Phishing scams are possibly the most common scam observed in the NFT community, and perhaps across the wider crypto community as a whole. They involve fake malicious sites that compromise victims’ cryptoassets through either one of two main ways:
- Through a fake pop-up – posing as the login panel of a reputable custodial wallet provider – that steals victims’ wallet information once they are entered.
- Through encouraging victims to inadvertently sign malicious transactions so that scammers, posing as a legitimate NFT project, can steal their NFTs. This makes use of the ‘SetApprovalForAll() function in the ERC721 and ERC1155 standards, which allow – per wallet owners’ approval – for others to manage their assets.
NFT owners should:
- Avoid clicking unverified links.
- Use only reputable and trusted platforms for trading.
- Carefully review transactions before approval to prevent unauthorized transfers.
https://nftnow.com/guides/nftldr-phishing-scams-explained-in-under-400-words/