Bitcoin Forum

A few days back I received an email from Latoken exchange about Stellar airdrop. At first I was confused as I did not hear anything lately in the news or from Latoken about an airdrop for Stellar.

I knew it was fake and I wanted to find out more details.

So, I opened the email and the content explained me the reason for this airdrop and guided me to a link. The link was to a Google doc.

Content of the Mail -

https://i.imgur.com/7Wh3Oial.jpg

I wanted to check the content of the Google doc hence, I opened it and found this information.

https://i.imgur.com/UZVLtWwl.jpg

It was asking me to visit a spam website and download a file to get 2500 XLM airdropped into my wallet.

https://i.imgur.com/47SCPbHl.jpg

Stay away from such emails as they are send from scammers. Always check the sender details whenever you get such email. These emails will always be send from gmail, yahoo, hotmail or other mail service and will never have the actual domain name. In this case, it was sent to me from Yahoo.

https://i.imgur.com/LMJ9EJil.jpg

Edit - Image size reduced.

It will be good if someone stay away from all these emails, but thanks, you looked into it and found out more about how they scam people. But, some links directly on the emails can contain malware, this will be the reason why I will advice people to stay away from such email phishing attacks. They should always neglect such emails and never open it at all.

It seems to have been around for some days now. The url for the download was reported on Virustotal 9 days ago, and currently is flagged as malware by 3 entities, and malicious by another one:

https://www.virustotal.com/gui/url/2cdc7e86a6934509561602491e375cd697eba72c492fe230dfd211ac3b45b87a/detection

No wish to find our what the file StellarTerm-win32-x64.rar has in store for whomever goes ahead and opens it, but by now it should be common sense not to open any files of the kind.

This is an old trick and I think this attempt has been reported here for so many times, I don't know if this tactics will work but better for people to not be curious on such things especially if they know they didn't participate in any promotions who offer such huge rewards since its to good to be true if someone pops out and telling you that they will give money for signing up or without doing anything.

It seems, scammers are using different accounts to promote the same phishing website.
I already reported it in scam accusation board, but emails were from HitBTC not Latoken.
You can check that report here: [WARNING][SCAM]Fake Stellar airdrop from fake HitBTC accounts  (https://bitcointalk.org/index.php?topic=5271422.0)
Also, it is not a good idea to disclose both yours and other's email addresses, this information can be used against you, especially if these addresses are linked to exchanges or wallets. I recommend you to delete the last screenshot.

Did you use your email somewhere? I mean if you have an account in LA token, and you use that email, there's no way the scammers would know that unless the exchange itself are leaking that information to them, or their site was compromise by the hackers.

I do not believe that, who are Latoken customer care? Humans or robots? Humans. Are the kyc on exchanges encrypted? I do not think so. If governments want the personal details of a user that is suspected, exchanges can give them the personal information needed. Also on exchanges that require only email, there are possibilities of phishing. Only what can make you safe from email phishing attack, is to not use email or any kyc to setup wallets and exchanges, ones you use even email to setup an account, be it wallet or exchange, there are possibilities of phishing attackes.

People working in kyc required exchnage and wallet companies can leak the data because some people among them will have access to it. Also, there could be possibilities of data beaches. Did you think all data breaches could be known to the public? I do not think so. Most data breaches that are commonly known are ransomware encrypted data breaches.

Phishing site:

In addition, download the fake app is one of step to complete the airdrop tasks.

People are already victims can do double check with:
https://coinmarketcap.com/currencies/stellar/
https://www.coingecko.com/en/coins/stellar

Official sites:
https://www.stellar.org/
https://www.reddit.com/r/Stellar/
https://twitter.com/StellarOrg

---

I admired those scammers in the way they keep two sites originally: https://www.reddit.com/r/Stellar/
https://twitter.com/StellarOrg. They only put the link of phishing site of the official website in order to trap people with fake app.

And it seems that this is malicious indeed as it has been flagged by AnyRun as well since December 2019.

https://any.run/report/f195cdbb264633853e6bddea928043af514ebeb9354c610070cdf2ef46f3cd8a/06d8e351-a0f9-48c6-a208-329c24ae1972

Hey! @witcher_sense thanks a lot for the heads up. I have gone ahead and removed the last screenshot and updated it with a new one where all the email addresses have been blurred.

Thanks for this information because right now there are a lot of newbies would like to make an investment into the different platform and usually one of the communication tools they usually visited is the Telegram and I think this is commonly happening to them also it's better if we are trying to avoid giving some emails to the different websites because most of the time they are spamming this on our emails and this is too much annoying instead you are having a clean inbox it's consist of different spam emails.

Thank you for sharing.

Just be more careful, scammers even can send emails from the same email of the domain name. They would make spoofing mail (https://en.m.wikipedia.org/wiki/Email_spoofing) and send it to you, so it would look like an original mail. Before submitting anything via email forms its mandatory to verify from the original website. Because this isn't something personal, if they offer something like this then they must have information on the website.

On the other hand, we should use our common sense. Greedy behavior is one of the most preventional objects to avoid such as scam attempts. Convince your mind that nothing is free in the world.

I forgot to wrote about your images in OP. They are too large so would you mind resizing those images or use width/ height options in img blocks.

To resize images, it is good if you have app in hands. It is my personal method, when I resize image manually: by copy and paste original image to .doc file, then zoom it out a little bit, make a screenshot, crop it and create a smaller image. I don't have to use any image-resize site.

In my opinion in the initial stage when you open the email, if you check the senders email address you will get to know whether it is genuine or not. These kind of airdrops falls under Giveaway scam and it is always advised to stay away from any kind of giveaways related to cryptocurrency as most turn out to be scams.

Another way to verify whether the airdrop is genuine or not is to send a DM either to the sender on Twitter in this case Latoken exchange or to Stellar. They would generally reply to your query in couple of hours.

Hey! @tranthidung using Google doc is a good idea to resize the image. I did try to resize it but it would not work for me. Thanks for letting me know about this technique. I will surely try it.

I wanted the contents to be easy to read therefore I intentionally kept the images big but I never expected them to be so big. I will surely try it.

Phishing Email has been one of the favorite attack of hackers, and it's that way because it's really easy to attack tons of users at the same time. And that kind of attack are about probability... i mean the 0.01% will hit the bait, so, if the attacker sends a mail to 10000 users at least 1 will get scammed, so, what happens if the attack goes to 1M users.  So, be careful with mail and never open a link from there.

Phishing emails lead to phishing sites, fake applications and scam requirements on private keys, mnemonic seeds to get supports or scam giveaway (send first and get more fund back).

I have a question on phishing sites. What will happen if I visit a phishing site and log in my account on phishing site. I know they steal my password, account details but if I have 2FA for my account, will they be able to steal my fund? I think they can not because they won't be able to steal my 2FA that is on my phone.

Scammers are really working hard to get money. In this manner the term fast and easy money may not apply to them already because they too work hard before they can earn. Scamming now is more likely a job to which one should exert effort before one can earn. And these days? So hard to get a client to get scam because more people now are wary about cryptocurrency and others too believe that cryptocurrency is scam due to the number of scam activity where cryptocurrency was drag especially bitcoin.

I think there was the same stellar airdrop scam that was posted before but thanks for the heads up. You probably have signed up to a website or form which is the source why that email sender was able to reach you out through their email.

And good reaction from OP. As long as you are aware that you have never signed up for any airdrop or you are feeling it with your guts that the email is sort of a scam and spam, don't click links attached to it.

I got a lot of emails like this but I ignore it all. Most are offering so good to be true and I do not want to try it out because it is just a bait for the scammers to get through with the process of scamming. This one clearly is all about phishing and it may be a regret soon when one is too greedy to try it.

If I only have time I will take an effort to open the email and then log in wrong wallet address and wallet details so that scammer will have his time too to open the wrong wallet details you provide in their phishing tool.

It's a pretty obvious phishing attempt. Hackers prey on the greed of the individual and they tend to be enticed by things like this. The best prevention is to not click on any links sent via email. If you need to click on it, check the contents and it's link after clicking it.

This is a really poor example. You can see the email addresses of others and this shouldn't be happening. BCC is often used for mass mailing to avoid violating GDPR laws.

Sometimes i dont open messages coming from unknown sources cause im sure its a kind of phishing. Everyone who recieves this kinds of emails should be aware of thier account might be compromised.

From the email address , it can be ascertained that what was conveyed was not official from Latoken. but not everyone thoroughly checks what is received in the message box. from this , we can learn to pay more attention to the messages that come in our email and hopefully we will avoid any cyber crime.

Why are you talking about government? I know they can provide an information to the government if they are regulated but we are talking about how the scammers were able to obtained the email of the user, and there's no way the exchange will give that to the scammer if they are operating in good faith.

It's Phishing is what the scammers are trying to do(stated clearly in the OP), but my question is, how did they get that email address?


You are going too far with your explanation my friend.

My questions is ; ?????


You can just say yes.

If you are using your email as an airdrop hunting, I guess this is very common. But I don't usually check emails on my email address especially if come from the spam inbox. The best thing is ignore all messages in your inbox that used in airdrop hunting.

It's prone to be compromised email addresses for airdrop hunting, that's why always separate your email account from your personal email address.

This is an old trick and very common hack, thanks to OP by sharing this. I also joined LA TOKEN airdrop but I didn't mind who sent me a message. Just use dummy accounts for your airdrop hunting and you will be fine.

Perfect or simply abstaining from buying into any of those numerous promotions online to promote some shitcoin. Participating in some random airdrop that requires some sensitive information are not recommended. It's understandable when people buy into this idea of hunting airdrop to get some free tokens but you're better off investing into your desire project with your fiats instead of depending on this free coins.

Gone are the days when doing this (hunting for airdrop) were profitable. These days you're not different from a faucet player as both set of individual are probably wasting their time which, if it was invested in some other things like developing a new skills etc it would be more beneficiary to the individual in question.

We need to be more careful when filling any google forms to claim any free tokens or giveaways. The scammers can ask for our private keys in such forums and sometimes we don't realize what is being asked and we provide all the information to them.  :(

Scamming requires innovation, scammers are getting clever as wells as innovative every day and we need to be very cautious when we browse the internet.

For example the Twitter scam, who thought it was possible to hack clebritiy account on Twitter? They not only hacked those accounts but were also able to run a successful scam without any glitch or hiccups.

I recieve emails like that before but i did not open those emails as far as i know i never subscribe to any exchanges emails. So everytime i get messages coming from exchanges emails i ignore it.

There are too lot of emails in my inbox regarding with cryprocurrency and most of the time or I think all of the I ignore it. This is the best way to avoid getting scam and phisheout. Luckily all funds I have was withdrawn already and there is no way that scammera will be able to benefit now with my digital wallets.

In this time of pandemic, scammers has not made any recess in their scamming activity. Most of the time that when they get dependent in scamming and their family was being feed by scam then mind you the karma of that. Expensive disease will going to acquired in one of the members of their family.

You don't deal with scammers and nothing happens to your assets even if you still have assets in your digital wallet, except for installing virus applications that scammers offer

The economic phase of the scammers is getting worse because they have no income other than being scammed for the needs of their family's stomach.
There is not the slightest bit of happiness from the results of the scammer and they are just waiting for the sad end of life

It is a good reaction if you don't open nor click those emails that you have received. Being aware that you have never subscribed to any of them means that there's a website that you have signed and they were able to pass it to another company or exchange or individuals.

There were individuals that collects email of users from exchanges and sells it to the exchanges directly but if not, they are spoofing their emails to hack or scam their receivers through phishing links attached to those scam emails.

A way possible that they are making money from their participant by selling their email addy to hackers. Definitely a strange thing to happen that they know our email address if there's no one to give them.

But anyway, if you are aware of how this phishing site looks like, we can make avoid it. The problem now is how those noobs response to this especially when it talks about money, and I was afraid if they will become a victim to this because it is a very usual thing that these people are the scammer's main target.

Again, this kind of phishing is very convincing. If we are not careful enough, we will be trapped so easily. Moreover, let's see the way they provide proof, the sites, and also social media. they are really professional phishers and scammers. Once we do not research carefully, we will fall down to that trap of phishing. Glad to know about this thread and many more people should be aware of this.

So far, many phishing always offers the news from email. I personally always don't believe in that kind of offers via email. Better to check and crosscheck to their official telegram group or social media. Especially going to their official sites.
If we do not register into their official sites or platform, and we got such kind of offering, better to ignore because it may be phishing.

I received it and many similar so called stellar giveaways, one time I completely fall for it until it asked for a private key.

These emails are so convincing that you will fall for it once. Contents in these emails are of the highest standard, they will always use convincing words within the contents to make them appear original. The only way to check whether it is genuine or not is by doing the checks which I have mentioned in this thread.

One thing when you receive this kind of e-mails is try to talk to them, if they are trying to persuade you into doing their bidding then the chances that it is a scam is high. If you want to waste the time of this phishing emails, try the scam baiting bot Re:scam, they are currently down though because they are updating the AI, the bot is pretty good.

They sell it to anybody that does need the compilation of email addresses that they have collected. Most of buyers are from those projects that are about to launch. Remember what are those websites you have signed up before you receive those ICO emails or any marketing material that was sent to you.

Some phishing links on those emails look legit but be vigilant and always be in doubt if you think out of nowhere you've received that email.

Well! that is the best way to prevent such scams but incase if you open any email then you can follow the process shown in this small guide to protect yourself.

I have seen many mails that are actually an exact replica of mails being sent by big exchanges. Therefore always check the senders email address first before following any instruction.