, check for the EV certificate (“LocalEthereum Pty Ltd [AU]”) that should be present when loading the website.
Protecting Yourself
Below are some things you can do as an end-user to help protect yourself:
Phishfort | Protect — An open source Chrome plugin used to help identify safe and unsafe sites.
EtherAddressLookup — An open source security plugin for protecting users from unsafe websites, Twitter accounts, and cryptocurrency addresses.
MetaMask — The MetaMask plugin contains a blacklist that protects users from known phishing websites.
MEW — The MyEtherWallet plugin also contains a blacklist of malicious websites.
EtherscamDB — An open source collection of scams targeting Ethereum users.
PhishFort Telegram Tip-Off — A telegram bot that can be used to report phishing incidents directly to PhishFort to be investigated and taken down.
Use a password manager such as LastPass or 1Password to generate strong, unique passwords.