A domain resembling the official one with a different letter or dot or an expired SSL certificate.

Founders without a digital history or unreliable LinkedIn and GitHub pages.

Suspicious contracts with a contract address not present on Etherscan or few transactions.

Unjustified approvals with unlimited approve requests that withdraw all assets.

Verifying the project's legitimacy

Check the number of transactions and user interactions on Etherscan and look for audit reports from reputable entities. Also, check user opinions on Telegram, Twitter, and Reddit, and follow the developers' accounts on LinkedIn and Twitter. Read the whitepaper and roadmap and ensure there are clear technical details.

Common fraud methods

Rug Pull where founders withdraw liquidity and disappear.

Phishing Airdrop fake links requesting wallet connection.

Fake Approvals stealing all assets after granting permissions.

Pump & Dump inflating the price and then dumping suddenly.

Example of avoiding a process

A project requested a Swap with a fee of 0.0001 ETH, but the domain was unofficial and the contract was not present on Etherscan, so I did not participate.

Always use a separate wallet for airdrops, set an approve value, and use revoke tools after transactions. Monitor audit reports before participating. Set a gas ceiling to fail fraudulent transactions.