A phishing scam discussion.

[letteredhub]

It's as many comments has agreed on about the two users being correct in their respective explanations. There's are scammers with high tech devices that their pattern of phishing scam doesn't require the victim to input his informations into the fake app for his funds to be wiped out. Meanwhile there are phishing site that are programmed to steal your information to the scammer once you key it in. The safe culture to build is to always check URL authenticity and verify before using.

[rat03gopoh]

If you must use a wallet, try as much as possible to void internet connections

It's almost impossible, unless you can design a custom multi-network wallet that doesn't require an internet connection and handles all your tasks, similar wallets generally fail to even retrieve the last balance when offline, making it seem like it doesn't work at all.

[Mame89]

It's as many comments has agreed on about the two users being correct in their respective explanations. There's are scammers with high tech devices that their pattern of phishing scam doesn't require the victim to input his informations into the fake app for his funds to be wiped out. Meanwhile there are phishing site that are programmed to steal your information to the scammer once you key it in. The safe culture to build is to always check URL authenticity and verify before using.

Yes, that's right. Both of these patterns often occur in phishing cases that result in the loss of assets. Some people lose their assets just by entering a fake site, while others lose their assets after entering a fake site and then logging in. But the point is, phishing cases in the crypto world are always present, so take this as a lesson to be careful when clicking any links. In fact, phishing has now developed to a different level, arguably sophisticated. This is no longer just "click a fake link and get hit," but you can open a genuine website and still get phished. We're usually taught "Check the URL don't make a domain typo." Nowadays, there are also cases where the URL is correct but the page has been injected, leading you to a phishing link, initially feeling safe when in fact you've already been phished.

This is how they usually work they disguise themselves as extension notes etc. When you open the target website it overlays a fake login page.
Your input credentials are immediately captured. It's very clean nothing unusual. So, it can be concluded that phishing isn't about whether the link is strange or not, but rather about your own compromised environment. Your browser appears normal even though it's been manipulated internally. So to avoid this it's best not to store assets in an online wallet. Even if you do avoid excessive internet connection.

[Odogwu-Blockchain]

This topic just let me try out an experiment just now on a fake site that needs to connect wallet on metamask to the site for trading.

I downloaded metamask Chrome extension and successfully connected to the site but nothing sketchy shows, although, my balance is zero portfolio. The only message I got on the site was "waiting for connecting with my wallet that I should follow the instructions on my metamask to continue trading" which I waited longer and nothing happen.

I was thinking I will be asked to input my 12 seed phrase before connecting to the site just like other fake sites do.

[SeriouslyGiveaway]

This topic just let me try out an experiment just now on a fake site that needs to connect wallet on metamask to the site for trading.

I downloaded metamask Chrome extension and successfully connected to the site but nothing sketchy shows, although, my balance is zero portfolio. The only message I got on the site was "waiting for connecting with my wallet that I should follow the instructions on my metamask to continue trading" which I waited longer and nothing happen.

I was thinking I will be asked to input my 12 seed phrase before connecting to the site just like other fake sites do.

It's lucky that you use an empty wallet with interaction to that phishing site but you must revoke smart contract approval and access as soon as possible. If you don't do so, make sure you abandon that empty wallet as if you forget, and use the wallet in the future by funding it, your wallet might be compromised and fund in that wallet will be moved to scammer wallet almost immediately.

Scammers like this won't do transactions manually to steal money from victims but they very likely have bots to do these transactions automatically.

[Bryan jessy]

Depends on how the site is built, there are scam Dapps which are design to extract the key to your wallet immediately you sign in that wallet connect permission, there are also those who which they need to send you something which you need to from your wallet permit it, so both of them are some how right just that one tries to use his explaination to debunk the other persons own.

If I am a scammer and I have the  opportunity to execute both type of phishing, I will obviously choose that immediately your wallet is connected, it should drain. Unless the resources to set is up is very much expensive, if not, that is the most reliable one for the scammers.

Again, anyone who is willing to connect their main wallet to an unknown or untrusted site will also be will to sign signature and complete transaction.

But for knowledge sake, if you connect your wallet, you have already given them the primary permission they need, every other things could fall in place.

Seriously both methods are possible to adopt if the scammer is tactic, and the first option is even more faster than the second one, imagine just connecting one's wallet and in seconds the wallet is drained, every scammer will like to utilize this method if they have all it takes, before the owner of the wallet will realize the site is not safe his or her assets has already been tempered with, but the second option still gives room for a person to confirm if the site is safe or not. Scammers operates with different methods depending on the one that they can afford to do with, the ones that can afford the advance method utilizes it. This scammers are good but why don't they channel this creative minds to something better. Everyone should be watchful and careful to avoid falling victim.

[Bobrox]

First points explaining by OP is most scam happening to many cryptocurrency user exactly for airdrop hunter, I remember well how easily my friend loss much crypto fund holding in wallet after connecting with scam dapp or third party side for joining an airdrop. Many of them forget for revoke their wallet after connecting with the scam dapp site exactly when joining airdrop project require for connecting to their dapp.

For trader at dapp exchange, usually not track yet when trading with new dapp and don't know trust site or not for swapping coins and easily after connecting with the scam dapp our fund gone without waiting long term. I think for trader interested trade at dapp exchange always check the trust site before connecting your wallet.