Shoutout to Jorge from Aragon, Jack from GameCredits, Auryn from First Blood and Chris the disillusioned lawyer for sharing their proactive measures. Credit to CFPro for creating the anti-spam SlackBot.
Over the past months, scammers have gotten more sophisticated. Take the proper steps to protect your website, Slack, Reddit and Twitter communication channels against phishers.
- Have one source of truth that you point to (likely your website) and mention this in all of your material.
- Keep an eye out for people trying to impersonate members of the team on Slack, twitter, facebook, or any other social networks. They will try to direct message unsuspecting participants into giving them money or joining a pump group or VIP group.
- Respond rapidly to reports of phishing by warning the community and banning/blocking the offending account(s).
- Set a constant reminder for your Slackbot that there is no “VIP group” and the team will never ask for bitcoin/ether or set up pump groups (see below for GameCrecdits example): https://get.slack.help/hc/en-us/articles/208423427-Set-a-reminder
- In Slack settings, ensure that email addresses are not displayed.
- Purchase similar sounding domains and create similar twitter handles if possible. Keep an eye out for any fakes.
- Identify the sale start time (or block number) and provide the smart contract code well prior to the sale.
- Provide the address to send tx to at least 12 hours prior to the sale. This prevents website ddos and also minimizes any scam addresses being posted elsewhere.
During the tokensale, the Slack will be a major target as phishers will attempt to trick participants to send money to their own address. Before it starts you should:
- Send out an email a day before the ICO clarifying the details of the tokensale and to be aware of phishing attempts.
- Aim to have someone from the team online 24/7 during the token sale.
- Archive all channels except for one for announcements where only admins can post. Designate admins as support staff for questions and announce that no admin will ever initiate a conversation.
- Provide your cellphone number to trusted members of the Slack to contact you if scammers appear.
- Go to Team settings in the permissions tab and allow only admins to @channel or @here, pin posts, create custom loading messages, enable Slackbot responses and add apps/custom integrations.
- Set up the Aragon bot to catch any fake bitcoin/ethereum addresses (see below).
Aragon has open sourced a bot that scans for token addresses: https://github.com/aragon/slack-bot
Source from CFPro: https://github.com/CFPro/slack-bot
