A phishing scam discussion.

[IjawMan]

A long post but carefully read please.

I was going through a thread today on Reddit that OP narrated his painful experience of a loss of big  money in millions to a phishing scam which began with him downloading a phishing wallet from a fake site.

Subsequently, users began to make their comments about cautious procedures to take for protection of phishing links and sites. But what made me export this story from there to the forum is for the clarification of a fairly disagreement/debate between two users about this phishing scam, which I find confusing about who is correct with their replies and who is not.

FIRST USER:  argued that such phishing scam drains it victim money from wallet automatically in a quick instant on connecting to the fake site.

SECOND USER: argued that connecting your wallet alone to a phishing site does not automatically drain it, ontil you the victim have to perform a signing in your of your information or wallet private key.

I do not know if I explained the story to a simple understanding. I'm bringing this in the forum that I may know which is correctly said, so I do not misinform someone else in making effort to supply them information with similar case in future.
Thank you all.

[Hazink]

Depends on how the site is built, there are scam Dapps which are design to extract the key to your wallet immediately you sign in that wallet connect permission, there are also those who which they need to send you something which you need to from your wallet permit it, so both of them are some how right just that one tries to use his explaination to debunk the other persons own.

[Stalker22]

I suppose they could both be right.  It really just depends on how the specific scam is set up.

[rbynxx]

I think the second user has the correct way of explaining it because I did encounter a site that was a phishing one but it could have not drained my wallet balance if I didn't do the signing of transaction. I guess it wouldn't be that automatic at all but I think some knowledgeable hackers has some way in it to let it drain automatically and I hope that wouldn't be the case on our sides. Let's be vigilant as always and don't simply be blind of downloading or anything especially if you're interacting on some sites that might cause harm on your wallet.

[Patikno]

The first opinion could be true in the case you described. You should be aware that a site can automatically, or directly steal information from its victims (including wallet theft), which is why some suspicious sites will be blocked by browsers, citing the insecurity of connecting to them. As far as I know, most sites that can directly steal information are those that don't have SSL certificates, or don't have encrypted connections, making it easier for scammers to carry out the theft directly.

The second opinion could also be true, because phishing sites can have SSL certificates, which means they use it to trick potential victims. These scammers hope they will enter sensitive information on their site, so the scammers have a record of that information in their database, including the private wallet key.

The important conclusion is this: we should always check the legitimacy of a site, ensure it is official and free of any malicious activity, and always check information from the relevant community about the site you are planning to visit.

Some time ago, coinmarketcap site was hacked, and displays malicious pop-ups regarding wallet connections to visitors. I think it was a deface attack, but the main point is, you need to verify the authenticity of anything, including the official website you are visiting, because it could be compromised due to an attack. So, that is what I mean by the importance of checking with the relevant community, because usually the relevant community will talk about something strange. Even official websites can be dangerous at one point, let alone unknown ones. Therefore, whatever you do online, or in the cryptocurrency world, always verify the authenticity. Cmiiw.

By the way, I am curious about the case you described. Could you provide a source? Maybe, it will become clearer, if we read it carefully, and we can understand how the phishing scam site works.

[Zaguru12]

FIRST USER:  argued that such phishing scam drains it victim money from wallet automatically in a quick instant on connecting to the fake site.

SECOND USER: argued that connecting your wallet alone to a phishing site does not automatically drain it, ontil you the victim have to perform a signing in your of your information or wallet private key.

Both are easily possible depending on how the scam was designed, for example on the first one you can connect ti a specific site using your wallet and it doesn’t needs to actually have you sign in before they can be able to steal your keys and that means they will use their own external wallet to actually import such keys of phrase into it and them empty the wallets but this one is highly unlikely and not so common.

The most common one is drainers luring people to the site and you need to actually sign in before you can actually give them access and once you sign before you revoke it, they would have placed a drainer bot your wallet already.

The second is the most likely thing to happen and it’s what is happening although many of us haven’t heard of the first happen it is seriously possible too.

[TokenTikas]

I do not know if I explained the story to a simple understanding. I'm bringing this in the forum that I may know which is correctly said, so I do not misinform someone else in making effort to supply them information with similar case in future.

On this matter, there is really no way to disagree with the arguments given by the first and the second users. However, one more point can be made clear here, which is about phishing sites. No matter how a phishing site is created, once someone enters it, there are usually some mandatory tasks that ask for user access and if those are completed, the site can take full access to the user’s account.
Because of this, it is important to remember that if any site asks for wallet access while visiting it, that should already be a sign that something is not right. For that reason, wallet access should never be shared anywhere. In the crypto space, one must always stay careful and avoid doing anything carelessly.

[hd49728]

FIRST USER:  argued that such phishing scam drains it victim money from wallet automatically in a quick instant on connecting to the fake site.

SECOND USER: argued that connecting your wallet alone to a phishing site does not automatically drain it, ontil you the victim have to perform a signing in your of your information or wallet private key.

You don't need to argue with them and perhaps you don't have too deep knowledge enough for convincing explanations to them, just pointing them to available resources about most common scam methods exclusively phishing scams.

Sharing the resources to them, making it simple but accurate.
The cryptocurrency scambook.
Specifically about the phishing scams.
Punycode Phishing attacks - how to stay safe - Spoofed URLs and fake websites!
What to do to avoid phishing sites.

[_act_]

This is only for educational purpose. Do not connect your wallet to a scam website, else your coins will be stolen.

SECOND USER: argued that connecting your wallet alone to a phishing site does not automatically drain it, ontil you the victim have to perform a signing in your of your information or wallet private key.

The second user is right, the user has to do addition things before the money is sent to the scammer. The scammers can not initiate the transaction themselves, the victim will do it.

But the thing is that we warn people because if they are fooled enough to connect their wallet to a scam site, they will be ignorant enough to continuing being fooled by the scammer and follow the scammer's direction to steal the coin.

So I do tell people not to connect their wallet and which is very important to know.

[Emjay24]

I suppose they could both be right.  It really just depends on how the specific scam is set up.

I suppose both of them are talking from their different knowledge base and experiences, I've a friend that her wallet, Trust wallet to be precise was drained immediately she connected to a site through DAPPS section, so I believe I have seen instant connection scam before, but I haven't known anyone who had to sign a transaction before their wallets were drained.

I have also read that the website you're connected to might have an exploit designed to run an automatic unintended code on your device or even get remote access to your device and if it is achieved successfully, then the attack can remove your assets.

I only hope the second person is not trying to undermine the risk in connecting your wallet to scam sites because you do not know the configuration you would meet, so it is better not to even connect your main wallet to any third-party service.

[lovesmayfamilis]

I'm also inclined to believe that the second user is right. To gain access to the wallet, or, indeed, to the owner's device through a phishing link, the actions of the owner of the wallet or device are always necessary. How often do we get to a phishing site? Sometimes we don't even know about it, because social engineering is quite advanced nowadays. But only after we click on the links of this site or allow any actions, agreeing, for example, with some pop-up windows asking us not about passwords but about empty, seemingly insignificant information without thinking about the bad, can we open full access to our data and passwords.

[TypoTonic]

The important conclusion is this: we should always check the legitimacy of a site, ensure it is official and free of any malicious activity, and always check information from the relevant community about the site you are planning to visit.

-snip-

By the way, I am curious about the case you described. Could you provide a source? Maybe, it will become clearer, if we read it carefully, and we can understand how the phishing scam site works.

I don't know if this is the reddit thread OP is talking about, but the story seems almost the same -- How I lost over $1M after installed Ledger Wallet from App Store



The victim downloaded a fake Ledger Wallet app on his Mac from the official App Store. He wasn't aware that the desktop version is only available from the ledger.com website. In this case, the second user's argument would be right, because simply downloading a fake app shouldn't have been enough to drain his funds. He must've been tricked into entering his seed phrase, or maybe he signed a transaction on his device without verifying the details. Still, his actions were very careless for someone with a huge amount of money. As explained by one of the mods there:

It is also crucial to understand that a fake app cannot autonomously drain your wallet just by being installed. A hardware wallet's security model dictates that assets can only be moved if the 24-word recovery phrase was typed directly into the fake app, or if a malicious transaction was physically approved on the Ledger device screen.

[Somegory]

That's what he pays for not downloading the wallet from original websites, even downloading from Playstore or any app stores are not recommendable anymore because this days fake apps have a nest way of looking real and they will get listed on app stores like they are trustable.

It's always safer to find the wallet original website and let them guide you to their original app on their website or direct you to the real application on the Playstore instead of you using the Playstore search engine.

[Rashlyowl]

I think the first user is wrong & the second user is right with his argument. The victim has make a narrative that his balance was lost when he downloaded the wallet app, which means he should have been at the installation stage.

Unbeknownst to him, the phising website's app had been compromised with a backdoor that allowed the developer (the scammer) to obtain the victim's private key. When the victim entered all his important information, his balance was immediately lost & sent to an unknown address.