OmiseGO Phishing Email Promotes Alleged Reward Campaign for Milestone Achievement
Phishing email promotes a Fake OmiseGO blog site, which links to a MyEtherWallet phishing site designed to steal tokens
Over the last few days, a new phishing email began circulating promoting an alleged reward campaign from OmiseGO ($OMG), an “open payment platform and decentralized exchange” that aims to “unbank the banked.”
“Major Milestone Achievement”
The phishing email talks up a milestone achievement for the project in which their payments channel network has reached 10,000 transactions per second (tx/sec) and in order to celebrate such an achievement, they’re launching a rewards campaign.
What’s pretty peculiar is the origin of the email: it comes from an address at “mailbox49832-omisego.network,” and to the untrained eye it would appear to be a valid email from the real OmiseGO project. However, it isn’t. It’s actually one of the tricks used in phishing scams. For instance, “http://www-bitfinex[.]com/” is a recent Bitfinex phishing domain, where the domain name is www-bitfinex not bitfinex. The www prefix that precedes it should be a dot and not a hyphen, but is a method used to trick end users.
Fake OmiseGO Blog
If users click on the “Continue reading” link in the email, they are directed to a website that uses punycode to simulate an omisego brand in the domain name (omisegọ).
The website itself isn’t really owned by OmiseGO, but it’s designed to look like a Medium.com blog. For the record, OmiseGO does use Medium for their blog, but it is hosted at blog.omisego.network.
The blog post on the homepage carries the narrative of the payment channel transactions per second milestone and continues to promote the community rewards campaign.
Fake OmiseGO Website
Links on the fake OmiseGO blog link users to the root domain (omisegọ[.]com).
As you might expect, the root domain looks like the real OmiseGO website, modified to push their theme of a fake rewards campaign.
The website asks users to generate a “unique 24-digit binding AuthCode” tied to their OMG wallet address. This is just part of the ruse, designed to convince the user that this isn’t merely a scam trying to steal their tokens.
Fake MyEtherWallet Website Using Punycode
When users follow the instructions on the fake OmiseGO website, the “Sign Contract” button leads to another website that uses punycode (myethėrwalleṫ[.]com) to appear as the real MyEtherWallet website.
Unsurprisingly, if users follow the instructions on this fake MyEtherWallet website, they will be unsuspectingly giving scammers access to their wallets and will lose their tokens.
Use Your Spidey Sense
The term ‘spidey-sense’ refers to the ability for the fictional superhero, Spider-Man to sense danger before his other senses can. In the same token, it’s important that cryptocurrency enthusiasts hone their own ‘spidey-sense’ when it comes to cryptocurrency scams. We’ve written about similar scams before. So, if it sounds too good to be true, it most likely is.
In addition to your spidey-sense, remember to never give out your private key, bookmark your most visited cryptocurrency sites and use extensions like Cryptonite and MetaMask.
The MetaCert Protocol is a trust and reputation threat intelligence system for verifying web resources. It addresses a number of attack vectors, encompassing solutions for anti-phishing, child safety, brand protection, crypto-address verification, and news credibility. Find out more about the MetaCert Protocol, ask questions, and leave suggestions on both our White Paper and Technical Paper. You can also join our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite to protect yourself from phishing scams before it’s too late.
