There are plain scams, but also "soft" or elaborate scams. One very easy thing to do is to gather some ''devs'', pay someone to do webdesign and to write a good WP, create some hype. One can set up multiple profiles in linkedIn and fake those profiles with random photos and copied info from real profiles. This would give a false impression of a professional network.

GitHub can also be defrauded, albeit it is more difficult because there is a timeline there. So time of activity in GitHub is a good indicator of real or fake expertise. No one would intentionally fake 5 years of expertise since ICOs are more recent. Only if they buy profiles, or if they are mediocre programmers but already with years of mediocre code shared in GitHub. Or if they hack it somehow.

Even more difficult to get is a scam that also cheats the devs allocated, it is never the intention of the "CEO" to develop anything, but he manages to get some guys with real curriculum promising them a good share of the ICO revenue. Being a programmer is not exactly a highly paid profession in average, so some people would be more than willing to lend their names in exchange for a good piece of the ico pie. This might be done even signing legal documents, etc, but the effect is only to protect those ad hoc hired devs. The community thinks singed contracts are evidence of good will and seriousness, even better for the scammers. One life-changer shot of getting some millions in a few months...

After this, it is not difficult to squander the money since there is no compromise on successfully developing shit, after all it is a startup.

Be aware of all these details and simply don't put any money should a red flag pops up.