Phishing is widespread in cryptocurrency field. The majority of traders have fallen victims. This doesn’t mean phishing has stopped but in fact, you might be the next victim.
On Sunday 27th May 2018, a declaration was issued by Block.one (a private company that is behind EOSIO architecture and EOS tokens) to all EOSIO subscribers alerting them of fraud. The scam involved an email sent to several investors of the EOS community. The email targeted members who had been in communication with Block.one. The email had a link to the phishing website that bluffed to be EOS token official index site.
The email came before the scheduled debut of mainnet. The trick looked so legit since some emails originated from the Zendesk support platform. At the time these emails got channeled out, Zendesk had briefly been violated.
The scam email had the text “upcoming June 1st update” in the subject line. “eoslaunch.io” was the authority website. Yet, eoslaunch.io is not in any way affiliated with Block.one. According to the scrutiny conducted by WHOIS lookup, the domain “eoslaunch.io” got listed on 26th May 2018 by GoDaddy. In other words, the phishing scam began on the same date.
In a statement Block.one consents to the fact that it discovered the scam after it had happened. Even though the firm got alerted after a Reddit user (designeey) submitted a post on EOS Subreddit on 27th May 2018. The post read “Please Help” Scammed by [email protected] email. The investor declared to have subjected to the fraud and lost 5, 158 EOS of tokens. During the publication of this post, approximately $61, 500 was looted.
Reddit posted the screenshot of “desineey,” and part of it reads:
“I need help. I’m a crypto geek and been in the field since 2012. I never imagined I can get scammed…………. I was debating on a community conception with ([email protected]) (mailto:[email protected]) when I got the feedback few hours after the first email….” “I’m hopeless at the moment and I can’t believe I felt for something like this” the screenshot ended.
Immediately Block.one learned about the attack, it emailed all the affected clients using its Zendesk system. The company, however, has in the meantime suspended Zendesk support system. The system will remain closed until investigations are complete.
A statement released by Block.one read:
“The firm is examining the technique by which the messenger of the phishing scam was able to access the real Block.one email address. The company believes the sender accessed certain Block.one system. The sender might also have accessed some emails sent to or from Block.one platform or its associates. Personal information transferred via email was also not comprised.” “We take private information with utmost seriousness it deserves. But, we advocate everyone to be vigilant for frauds, hacks, and phishing.” Block.one added.
How Phishing Occurs
Frauds identify a popular site that got many investors like My Ether Wallet. The platform is an ultimate choice for investors to buy Ethereum and ERC tokens. Scammers spot several parts of the website to create a duplicate of the original site. For instance:
-Email Signature
-Companies URL
-UI Design
-Social Accounts Names
From here on, scammers will record names that resemble the focus character. For instance, the legit URL for My Ether Wallet is https://www.myetherwallet.com. The scammer will buy URL for https://www.myethervallet.com. Notice the “v” in the second URL after “r”. Next, they will copy the UI from the MEW and link to their storage system to collect data.
After that, frauds then proceed to the known open platforms like Reddit and pick verifiable names that target individual. Once they accomplish this, they then send emails to many subscribers informing them of an upcoming event like it was on Block.one.
Without knowing, the user will click the scam link and enter personal credentials. Scammers then use automated tools to extract funds from victim’s accounts to their wallets. Once the transaction is complete, it can’t get reversed.
How to Avoid a Phishing Scam
Use your bookmark and established links to navigate to secure sites
Nowadays sites like Yahoo, Google, PayPal, and others will address you with your name if they communicate over email. A legit email will start “Dear Benjamin Brandon” or Dear Ali Hassan” before they can address the real issue. If you are suspicious of the links sent to you, use a method you are used to such as a saved website link.
Confirm through Assorted Reference
If you notice a bug in the software you use, it will get highlighted on the company blog and even on social media sites. Confirm any infringement or critical bugs through multiple sites.
Talk to the team through the official channel
Normally, several platforms communicate to subscribers about projects through their social media. Alternatively, some do specify how they will convey the information. If any contacts you out of the stated platforms,
For more articles about blockchain and cryptocurrency, keep checking my SteemIt!