Switching Gears: Binance Phishing Scammers Pivot to EOS Airdrop Phishing Scam
The same compromised web server used to host Binance phishing pages is being used to promote an EOS Airdrop phishing campaign.
Earlier today, a member of the MetaCert community alerted us to a new phishing email they received. This particular scam claims to offer an airdrop of EOS tokens.
EOS Airdrop Email
At first glance, the email looks vaguely familiar based on the footer text and the email originating from an account at alpha.com. And it should be familiar because these similarities were also seen in the phishing email sent to users claiming to be from Binance.
EOS Airdrop Landing Page
The similarities between the Binance phishing email and this EOS Airdrop phishing email don’t stop there. For instance, the link to eosairdrop.com? It doesn’t actually link to eosairdrop.com.
Instead, the EOS Airdrop link drives users to a phishing page hosted on the same compromised web server that hosted the Binance phishing page. This finding supports the narrative that the Binance scammers have switched gears to offering a fake EOS airdrop.
Note: The EOS Airdrop website has stolen the design used on eoscountdown.com.
So-Called Airdrop Offer
If users proceed to enter in an Ethereum address along with their email address, they’re directed to another page that displays a so-called Airdrop offer.
Despite promising in their email to offer 16 EOS for every 1 ETH held by the recipient, the website will display the same amount of EOS and Ether regardless of how much ETH is held because the scammers aren’t checking for a balance.
The phishing page also warns users who hold EOS on an exchange like Binance, Bitfinex or Bithumb that they will not be eligible for this airdrop. There’s an obvious reason for this note.
Phishing for Private Keys
As you might have guessed, the final page on this EOS Airdrop phishing website asks the recipients to provide their private key “to verify in our system all frauds.” The website also makes a claim that “This is safe. We DO NOT use store or collect your personal data (such as private key). […] No one will be able to access your wallet.”
Of course, they’re collecting your private key and they intend to access your wallet in order to steal any tokens held within it.
Avoid Airdrops Asking for Private Keys
Let’s face it, many cryptocurrency enthusiasts love airdrops. How can one say no to free tokens? Well you should when you’re asked to provide your private key. Even if the website offering the Airdrop itself doesn’t ask for your private key, scammers will set up fake websites that mimic MyEtherWallet or MyCrypto in an effort to convince users to sign or verify a message in an effort to steal their private key.
Keep Your Private Key Private
There’s a reason why it’s called a Private Key — it should be kept private. MyCrypto recently dropped support for Private Keys as well as keystore files and mnemonic phrases on the web version of their site. Instead of using a Private Key, users should consider making the switch to a hardware wallet. While MetaCert recommends using the CoolWallet, which has the MetaCert Protocol baked in through our recent partnership, we fully support and encourage the use of other hardware wallets like the Ledger and Trezor. If users are still on the fence about using a hardware wallet, they should consider using MetaMask.
The MetaCert Protocol is a trust and reputation threat intelligence system for verifying web resources. It addresses a number of attack vectors, encompassing solutions for anti-phishing, child safety, brand protection, crypto-address verification, and news credibility. Find out more about the MetaCert Protocol, ask questions, and leave suggestions on both our White Paper and Technical Paper. You can also join our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite to protect yourself from phishing scams before it’s too late.
