# Detects scams 2/2

[**Part 1**](https://docs.kerberus.com/kerberus/sentinel3/how-is-it-different/detects-scams-1-2) might have been eye-opening for you. Here's a specific scenario that we're positive will happen, where security solutions that only translate/simulate transactions will lead to huge losses for its users.

The function 'setApprovalForAll' assigns or revokes the full approval rights to a given operator.

:thumbsup: One of its legitimate uses is to assign it to a contract to stake an NFT.

:thumbsdown: One of its illegitimate uses is to assign it to a scammer's contract that drains an NFT.

## Here's how staking on a legitimate site looks like:

<figure><img src="https://530092188-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FODbp2MBRGy4clADmHLmw%2Fuploads%2FBVeIiLZ37ytwY8AFv9w2%2FCleanShot%202023-03-19%20at%2003.04.35.png?alt=media&#x26;token=51adae24-5279-48b8-b9f9-a86976650671" alt=""><figcaption></figcaption></figure>

## And here's how the same function looks like on a scam site:

<figure><img src="https://530092188-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FODbp2MBRGy4clADmHLmw%2Fuploads%2FBRNCZceZBFngEm5WGfrc%2FCleanShot%202023-03-19%20at%2003.05.57.png?alt=media&#x26;token=7193a193-ad7d-41ec-a83b-8bd66ec69d9a" alt=""><figcaption></figcaption></figure>

## There is no visual difference between them. Simulations/translations will also look identical.

The two scenarios above are different; one is on a legitimate site, and another is on a scam site that looks completely different. But what if the scam site looked **exactly** like the legitimate site?

Here's how that would go down:

> A very expensive NFT is about to release staking. All its owners are waiting anxiously to stake. To prepare its users, the project releases the site and a tutorial on how to stake. The site will become active in 24 hours.\
> \
> Suddenly, there is an announcement on Discord. It's out of the original plans and tells people to stake fast for maximum rewards. FOMO kicks in, and users rush to the site.\
> \
> **It looks identical to the legitimate one, it works exactly like the tutorial shows, but the URL is different**. The Discord has been breached, and scammers have shared a link that drains users' wallets, specifically NFTs from the project.\
> \
> Like the two MetaMask prompts in the previous examples, the wallet request seems legitimate. It asks to *'Allow access to and transfer of all your \<expensiveNFT>.'*\
> \
> Users without any Web3 security solution that don't realize the URL is malicious lose their expensive NFTs. What about users with a Web3 security solution that simulates/translates the transaction?\
> \
> **They will be presented with a simulation/transaction that tells them they are giving permission for their expensive NFT. Nothing will be suspicious about it because the simulation/transaction is correct. They will lose their expensive NFTs.**

## This is another reason why Web3 security solutions that only simulate/translate transactions will lead to huge losses in the space.

{% hint style="danger" %}
Unfortunately, [**sharing this information could lead to scammers applying it to steal NFTs**](https://docs.kerberus.com/kerberus/sentinel3/is-it-open-source). Nevertheless, we feel responsible for you who are educating yourself and reading this page. Whatever your decision on Web3 security solutions is moving forward, you now know a critical piece of information that can help you prevent losses of your valuable NFTs.
{% endhint %}