|
Title: hydroBETA KYC linking to phishing MEW lookalike Post by: biggNY on August 13, 2018, 03:35:27 PM Hi guys, just wanted to make sure, that as many useras as possible know about this. Few days ago hydroBETA airdrop was listed here on BCT. They promised 222.222 to everybody. So I signed up. They also offered 22.222 per referral and extra drop for holding ETH and HYDRO. Everything good so far, probably too good.
Then on Saturday I received email for KYC. Looking at the site linked I was immediately suspicious. For KYC they only wanted to know my name, email address and ETH address. All of which they had already. And after entering your MEW address (I just typed random letters) link pops up to link your MEW to their site! That link goes through bit.ly(they say link looks suspicious btw) to this site myetherwallet.com.ip10.icu/signmsg.html. The site has large MEW logo on top, but when you click it it does nothing. It tries too much to look like MEW site, but it is not. All of this just look way too suspicious and is not worth that trouble. Go ahead check it out for yourself. Title: Re: hydroBETA KYC linking to phishing MEW lookalike Post by: Avirunes on August 13, 2018, 04:36:36 PM [..] Recently there were cases reported like same. Also please make the site link un-clickable. I got into the JavaScript directory of the site : https:// [phising site: myetherwallet.com.ip10.icu] /js/ which hosts cfg.js which contains: Code: var home = "/log.php"; I searched for this and found out someone actually explaining about this : http://archive.is/aWQvq#selection-6683.0-6683.192 Title: Re: hydroBETA KYC linking to phishing MEW lookalike Post by: biggNY on August 13, 2018, 05:48:30 PM [..] Recently there were cases reported like same. Also please make the site link un-clickable. I got into the JavaScript directory of the site : https:// [phising site: myetherwallet.com.ip10.icu] /js/ which hosts cfg.js which contains: Code: var home = "/log.php"; I searched for this and found out someone actually explaining about this : http://archive.is/aWQvq#selection-6683.0-6683.192 I removed the https part, link is now not clickable, hope it is ok like this. Or is there specific way of doing that? Sorry wasn’t aware that it cannot be clickable So after checking that linked site it seems that my suspicion was right. The snippet of code you pasted is designed to harvest info, right? Hope this post prevents these *#!%?*! from getting access to lot of peoples wallets. Spread the info ppl 🙏 Title: Re: hydroBETA KYC linking to phishing MEW lookalike Post by: Alloiz on August 27, 2018, 08:31:11 AM Thanks!
Also such a message |