UPDATED | October 24, 2017:
It appears that the website is not currently accessible via the email link, but the spoof version of the MyEtherWallet site is still up.
ORIGINAL | October 24, 2017:
On October 24, 2017, ETHNews received an email from a scammer attempting to impersonate MyEtherWallet (MEW). At the time of press, it appears the fraudulent site may have been taken down.
Users are warned not to follow links from sender “MyEtherWaIIet” (note: capital i’s instead of l’s) with a return address of firstname.lastname@example.org (note: the L at the end of the .com). The email provides the following message, falsely claiming that the recent Ethereum hard fork had an impact on MEW and directing wallet holders to “synchronize their wallets for continuous undisturbed services,” something that they do not actually need to do:
Close inspection of the counterfeit link reveals that one of the characters used to spell the web address is a Roman 'ț' (T-comma) and, while the site is set up as a mirror of the MEW official web presence, it's IP address is based out of the Netherlands.
Often the targets of scammers, many users’ MEW accounts have been entered into sites that are impersonating the official website of the widely-embraced Ethereum wallet. When they are, the false entity masquerading as MEW usurps the contents of the wallets, after users enter their valuable private keys. MEW does not store any of its user’s private keys, meaning that the phishers must get targets to manually enter keys and passphrases.
ETHNews reached out and spoke to Taylor at MEW. She said, "We're doing what we can to stop the phishers and shut them down as quickly as they pop up, but they will only stop when they stop making money from these attacks. Protect yourself by installing MetaMask or EAL Chrome Extensions, not clicking links from emails or messages, and/or [invest] in a hardware wallet. Tell your friends and warn others to do the same."
Taylor went on to say, “You don't need to do anything for the hard fork. If it sounds too good to be true, it's a scam. If you get a scary DM but no one else is talking about the scary DM, it's a scam. Don't trust the scary Slack DMs. Don't listen to links or messages sent to you unprovoked. Get yourself a hardware wallet.”
MEW advocates the use of hardware wallets as a safety measure, and users have a fair number of choices regarding that option. Furthermore, integrating extensions for chrome like MetaMask can also help protect against malicious URLs, and MEW has a public-facing repository of information that users can ply to help protect both themselves and their funds.
ETHNews reminds users to be vigilant and be certain that when visiting MEW's website, or that of any other cryptocurrency-related service or platform, it is best to manually type the address rather than rely on what may be a malicious link sent by a scammer.