ALERT! Elaborate EOS Airdrop SCAM!

in #cryptocurrency7 years ago

Happy New Year Steemians!

Hate for this to be my first post of the year, but I just found what could be one of the more elaborate scams I've seen in crypto. It involves a fake CoinTelegraph article/website and a fake MyEtherWallet site. Haven't seen much discussion on it, so please like and comment below so we can spread the word on this! DO NOT visit any links shown in this post, or input any information if you do.

It started when I received an article about an EOS Airdrop from what looked like CoinTelegraph. It showed up just like any other article (for some reason I can't seem to find the source now. I'm curious to know how they would've gotten my contact info):

SM1.PNG

Upon closer inspection, you can notice a "." underneath the "t" that stays with the link if you copy/paste it to the clipboard. Had you not noticed that, clicking the link brings you to the following article:

SM2.jpg

which, at first glance, almost looks like the real CoinTelegraph:

SM3.jpg

The bottom of the article has a link that takes you to fake EOS website:

SM4.PNG

SM5.jpg

SM6.jpg

Plugging in numbers for ETH shows the amount of EOS they claim they would airdrop. ETH wallet address links you to a fake MyEtherWallet:

SM7.jpg

I didn't explore past this point, and I don't use MEW so I'm not sure how the credential system works, but I'm assuming it would attempt to collect any credentials that could compromise the wallet.

Additionally, the fake CoinTelegraph site has a comment section that allows for one to input facebook, twitter, disqus, and gmail. Some of the links on the fake site redirect to the real CoinTelegraph as well.

It's blatantly suspicious if you take the time to notice a few details, but someone not paying attention, in a rush, or new to crypto might be especially vulnerable here.

I am not aware of any malware that can be downloaded from visiting, but if anyone has further input on this please let me know. It would also be greatly appreciated if anyone can explain:

  1. How this scam could successfully steal from your MyEtherWallet account
  2. Whether or not there are any other risks associated with this (keyloggers, malware, etc.)

If this is your first time hearing about this, please resteem! It may just help someone else!

Stay safe out there, and lets have a great 2018!

Sort:  

Good eye. I'm going get some people to look at this as well

Upvoted! please inform when you get some information.

Thank you @oraclefrequency! Definitely interested to know if you find anything

Seems like an attempt at spear phishing. Which essentially is a form of regular phishing (creating a fake scammer ran site mimicking an official one to steal information) but, is targeted to a specific person or group of people. You might want to spend some time to think about where your address could have been compromised.

If you could post the email address that would be of great help also! Either way good find and thanks for posting, you just might have saved someone A LOT of cryptocurrency.

Yep, I agree. Familiar with spear phishing as well. And hope this helped others too!

Thing is, I got this through Telegram not email. It came up as a notification on my phone. Source looks like it's been deleted but I'll keep looking.

I would assume if this was just spamming Telegram users there would be more information about it online. So far, I've only seen a couple of --short--Reddit posts about it.

I'll keep checking though. If I find anything, I'll post an update!

It amazes me to see how innovative these scammers can be. Hope people don't fall pray to this. Problem is it's very hard to notice what you noticed

Agreed; honestly I might've missed this myself but started digging deeper after talking with @extrospect and @grapthar. So many layers to this and I assume many people could fall victim to it. Hopefully we can spread this knowledge and prevent that!

It can steal from your ether wallet only and only if they get a malware inside your computer/any device you're using to get the private keys of your wallet. If they get your private key, you're done.

So many scams trying to get ya every day. gotta stay wary. good lookin!

Yeah no joke. This one surprised me because most of the scams I've seen are fairly blatant, but this has multiple layers and some links went to legit websites. It's only gonna get worse in 2018 with all the new investors coming in that can be easily exploited.

Please spread this around so people don't fall for it!

Here's the question on my mind. This phishing theft seems so rampant. Is there any law enforcement trying to hunt these guys down?

Crypto is still pretty much the Wild West. I'm sure if people reported it there would be a glance, but unless it's something major I doubt anything serious would come out of it.

Plus even if LE did get involved, it would still be almost impossible to recover any stolen coins :/

Almost. Thank god I checked and saw your post. I later noticed on a twitter post that the cointelegraph article site is like xn--coinelegraph-wk5f.com

Thank you @cokiemon!

Glad you saw it this too and that it helped. Hope it does the same for others too!

Warning taken and much appreciated.

No problem! Haven't seen much talk about this so hopefully it helps someone!

To send money out of a paper wallet on MyEtherWallet you have to enter your private code. MEW has had a lot of problems with phishing lately. Thanks for the tip, I probably would have never thought to look for a tiny dot below the letters.

I actually didn't notice it until the second look. Pretty subtle. Thanks for reading though and hope it helped!

Wow! Thanks for the eye opener

Sure thing! If I notice anything else about this I'll post an update