ALERT: eosGAS Sites Redirect Users To MyEtherWallet Phishing Scam
Although the site for eosGAS provides little to no details about the platform, it asks for users to provide data for an airdrop.
Since gaining the attention of the cryptocurrency community, EOS has been the target of phishing campaigns attempting to ride on the project’s coattails following the official platform launch.
A pair of sites that seem to be trying to cash in on EOS’s notoriety are promising an airdrop in the form of eosGAS Tokens, and they feature some big red flags. The sites in question are hxxps://www.eosgas.co and hxxps://www.eosgas.io [these links I believe are malicious have been altered for safety so no one clicks on them].
The sites are engaging in KYC data collection without so much as a white paper, active Twitter account, or Medium blog. There is no mention of a team, no founder, and not much of an explanation of how the platform works outside of that it will utilize renewable and non-rewewable waste-to-energy plants (located?) to power digital currency mining.
If you try to click on the link for the white paper? Coming soon. Links to the Medium and Twitter come back with error messages; those pages don’t exist. Despite the broken external links to a nonexistent social media presence, the sites are offering an airdrop, of eosGAS Tokens, and beckon users to fill out a form and claim their share. By offering up their names, emails, Twitter handles, and ERC-20 wallet compatible addresses, users get an email letting them know they’ve supposedly claimed their share of tokens. They also get a referral link to drive others to the site.
One link that does work on both sites leads to a Telegram channel boasting over 36,000 members. The sheer volume of members in the Telegram group is likely a result of the hype campaign surrounding the promise of airdropped tokens and the referral program that incentivizes inviting others to join along. Within that group there are links that lead back to a KYC page that ultimately redirects to a MyEtherWallet (MEW) phishing scam.
Take a good look at the KYC page the telegram forwards to; once any data is entered into the field for a wallet address a message box appears asking users to follow some extra steps.
When you follow the link that appears in the message prompt it redirects to a malicious site impersonating MEW.
A little forensic investigation reveals less hits than one might expect on the Bit.ly link redirecting to the phishing MEW site in correlation with the growth of the eosGAS Telegram channel, however a MetaCert team member noticed that following an initial report of the MEW scam redirect on the eosGAS KYC site, that the malicious URL had been changed to a different malicious URL. If the malicious actors are switching out the bitly redirect link on a regular basis, it would explain why the statistics don’t match up.
All of the sites associated with this elaborate data gathering campaign have been classified as phishing by MetaCert, so users who have the Cryptonite add-on for Chrome, Firefox, and Opera browsers are safe from any threat they represent. Remember to protect yourself and download Cryptonite today to protect you from phishing sites, and provide you a visual cue when the black shield turns green for legitimate resources on the web.
The MetaCert Protocol is a trust and reputation threat intelligence system for verifying web resources. It addresses a number of attack vectors, encompassing solutions for anti-phishing, child safety, brand protection, crypto-address verification, and news credibility. Find out more about the MetaCert Protocol, ask questions, and leave suggestions on both our White Paper and Technical Paper. You can also join our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite to protect yourself from phishing scams before it’s too late.
