Topic: [Warning] Fake Brave Bounty Program Giving 1,500 BAT Tokens to each participant! (Read 431 times)

The form is just like a traditional airdrop form to make it more convincing that it is indeed an airdrop program which requires would be participants to input their bitcointalk username and twitter handle and could have been made as a means to verify corresponding email addresses! The first two input requirements can be used to harvest data and could be used also as attack vectors for future phishing attempts other than the email address.



But I guess the main importance of the form is that it contains an easy step by step instructions necessary for the phishing attempt to become successful since there is a very high that you will likely download the malicious executable once you've started filling it up and fulfilling very easy tasks tends to attract would be victims to try it.

Those ICO/IEO projects always claim that they would make sure the emails of their participants is kept private, but down the road now, we're too aware that plenty of them don't, they either use it to send scam attempt emails or they sell it to those who would, do we even talk of what they do with the KYC documents submitted to them.

If majority of them are scam, which they are, then why wouldn't they sell the emails or send such messages, it's another way of trying to scam people other than through their shit bounty projects. I have totally lost faith in ICO bounties.

I also received such a letter. I use this e-mail specifically for bounty. It's all filled with spam. There used to be an unwritten rule in spreadsheets not to publick e-mail address of the participants. But now this information appears very often and spammers are actively using it.

Thanks for the warning. What activities did the form want you to do? I am trying to figure out what they got from this? Unless they tried to get you to install some fake browser?
I do know that they could be creating email lists. Email lists can be worth a lot of money and people even sell them if they feel like they do not need them and wat to squeeze a quick buck out of it.
Other than that I cannot see the benefit.

A round of applause for detecting this out, wow i am impressed, God knows how many people would have fell for this trick, this is why its not always good to reply mails or try to claim coins through mails

Thanks for this information. I will post the above phishing link for update and you can also visit this relevant thread Host-file to deal with phishing sites if you have not done so and you can update your hostfile accordingly for added security.

Another email I received today with same strategy using another name airdrop portal, ask to fill spreadsheet very same with @OP stories. Here is the proof from email I received.

You're welcome!  Being a part of this community, I guess its our duty to inform others on these pitfalls so that we may never become victims of it!

Now I understand that the email sent to you was sent by a different email address and I suppose these scammers are very aggressive on their phishing campaign and will do different tricks to become successful that I feel it is rather important to keep the community regularly informed about this until these threats have subsided, hopefully in the near future.

So I guess we should continue on keeping everybody aware about this as much as possible.

There are modus and schemes floating around the forum that there are fake websites made for phishing and I've read some of those. they seemed legitimate and would really gibe you a hard time to identify whether its fake or not, but this one here, is obviouslyba click bait and would really give you doubts about opening it. Just looking at the user interface and the offer, those are the epitome of scams and click baits so. everyone, of you see one, best believe me all you have to do is to ignore it and don't give a shit about it. Never click links once you saw early signs of scams.

Thanks for the warning.
It seems that with the revival of the crypto market, its ancient inhabitants of scammers and scammers also came to life. In my opinion this is a good sign.

For me, this is the first sign that the Bat market and project in particular have good potential for the very near future. So soon we will see interesting movements in the market.
Be vigilant Now there are more and more cases of phishing attacks, follow the recommendations given by verified forum users.

I got it yesterday, as it went to the inbox instead of to spam, I thought this was true, much less when I saw the sender using a old coin name Siacoin, I thought they were collaborating on a new project after re-cheking the domain they mentioned is different with real brave browser domain, so I immediately
deleted that email. Looks like they're sending gradually so there's still email about this bounty being sent over to look for another victim.

Thank you for the awareness and the heads up as well, I also received email from them and now I'm curious where did they get my email address. I almost clicking the link they are given when I opened my Gmail account. Good thing I remember this thread of yours.



I almost fall into this trap because it was sent through my mail inbox, not in a spam message. But luckily I'm a Chrome user.

Thank you for providing information that is handy for us, I also have received an incoming message from someone who did send airdrop brave link, but there are some of my friends who are trapped because they are tempted by the gifts given so that they follow all what is ordered by the fraudster including fill out the form and click on the download link, what do they need to do now to get rid of the phishing trap? Whether the download link will also work on Android because as far as I know the link is only for PCs, but my friend tried to download it via a mobile device but in the end the link did not work, did the phishing trap also affect the Android device?

Just updated the OP with an image of the scammers follow up email with the same phishing link that was sent to another email address of mine. It seems these bad actors are getting more brazen and more persistent with their phishing activities.

Since you often received phishing emails, I would assume your email address had fallen into the wrong hands which is very unfortunate but this scenario are very common nowadays considering that there are black markets where these kinds of data are being bought or sold for illicit purposes.

Now, its technically possible to block certain email addresses from sending us unsolicited emails but this is just a tentative solution since these perpetrators could easily circumvent this method just by using a new email address for sending spam phishing emails. Another one is to filter your emails and redirect it to a certain folder if your email platform provides that feature.

If you would like to received less spam and other malicious emails, I suggest you try to use disposable emails instead of your personal email and this could be used for one time purposes such as registrations to less important sites, etc., which could be later discarded at a predefined time.

Finally, I believe all of these techniques doesn't guarantee  a hassle free email experience, so that I think the best way to stop these kinds of email is to be more vigilant and suspicious and create a mass awareness or inform the community at once if we encounter it so that other people may know and could possibly avoid being victimized!

I guess time will come that these kinds of emails will be easily distinguished and avoided  that I think it will discourage its perpetrators from doing the same technique again if it becomes ineffective and could stop its operations thus could significantly reduce the amount of spam and malicious emails we received regularly!

"Awareness is key to prevention!"

You receive such e-mails for the reason that your e-mail address posted publicly somewhere, and is probably part of some spam e-mail base that resales in the black market. The simplest solution is to create a new email, and if that is not an option to simply ignore such messages. Way to stop this e-mail is to report it as spam in settings of your e-mail provider, so after a certain number of reports, such e-mail will directly go in the spam folder.

For those who use Brave it is a known fact that users get only 5 BAT tokens at the start, and I think some $5 worth of tokens for the month of surfing. The very fact that someone is giving 1500 BATs is already enough warning that this is a fraud.

I also receive emails like that even though I've never joined other BAT campaigns, but I often receive phishing emails.
Is there another way to stop this email, it is very annoying for me and this is afraid of being used by someone else.

I'm so happy i didn't fall for this, as the clone was well planned and executed, i will share this information with others so they don't fall for it as well. Thank you very much for this information it is very helpful.

Yeah, they cloned the site almost exactly as the original and official Brave site except for the "Google form" button beside the download button but if we hover our mouse to the download button, then we could easily distinguish the fake one which doesn't use the brave.com domain. I'm pretty sure there will be more detection once AV companies get to analyze the file thoroughly - I suspect its loaded with a trojan considering the fake installer file size is 9.2 MB whereas the genuine Brave installer is only at 1.2 MB!


Absolutely! This is the first step of defense we all should practice! If we can just all become more vigilant and investigate a little on this type of fraudulent activities, then we can inform and sound an alarm immediately to the community so that in our own little way we could help in stopping this malwares to propagate further more.

The brave site is pretty well cloned, although it is relatively simple, and most of the menu items just points to the original site’s content .. except for the download file itself which is different.

Virustotal displays the file as Malware (Avira does that so far): https://www.virustotal.com/gui/url/12322e193dda741bf0e7d6e5944b2d736c7f5fee9a625f5e3a2efa81823c4c2e/detection

Remember that the site itself does not necessarily encounter an entry using Virustotal (the close site does not: https://www.virustotal.com/gui/url/56a6e6a37b2c3fec6201ca9bd2839e50ab6c1f6b6bd1545e836a71b9a1530f99/detection), but rather the url that points to the download file. That is the one that needs to be examined with extra care.

In addition, ScamAdviser raises a bunch of warning signs that need to be looked at: https://www.scamadviser.com/check-website/bounty-brave.info.

The general problem is that, if you are not suspicious from the beginning, one normally does not go into the trouble of doing the above, thus potentially falling for the trap. Which goes to show that you are the first firewall against this from happening.