Anatomy Of An Ethereum Phishing Scam On Facebook
One of the things that scares me about wide-spread blockchain adoption are phishing scams that prey on those that don’t understand how blockchain technology works.
I recently experienced a phishing scam on Facebook where someone tried to get me to reveal my private key.
Here’s how the scam unfolded, and some of the tell-tale signs that should make you raise red flags if you come across something similar.
Step 1 — Notification on Facebook that someone shared a photo of me.
Who wouldn’t pay attention when you’re notified that your photo has been shared?
Step 2 — Get someone to click on a link.
The phishing scam notified me that I was awarded 10 Ether. Plenty of broken English raised red flags.
But I was still curious and wanted to investigate.
Step 3 - Claim Your Prize.
Wow, someone wants to give me 10 ETH ($1,619.90 in dollars as of November 21, 2019) out of the graciousness of their own heart…
Obviously there’s a catch. Let’s dig a bit deeper.
Step 4 — Enter Your Private Key
BAM! Phishing scam confirmed. Reveal your private key and your money is as good as gone…
Other telltale sales included weird domains (“airdrops-holders-eth.xyz”), and NO other links on any of the pages worked.
Offending Domains
For anybody interested, the domains that were part of this phishing scam included the following:
https://receipt-invoice-ethereum.rewards-erc20-tokens.com
https://airdrops-holders-eth.xyz/myetherwallet.html?/access-my-wallet
Conclusion
People new to blockchain systems should be inculcated with the mantra “NEVER REVEAL YOUR PRIVATE KEY”.
Things like this worry me about widespread blockchain adoption.
