Phishing is pandemic in the cryptocurrency era and many novice traders have been victims.
Recently, a declaration was issued by Block.one firm to all EOSIO subscribers alerting them to fraud. The scam involved an email sent to several investors in the EOS community targeting members who had been in communication with Block.one. The email had a link to the phishing website that claimed to be EOS token official index site. Block.one is a private company that is behind EOSIO architecture and EOS tokens.
The email came before the scheduled debut of mainnet. The trick looked so legitimate since some emails were originated from the Zendesk support platform. At the time these emails got channeled out, Zendesk had briefly been violated.
The scam email had the text, “upcoming June 1st update” in the subject line. “Eoslaunch.io” was the authority website. Eoslaunch.Io is not in any way affiliated with Block.one.
According to the scrutiny conducted by WHOIS lookup, the domain “eoslaunch.io” was listed on 26th May 2018 by GoDaddy. In other words, the phishing scam began on the same date.
In a statement Block.one concedes to the fact that it discovered the scam after it had happened, the firm was alerted after a Reddit customer (designeey) submitted a post on EOS Subreddit on 27th May 2018.
The post read “Please Help” Scammed by email. The investor declared that they had been the subject of the fraud and lost 5,158 EOS tokens.
Reddit posted the screenshot of “desineey,” and part of it reads:
“I need help. I’m a crypto geek and been in the field since 2012. I never imagined I can get scammed…………. I was debating on a community conception with ([email protected]) (mailto:[email protected]) when I got the feedback few hours after the first email….” “I’m hopeless at the moment and I can’t believe I fell for something like this” the screenshot ended.
Immediately upon Block.one learning about the attack, it emailed all the affected clients using its Zendesk system. The company, however, has in the meantime suspended Zendesk support system. The system will remain closed until investigations are completed.
A statement released by Block.one read:
“The firm is examining the technique by which the messenger of the phishing scam was able to access the real Block.one email address. The company believes the sender accessed certain Block.one system. The sender might also have accessed some emails sent to or from Block.one platform or its associates. Personal information transferred via email was also not compromised. We take private information with utmost seriousness it deserves. But, we advocate everyone to be vigilant for frauds, hacks, and phishing.”
How phishing occurs
Frauds identify a popular site that attracts many investors like My Ether Wallet, a good choice for investors to buy Ethereum and ERC tokens. Scammers spot several parts of the website to create a duplicate of the original site. For instance:
- Email Signature
- Companies URL
- UI Design
- Social Accounts Names
From here on, scammers will record names that resemble the focus character. For example, the legit URL for My Ether Wallet is https://www.myetherwallet.com. The scammer will buy URL for https://www.myethervallet.com. Notice the “v” in the second URL after “r.” Next, they will copy the UI from the MEW and link to their storage system to collect data.
After that, hackers proceed to the known open platforms like Reddit and pick verifiable names that target individual. Once they accomplish this, they then send emails to many subscribers informing them of an upcoming event like it was on Block.one.
Without knowing, the user will click the scam link and enter personal credentials. Scammers then use automated tools to extract funds from victims’ accounts to their wallets. Once the transaction is complete, it can’t get reversed.
How to Avoid a Phishing Scam
Use your bookmark and established links to navigate to secure sites
Nowadays sites like Yahoo, Google, PayPal, and others will address you with your name if they communicate over email. A legit email will start “Dear Benjamin Brandon” or Dear Ali Hassan” before they can solve the real issue. If you are suspicious of the links sent to you, use a method you are supposed to such as a saved website link.
Confirm through Assorted Reference
If you notice a bug in the software you use, it will get highlighted on the company blog and even on social media sites. Confirm any infringement or critical bugs through multiple websites.
Talk to the team through the official channel
For more articles about blockchain and cryptocurrency.