Beware of Phishing Emails like this

[pakhitheboss]

A few days back I received an email from Latoken exchange about Stellar airdrop. At first I was confused as I did not hear anything lately in the news or from Latoken about an airdrop for Stellar.

I knew it was fake and I wanted to find out more details.

So, I opened the email and the content explained me the reason for this airdrop and guided me to a link. The link was to a Google doc.

Content of the Mail -



I wanted to check the content of the Google doc hence, I opened it and found this information.



It was asking me to visit a spam website and download a file to get 2500 XLM airdropped into my wallet.



Stay away from such emails as they are send from scammers. Always check the sender details whenever you get such email. These emails will always be send from gmail, yahoo, hotmail or other mail service and will never have the actual domain name. In this case, it was sent to me from Yahoo.



Edit - Image size reduced.

[Charles-Tim]

It will be good if someone stay away from all these emails, but thanks, you looked into it and found out more about how they scam people. But, some links directly on the emails can contain malware, this will be the reason why I will advice people to stay away from such email phishing attacks. They should always neglect such emails and never open it at all.

[DdmrDdmr]

It seems to have been around for some days now. The url for the download was reported on Virustotal 9 days ago, and currently is flagged as malware by 3 entities, and malicious by another one:

https://www.virustotal.com/gui/url/2cdc7e86a6934509561602491e375cd697eba72c492fe230dfd211ac3b45b87a/detection

No wish to find our what the file StellarTerm-win32-x64.rar has in store for whomever goes ahead and opens it, but by now it should be common sense not to open any files of the kind.

[Taskford]

This is an old trick and I think this attempt has been reported here for so many times, I don't know if this tactics will work but better for people to not be curious on such things especially if they know they didn't participate in any promotions who offer such huge rewards since its to good to be true if someone pops out and telling you that they will give money for signing up or without doing anything.

[witcher_sense]

It seems, scammers are using different accounts to promote the same phishing website.
I already reported it in scam accusation board, but emails were from HitBTC not Latoken.
You can check that report here: [WARNING][SCAM]Fake Stellar airdrop from fake HitBTC accounts
Also, it is not a good idea to disclose both yours and other's email addresses, this information can be used against you, especially if these addresses are linked to exchanges or wallets. I recommend you to delete the last screenshot.

[Botnake]

Did you use your email somewhere? I mean if you have an account in LA token, and you use that email, there's no way the scammers would know that unless the exchange itself are leaking that information to them, or their site was compromise by the hackers.

[Charles-Tim]

I mean if you have an account in LA token, and you use that email, there's no way the scammers would know that unless the exchange itself are leaking that information to them, or their site was compromise by the hackers.

I do not believe that, who are Latoken customer care? Humans or robots? Humans. Are the kyc on exchanges encrypted? I do not think so. If governments want the personal details of a user that is suspected, exchanges can give them the personal information needed. Also on exchanges that require only email, there are possibilities of phishing. Only what can make you safe from email phishing attack, is to not use email or any kyc to setup wallets and exchanges, ones you use even email to setup an account, be it wallet or exchange, there are possibilities of phishing attackes.

People working in kyc required exchnage and wallet companies can leak the data because some people among them will have access to it. Also, there could be possibilities of data beaches. Did you think all data breaches could be known to the public? I do not think so. Most data breaches that are commonly known are ransomware encrypted data breaches.

[tranthidung]

Phishing site:

Code:

official-stellar.com

In addition, download the fake app is one of step to complete the airdrop tasks.

People are already victims can do double check with:
https://coinmarketcap.com/currencies/stellar/
https://www.coingecko.com/en/coins/stellar

Official sites:
https://www.stellar.org/
https://www.reddit.com/r/Stellar/
https://twitter.com/StellarOrg

I admired those scammers in the way they keep two sites originally: https://www.reddit.com/r/Stellar/
https://twitter.com/StellarOrg. They only put the link of phishing site of the official website in order to trap people with fake app.

[btc_angela]

It seems to have been around for some days now. The url for the download was reported on Virustotal 9 days ago, and currently is flagged as malware by 3 entities, and malicious by another one:

https://www.virustotal.com/gui/url/2cdc7e86a6934509561602491e375cd697eba72c492fe230dfd211ac3b45b87a/detection

No wish to find our what the file StellarTerm-win32-x64.rar has in store for whomever goes ahead and opens it, but by now it should be common sense not to open any files of the kind.

And it seems that this is malicious indeed as it has been flagged by AnyRun as well since December 2019.

https://any.run/report/f195cdbb264633853e6bddea928043af514ebeb9354c610070cdf2ef46f3cd8a/06d8e351-a0f9-48c6-a208-329c24ae1972

[pakhitheboss]

Also, it is not a good idea to disclose both yours and other's email addresses, this information can be used against you, especially if these addresses are linked to exchanges or wallets. I recommend you to delete the last screenshot.

Hey! @witcher_sense thanks a lot for the heads up. I have gone ahead and removed the last screenshot and updated it with a new one where all the email addresses have been blurred.

[Assface16678]

Thanks for this information because right now there are a lot of newbies would like to make an investment into the different platform and usually one of the communication tools they usually visited is the Telegram and I think this is commonly happening to them also it's better if we are trying to avoid giving some emails to the different websites because most of the time they are spamming this on our emails and this is too much annoying instead you are having a clean inbox it's consist of different spam emails.

Thank you for sharing.

[The Cryptovator]

Just be more careful, scammers even can send emails from the same email of the domain name. They would make spoofing mail and send it to you, so it would look like an original mail. Before submitting anything via email forms its mandatory to verify from the original website. Because this isn't something personal, if they offer something like this then they must have information on the website.

On the other hand, we should use our common sense. Greedy behavior is one of the most preventional objects to avoid such as scam attempts. Convince your mind that nothing is free in the world.

[tranthidung]

I forgot to wrote about your images in OP. They are too large so would you mind resizing those images or use width/ height options in img blocks.

To resize images, it is good if you have app in hands. It is my personal method, when I resize image manually: by copy and paste original image to .doc file, then zoom it out a little bit, make a screenshot, crop it and create a smaller image. I don't have to use any image-resize site.

[Cointikka]

In my opinion in the initial stage when you open the email, if you check the senders email address you will get to know whether it is genuine or not. These kind of airdrops falls under Giveaway scam and it is always advised to stay away from any kind of giveaways related to cryptocurrency as most turn out to be scams.

Another way to verify whether the airdrop is genuine or not is to send a DM either to the sender on Twitter in this case Latoken exchange or to Stellar. They would generally reply to your query in couple of hours.

[pakhitheboss]

I forgot to wrote about your images in OP. They are too large so would you mind resizing those images or use width/ height options in img blocks.

To resize images, it is good if you have app in hands. It is my personal method, when I resize image manually: by copy and paste original image to .doc file, then zoom it out a little bit, make a screenshot, crop it and create a smaller image. I don't have to use any image-resize site.

Hey! @tranthidung using Google doc is a good idea to resize the image. I did try to resize it but it would not work for me. Thanks for letting me know about this technique. I will surely try it.

I wanted the contents to be easy to read therefore I intentionally kept the images big but I never expected them to be so big. I will surely try it.

[seoincorporation]

Phishing Email has been one of the favorite attack of hackers, and it's that way because it's really easy to attack tons of users at the same time. And that kind of attack are about probability... i mean the 0.01% will hit the bait, so, if the attacker sends a mail to 10000 users at least 1 will get scammed, so, what happens if the attack goes to 1M users.  So, be careful with mail and never open a link from there.

[hatakeyudu]

Phishing Email has been one of the favorite attack of hackers, and it's that way because it's really easy to attack tons of users at the same time. And that kind of attack are about probability... i mean the 0.01% will hit the bait, so, if the attacker sends a mail to 10000 users at least 1 will get scammed, so, what happens if the attack goes to 1M users.  So, be careful with mail and never open a link from there.

Phishing emails lead to phishing sites, fake applications and scam requirements on private keys, mnemonic seeds to get supports or scam giveaway (send first and get more fund back).

I have a question on phishing sites. What will happen if I visit a phishing site and log in my account on phishing site. I know they steal my password, account details but if I have 2FA for my account, will they be able to steal my fund? I think they can not because they won't be able to steal my 2FA that is on my phone.

[erikoy]

Scammers are really working hard to get money. In this manner the term fast and easy money may not apply to them already because they too work hard before they can earn. Scamming now is more likely a job to which one should exert effort before one can earn. And these days? So hard to get a client to get scam because more people now are wary about cryptocurrency and others too believe that cryptocurrency is scam due to the number of scam activity where cryptocurrency was drag especially bitcoin.

[jossiel]

I think there was the same stellar airdrop scam that was posted before but thanks for the heads up. You probably have signed up to a website or form which is the source why that email sender was able to reach you out through their email.

And good reaction from OP. As long as you are aware that you have never signed up for any airdrop or you are feeling it with your guts that the email is sort of a scam and spam, don't click links attached to it.

[jademaxsuy]

I got a lot of emails like this but I ignore it all. Most are offering so good to be true and I do not want to try it out because it is just a bait for the scammers to get through with the process of scamming. This one clearly is all about phishing and it may be a regret soon when one is too greedy to try it.

If I only have time I will take an effort to open the email and then log in wrong wallet address and wallet details so that scammer will have his time too to open the wrong wallet details you provide in their phishing tool.