lobat999 (OP)
|
Just recently, I have received an email purportedly coming from the Brave browser team with the subject "Update your Brave browser. Get 1,500 BAT tokens" after which I became suspicious since 1.5k BAT bounty to be given individually sounds too good to be true and I see many red flags on the email (as illustrated below) and suspicious links which I find very obvious to be forms of scam tactics! Please disregard this email and don't visit those sites listed on the form or give any personal information whatsoever. This is obviously a scam bounty program and the link to the download page is a phishing site - identical to the official Brave website! Also, we may run the risk of downloading a trojan or any other malware that could be embedded if we proceed to download that installer without hesitation. Follow up email with same phishing link Comparisons Brave Browser Official Main Page Phishing site main page Legit download message box Fake download message box Legit downloaded file Fake downloaded file Note: Notice the distinctive differences on attributes on both pages, download message boxes and the downloaded files enclosed with red markers.Phishing Site: https://bounty-brave.info/ Note: Some information on the email were omitted for privacy purposes.
|
|
|
|
|
LbtalkL
|
|
October 22, 2019, 02:35:27 PM |
|
Thanks for posting it here, This is obviously a fake/phishing website but some newbies might be fool by them. BAT using yahoo email is very suspicious in the first place. The only legit BAT airdrop is from brave browser and coinbase.
|
|
|
|
lobat999 (OP)
|
|
October 22, 2019, 02:36:56 PM |
|
Done. Thank you for the info. Thanks for posting it here, This is obviously a fake/phishing website but some newbies might be fool by them. BAT using yahoo email is very suspicious in the first place. The only legit BAT airdrop is from brave browser and coinbase.
Yeah. Its very obvious and the fact that users needs to download a Brave browser installer again doesn't feel right when they can do it via updates, assuming the bounty was legitimate.
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2450
Merit: 10991
There are lies, damned lies and statistics. MTwain
|
|
October 22, 2019, 03:13:51 PM |
|
The brave site is pretty well cloned, although it is relatively simple, and most of the menu items just points to the original site’s content .. except for the download file itself which is different. Virustotal displays the file as Malware (Avira does that so far): https://www.virustotal.com/gui/url/12322e193dda741bf0e7d6e5944b2d736c7f5fee9a625f5e3a2efa81823c4c2e/detectionRemember that the site itself does not necessarily encounter an entry using Virustotal (the close site does not: https://www.virustotal.com/gui/url/56a6e6a37b2c3fec6201ca9bd2839e50ab6c1f6b6bd1545e836a71b9a1530f99/detection), but rather the url that points to the download file. That is the one that needs to be examined with extra care. In addition, ScamAdviser raises a bunch of warning signs that need to be looked at: https://www.scamadviser.com/check-website/bounty-brave.info. The general problem is that, if you are not suspicious from the beginning, one normally does not go into the trouble of doing the above, thus potentially falling for the trap. Which goes to show that you are the first firewall against this from happening.
|
|
|
|
lobat999 (OP)
|
|
October 22, 2019, 09:49:18 PM Last edit: October 23, 2019, 04:23:44 AM by lobat999 |
|
Yeah, they cloned the site almost exactly as the original and official Brave site except for the "Google form" button beside the download button but if we hover our mouse to the download button, then we could easily distinguish the fake one which doesn't use the brave.com domain. I'm pretty sure there will be more detection once AV companies get to analyze the file thoroughly - I suspect its loaded with a trojan considering the fake installer file size is 9.2 MB whereas the genuine Brave installer is only at 1.2 MB! The general problem is that, if you are not suspicious from the beginning, one normally does not go into the trouble of doing the above, thus potentially falling for the trap. Which goes to show that you are the first firewall against this from happening.
Absolutely! This is the first step of defense we all should practice! If we can just all become more vigilant and investigate a little on this type of fraudulent activities, then we can inform and sound an alarm immediately to the community so that in our own little way we could help in stopping this malwares to propagate further more.
|
|
|
|
Buttlebit
Newbie
Offline
Activity: 11
Merit: 0
|
|
October 23, 2019, 07:27:42 AM |
|
I'm so happy i didn't fall for this, as the clone was well planned and executed, i will share this information with others so they don't fall for it as well. Thank you very much for this information it is very helpful.
|
|
|
|
bassbity
|
|
October 23, 2019, 08:36:05 AM |
|
I also receive emails like that even though I've never joined other BAT campaigns, but I often receive phishing emails. Is there another way to stop this email, it is very annoying for me and this is afraid of being used by someone else.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3374
Merit: 6062
Crypto Swap Exchange🈺
|
|
October 23, 2019, 02:21:49 PM |
|
I also receive emails like that even though I've never joined other BAT campaigns, but I often receive phishing emails. Is there another way to stop this email, it is very annoying for me and this is afraid of being used by someone else.
You receive such e-mails for the reason that your e-mail address posted publicly somewhere, and is probably part of some spam e-mail base that resales in the black market. The simplest solution is to create a new email, and if that is not an option to simply ignore such messages. Way to stop this e-mail is to report it as spam in settings of your e-mail provider, so after a certain number of reports, such e-mail will directly go in the spam folder. For those who use Brave it is a known fact that users get only 5 BAT tokens at the start, and I think some $5 worth of tokens for the month of surfing. The very fact that someone is giving 1500 BATs is already enough warning that this is a fraud.
|
|
|
|
lobat999 (OP)
|
|
October 23, 2019, 03:11:17 PM Merited by Quickseller (1) |
|
I also receive emails like that even though I've never joined other BAT campaigns, but I often receive phishing emails. Is there another way to stop this email, it is very annoying for me and this is afraid of being used by someone else.
Since you often received phishing emails, I would assume your email address had fallen into the wrong hands which is very unfortunate but this scenario are very common nowadays considering that there are black markets where these kinds of data are being bought or sold for illicit purposes. Now, its technically possible to block certain email addresses from sending us unsolicited emails but this is just a tentative solution since these perpetrators could easily circumvent this method just by using a new email address for sending spam phishing emails. Another one is to filter your emails and redirect it to a certain folder if your email platform provides that feature. If you would like to received less spam and other malicious emails, I suggest you try to use disposable emails instead of your personal email and this could be used for one time purposes such as registrations to less important sites, etc., which could be later discarded at a predefined time. Finally, I believe all of these techniques doesn't guarantee a hassle free email experience, so that I think the best way to stop these kinds of email is to be more vigilant and suspicious and create a mass awareness or inform the community at once if we encounter it so that other people may know and could possibly avoid being victimized! I guess time will come that these kinds of emails will be easily distinguished and avoided that I think it will discourage its perpetrators from doing the same technique again if it becomes ineffective and could stop its operations thus could significantly reduce the amount of spam and malicious emails we received regularly! "Awareness is key to prevention!"
|
|
|
|
lobat999 (OP)
|
|
October 29, 2019, 12:04:46 PM |
|
Just updated the OP with an image of the scammers follow up email with the same phishing link that was sent to another email address of mine. It seems these bad actors are getting more brazen and more persistent with their phishing activities.
|
|
|
|
cvasy
Sr. Member
Offline
Activity: 520
Merit: 250
KUWA.ai
|
|
November 03, 2019, 09:38:21 AM |
|
Thank you for providing information that is handy for us, I also have received an incoming message from someone who did send airdrop brave link, but there are some of my friends who are trapped because they are tempted by the gifts given so that they follow all what is ordered by the fraudster including fill out the form and click on the download link, what do they need to do now to get rid of the phishing trap? Whether the download link will also work on Android because as far as I know the link is only for PCs, but my friend tried to download it via a mobile device but in the end the link did not work, did the phishing trap also affect the Android device?
|
|
|
|
sheenshane
Legendary
Offline
Activity: 2478
Merit: 1231
|
|
November 03, 2019, 10:06:56 AM |
|
Thank you for the awareness and the heads up as well, I also received email from them and now I'm curious where did they get my email address. I almost clicking the link they are given when I opened my Gmail account. Good thing I remember this thread of yours. I almost fall into this trap because it was sent through my mail inbox, not in a spam message. But luckily I'm a Chrome user.
|
|
|
|
Strongkored
Legendary
Offline
Activity: 2912
Merit: 1112
Fully Regulated Crypto Casino
|
|
November 03, 2019, 12:12:44 PM |
|
I got it yesterday, as it went to the inbox instead of to spam, I thought this was true, much less when I saw the sender using a old coin name Siacoin, I thought they were collaborating on a new project after re-cheking the domain they mentioned is different with real brave browser domain, so I immediately deleted that email. Looks like they're sending gradually so there's still email about this bounty being sent over to look for another victim.
|
|
|
|
desticy
Sr. Member
Offline
Activity: 1512
Merit: 292
www.cd3d.app
|
|
November 03, 2019, 12:18:19 PM |
|
Thanks for the warning. It seems that with the revival of the crypto market, its ancient inhabitants of scammers and scammers also came to life. In my opinion this is a good sign.
For me, this is the first sign that the Bat market and project in particular have good potential for the very near future. So soon we will see interesting movements in the market. Be vigilant Now there are more and more cases of phishing attacks, follow the recommendations given by verified forum users.
|
|
|
|
panganib999
|
|
November 03, 2019, 04:23:37 PM |
|
Just recently, I have received an email purportedly coming from the Brave browser team with the subject "Update your Brave browser. Get 1,500 BAT tokens" after which I became suspicious since 1.5k BAT bounty to be given individually sounds too good to be true and I see many red flags on the email (as illustrated below) and suspicious links which I find very obvious to be forms of scam tactics!
Please disregard this email and don't visit those sites listed on the form or give any personal information whatsoever. This is obviously a scam bounty program and the link to the download page is a phishing site - identical to the official Brave website! Also, we may run the risk of downloading a trojan or any other malware that could be embedded if we proceed to download that installer without hesitation.
There are modus and schemes floating around the forum that there are fake websites made for phishing and I've read some of those. they seemed legitimate and would really gibe you a hard time to identify whether its fake or not, but this one here, is obviouslyba click bait and would really give you doubts about opening it. Just looking at the user interface and the offer, those are the epitome of scams and click baits so. everyone, of you see one, best believe me all you have to do is to ignore it and don't give a shit about it. Never click links once you saw early signs of scams.
|
|
|
|
lobat999 (OP)
|
|
November 04, 2019, 05:22:10 AM |
|
Thank you for the awareness and the heads up as well, I also received email from them and now I'm curious where did they get my email address. I almost clicking the link they are given when I opened my Gmail account. Good thing I remember this thread of yours. I almost fall into this trap because it was sent through my mail inbox, not in a spam message. But luckily I'm a Chrome user. You're welcome! Being a part of this community, I guess its our duty to inform others on these pitfalls so that we may never become victims of it! Now I understand that the email sent to you was sent by a different email address and I suppose these scammers are very aggressive on their phishing campaign and will do different tricks to become successful that I feel it is rather important to keep the community regularly informed about this until these threats have subsided, hopefully in the near future. So I guess we should continue on keeping everybody aware about this as much as possible.
|
|
|
|
masulum
Legendary
Offline
Activity: 2324
Merit: 1603
hmph..
|
Another email I received today with same strategy using another name airdrop portal, ask to fill spreadsheet very same with @OP stories. Here is the proof from email I received.
|
HOLD...
|
|
|
lobat999 (OP)
|
|
November 07, 2019, 06:35:57 AM |
|
~snip~
Thanks for this information. I will post the above phishing link for update and you can also visit this relevant thread Host-file to deal with phishing sites if you have not done so and you can update your hostfile accordingly for added security.
|
|
|
|
JeotQ
Member
Offline
Activity: 406
Merit: 14
|
|
November 07, 2019, 05:03:39 PM |
|
A round of applause for detecting this out, wow i am impressed, God knows how many people would have fell for this trick, this is why its not always good to reply mails or try to claim coins through mails
|
|
|
|
|