Non-fungible tokens (NFTs) have exploded in popularity over the past couple of years. As interest in these digital assets grows, so too do the scams seeking to exploit unwitting NFT buyers and sellers. One such scam is the fake “Your NFT Has Been Purchased” email that pretends to come from the popular NFT marketplace Rarible.
This convincing phishing scam message claims someone has bought your NFT and that you need to provide personal information to receive the sale proceeds. If you fall for it, the scammers can steal your cryptocurrency and NFTs. Here’s what you need to know about spotting and avoiding this sneaky scam.
Overview of the Fake NFT Purchase Email Scam
The fake NFT purchase email pretends to be an official notification from Rarible informing you that someone has bought one of your NFTs listed on the platform.
The message will include Rarible branding and claim you need to verify your wallet address and seed phrase to receive the sale amount. Of course, this is completely false.
Origins of the Scam
This phishing scam originally started circulating in early 2022, not long after NFTs started gaining mainstream attention. As more people entered the NFT space, scammers took advantage of all the hype and confusion to target newbies.
The scam emails specifically mention Rarible because it’s one of the most popular NFT marketplaces. However, variations of the scam may include other platforms like OpenSea or LooksRare.
Here is how the email looks:
Congratulations to you
Your NFT has been purchased by a user.
To see more details and receive the sale amount,your wallet address must be verified first.
Send the said information here for review and confirmation:
1) Ethereum wallet address
2)12 words belonging to the wallet
The 12 words are the same words you were given when you made the wallet.
After confirmation, the amount of the sale will be deposited into your account.
If you do not send the mentioned items, your sale will be canceled soon.
Note that your information is protected by Rarible.
Intended Victims
The fake purchase notification tries to target the following victims:
- NFT sellers – Those who mint and list NFTs for sale on platforms like Rarible may fall for the message about one of their works selling.
- New NFT owners – People who are new to buying NFTs may believe the sale notification, especially if they just made a purchase.
- Inactive NFT holders – Even those who aren’t actively trading NFTs could be fooled if they once bought or created NFTs.
The scam preys on people’s excitement about selling an NFT or naivety about proper NFT sale procedures.
Warning Signs of the Scam
While the phishing message is designed to look legitimate, there are red flags that can help you identify it as a scam:
- Sent from a random Gmail address, not @rarible.com email
- Poor grammar, spelling, wording, or design
- Requests seed phrase and/or wallet login
- Threatens account suspension if info not provided
- Generic greeting like “Dear user” instead of your name
- Links to phishing sites instead of Rarible.com
Potential Losses from the Scam
If you fall for the fake NFT sale email, you could experience the following losses:
- Lost NFTs – Scammers can steal NFTs from your wallet if you give them your seed phrase. This allows them to list and sell your NFTs on their own.
- Drained cryptocurrency – The provided wallet and seed phrase also grants access to any crypto coins held in the wallet. The scammers can quickly drain your funds.
- Compromised accounts – With your wallet login info, scammers can access connected accounts you may have on Rarible, OpenSea, LooksRare, and other NFT sites.
- Future phishing – Your email address may be added to phishing lists since you already fell for one scam before. This means you could receive more scam emails in the future.
In most cases, losses from this scam are irreversible since cryptocurrencies and NFTs operate without consumer protections. That makes avoiding the scam extremely important.
How the Fake NFT Purchase Email Scam Works
Now that you know what this scam is, let’s break down exactly how it works to trick unsuspecting NFT traders.
Step 1: Scammers Obtain Email Addresses
The first thing scammers need to run this phishing scam is a list of target email addresses. They likely obtain these through various methods:
- Data breaches – Email addresses from hacked NFT sites or wallets get sold on the dark web.
- Public info – NFT owners’ emails may be visible on their public social media profiles.
- Phishing lists – Past scam victims get added to lists then used for future phishing attacks.
- Social engineering – Scammers may pretend to be an authority or reporter requesting email contacts.
So even if you have good email security, your address could still get onto scammers’ lists through breaches or public info.
Step 2: Scammers Craft Deceptive Emails
Using the email list, scammers will craft personalized messages to each address. The email will:
- Use the Rarible logo and style formatting to appear official
- Address you directly by name to build trust
- Include professional-looking graphics and design
- Claim someone purchased your specific NFT for a high price
- State verification is needed to receive the sale proceeds
- Provide plausible urgency to act quickly or risk losing the sale
The emails can look convincingly real, especially to new NFT traders.
Step 3: Victims Are Instructed to Provide Info
If you respond to the fake sale notification, the scammers will instruct you to provide:
- Your cryptocurrency wallet address where you want funds sent
- Seed phrase for the wallet (usually 12 random words)
- Possible 2FA codes or other verifications from your wallet account
The scammers may claim this info is needed to verify the sale and ensure you receive the money. But in reality, it grants them full access to your cryptocurrency funds and NFTs.
Step 4: Scammers Steal Funds and NFTs
With your wallet address and seed phrase, the scammers can now easily:
- Access and drain your wallet of any cryptocurrency assets
- Transfer out or list for sale any NFTs in your wallet
- Leverage your email and wallet login to access associated accounts you have on Rarible, OpenSea, or other NFT platforms
Once they steal everything they can from your compromised wallet and accounts, the scammers block any further communication with you. They disappear with your money and NFTs.
What to Do If You Fall Victim to the Fake NFT Purchase Email Scam
If you unfortunately provided your wallet details or phrase to the phishing scam, you will need to take action right away to try preventing losses. Here are important steps to take if you fell victim and gave up your info:
Step 1: Transfer Funds to New Wallet
If you still have access to your phished cryptocurrency wallet, quickly transfer any remaining coins to a brand new wallet address that the scammers don’t have access to yet.
This will protect those leftover funds before the scammers can drain the compromised wallet completely. Make sure the new wallet is totally disconnected from the phished one.
Step 2: Reset Passwords on Accounts
Assume the scammers have access to any online accounts associated with the compromised wallet.
Go to your accounts on platforms like Rarible, OpenSea, Coinbase, and others to reset the password and enable 2FA if available. This blocks the scammers out.
Step 3: Report Stolen NFTs
Contact the NFT platforms like Rarible to report stolen NFTs that were transferred from your wallet to the scammers’ address.
Provide relevant transaction details to potentially freeze or recover your NFTs if possible. The platforms may blacklist the scammers’ wallet address too.
Step 4: Contact Wallet Provider
If you used a hosted wallet service like MetaMask, alert their fraud department with details about the phishing attack.
They may be able to roll back transactions or take other protective steps depending on the severity of the incident.
Step 5: Notify Cryptocurrency Exchanges
If any of your coins were stored on a centralized exchange instead of just the phished wallet, call their support line immediately.
Exchanges can potentially freeze, reverse, or track transfers if acted upon quickly. This could save some cryptocurrency assets.
Step 6: Report to Authorities
File reports regarding the phishing scam, stolen funds, and fraudulent transactions with:
- FTC – Federal Trade Commission
- FBI Internet Crime Complaint Center
- Local police department
Provide copies of the scam email, transaction IDs, and any other evidence you have. This creates an official record that could aid recovery efforts.
Step 7: Monitor Accounts Closely
Carefully monitor your crypto wallet transactions, NFT accounts, credit reports, and bank accounts for any signs of further misuse of your details.
Enable enhanced security like multi-factor authentication wherever possible to prevent additional attacks.
Step 8: Avoid Communicating with Scammers
Never respond if the scammers reach out to you asking for more information or payments. Any engagement simply confirms you’re willing to cooperate with them.
Cut off all contact completely. Don’t make any ransom payments either, as this won’t recover your stolen assets.
Frequently Asked Questions
What is the fake NFT purchase email scam?
This is a phishing scam where targets receive an email pretending to be from Rarible claiming someone purchased their NFT. It requests wallet and seed phrase info to steal funds.
How do I recognize the fake email?
Clues it’s a scam include a non-Rarible email address, spelling/grammar errors, requests for seed phrase, threats to act quickly, and unfamiliar sender name.
What if I provided my seed phrase to the scam email?
If you gave your seed phrase, immediately transfer any remaining funds to a brand new wallet. Then reset passwords for connected accounts and contact authorities.
Can I recover my stolen NFTs?
Contact Rarible and other platforms to report stolen NFTs. They may be able to freeze or recover them if acted upon quickly before being sold.
What should I do if my crypto wallet is drained?
If coins were stored on an exchange instead of just the compromised wallet, contact support immediately to potentially freeze transfers. You can also report to authorities.
How can I avoid this scam in the future?
Never provide your seed phrase or wallet login details via email. Use unique passwords and 2FA on accounts. Verify sender addresses and be cautious of urgent pleas for personal info.
Are there other versions of this NFT phishing scam?
Yes, variations may claim to be from OpenSea, LooksRare, or other platforms. They use the same deceptive tactics. Always verify sender address and never provide your keys.
Can I prevent my email from being targeted?
Unfortunately email addresses get onto phishing lists through breaches, public profiles, and other methods. But being cautious about where you share your email can help.
Who do I report this scam to?
Report to the FTC, FBI IC3, and your local police department. Provide any details about the scam email, transactions, and losses to create an official record.
What happens if I ignore the scam email?
Simply ignoring the email is the best response. Never reply or engage with the scammers at all. Just permanently delete the scam message.
The Bottom Line
The fake NFT purchase email scam can be incredibly convincing and cost victims substantial amounts of cryptocurrency and NFTs. But being aware of this scam’s deceptive tactics can help you avoid becoming another victim.
Here are key tips to protect yourself:
- Verify the sender’s email address is from the official site, not random domains.
- Never provide your seed phrase or wallet login credentials.
- Enable 2FA on all accounts and use strong unique passwords.
- If scammed, act quickly to transfer funds, reset access, and contact authorities.
- Be wary of phishing tricks insisting you act urgently or risk losing money.
As the NFT space continues evolving, new scams and hacking threats will emerge alongside all the innovation. But following security best practices is key to safely navigating this new frontier of digital ownership and trading.
Stay vigilant about where you access your accounts, research seller/buyer identities, and think twice before entering any sensitive information. With caution and common sense, NFTs can be an exciting new opportunity for artists, collectors, and investors alike.
