Author

Topic: [Warning] Fake Brave Bounty Program Giving 1,500 BAT Tokens to each participant! (Read 483 times)

sr. member
Activity: 1078
Merit: 310
Thanks for the warning. What activities did the form want you to do? I am trying to figure out what they got from this? Unless they tried to get you to install some fake browser?

The form is just like a traditional airdrop form to make it more convincing that it is indeed an airdrop program which requires would be participants to input their bitcointalk username and twitter handle and could have been made as a means to verify corresponding email addresses! The first two input requirements can be used to harvest data and could be used also as attack vectors for future phishing attempts other than the email address.



But I guess the main importance of the form is that it contains an easy step by step instructions necessary for the phishing attempt to become successful since there is a very high that you will likely download the malicious executable once you've started filling it up and fulfilling very easy tasks tends to attract would be victims to try it.
legendary
Activity: 2184
Merit: 1302
There used to be an unwritten rule in spreadsheets not to publick e-mail address of the participants. But now this information appears very often and spammers are actively using it.
Those ICO/IEO projects always claim that they would make sure the emails of their participants is kept private, but down the road now, we're too aware that plenty of them don't, they either use it to send scam attempt emails or they sell it to those who would, do we even talk of what they do with the KYC documents submitted to them.

If majority of them are scam, which they are, then why wouldn't they sell the emails or send such messages, it's another way of trying to scam people other than through their shit bounty projects. I have totally lost faith in ICO bounties.
full member
Activity: 1022
Merit: 106
I also receive emails like that even though I've never joined other BAT campaigns, but I often receive phishing emails.
Is there another way to stop this email, it is very annoying for me and this is afraid of being used by someone else.
I also received such a letter. I use this e-mail specifically for bounty. It's all filled with spam. There used to be an unwritten rule in spreadsheets not to publick e-mail address of the participants. But now this information appears very often and spammers are actively using it.
sr. member
Activity: 906
Merit: 263
Thanks for the warning. What activities did the form want you to do? I am trying to figure out what they got from this? Unless they tried to get you to install some fake browser?
I do know that they could be creating email lists. Email lists can be worth a lot of money and people even sell them if they feel like they do not need them and wat to squeeze a quick buck out of it.
Other than that I cannot see the benefit.
member
Activity: 406
Merit: 14
A round of applause for detecting this out, wow i am impressed, God knows how many people would have fell for this trick, this is why its not always good to reply mails or try to claim coins through mails
sr. member
Activity: 1078
Merit: 310
~snip~

Thanks for this information. I will post the above phishing link for update and you can also visit this relevant thread Host-file to deal with phishing sites if you have not done so and you can update your hostfile accordingly for added security.
legendary
Activity: 2324
Merit: 1604
hmph..
Another email I received today with same strategy using another name airdrop portal, ask to fill spreadsheet very same with @OP stories. Here is the proof from email I received.





Code:
https://brave-drop.info
sr. member
Activity: 1078
Merit: 310
Thank you for the awareness and the heads up as well, I also received email from them and now I'm curious where did they get my email address. I almost clicking the link they are given when I opened my Gmail account. Good thing I remember this thread of yours.



I almost fall into this trap because it was sent through my mail inbox, not in a spam message. But luckily I'm a Chrome user.

You're welcome!  Being a part of this community, I guess its our duty to inform others on these pitfalls so that we may never become victims of it!

Now I understand that the email sent to you was sent by a different email address and I suppose these scammers are very aggressive on their phishing campaign and will do different tricks to become successful that I feel it is rather important to keep the community regularly informed about this until these threats have subsided, hopefully in the near future.

So I guess we should continue on keeping everybody aware about this as much as possible. Smiley
hero member
Activity: 1750
Merit: 589
Just recently, I have received an email purportedly coming from the Brave browser team with the subject "Update your Brave browser. Get 1,500 BAT tokens" after which I became suspicious since 1.5k BAT bounty to be given individually sounds too good to be true and I see many red flags on the email (as illustrated below) and suspicious links which I find very obvious to be forms of scam tactics!

Please disregard this email and don't visit those sites listed on the form or give any personal information whatsoever. This is obviously a scam bounty program and the link to the download page is a phishing site - identical to the official Brave website! Also, we may run the risk of downloading a trojan or any other malware that could be embedded if we proceed to download that  installer without hesitation.

There are modus and schemes floating around the forum that there are fake websites made for phishing and I've read some of those. they seemed legitimate and would really gibe you a hard time to identify whether its fake or not, but this one here, is obviouslyba click bait and would really give you doubts about opening it. Just looking at the user interface and the offer, those are the epitome of scams and click baits so. everyone, of you see one, best believe me all you have to do is to ignore it and don't give a shit about it. Never click links once you saw early signs of scams.
sr. member
Activity: 1512
Merit: 292
www.cd3d.app
Thanks for the warning.
It seems that with the revival of the crypto market, its ancient inhabitants of scammers and scammers also came to life. In my opinion this is a good sign.

For me, this is the first sign that the Bat market and project in particular have good potential for the very near future. So soon we will see interesting movements in the market.
Be vigilant Now there are more and more cases of phishing attacks, follow the recommendations given by verified forum users.
legendary
Activity: 2814
Merit: 1112
Leading Crypto Sports Betting & Casino Platform
I got it yesterday, as it went to the inbox instead of to spam, I thought this was true, much less when I saw the sender using a old coin name Siacoin, I thought they were collaborating on a new project after re-cheking the domain they mentioned is different with real brave browser domain, so I immediately
deleted that email. Looks like they're sending gradually so there's still email about this bounty being sent over to look for another victim.
legendary
Activity: 2492
Merit: 1232
Thank you for the awareness and the heads up as well, I also received email from them and now I'm curious where did they get my email address. I almost clicking the link they are given when I opened my Gmail account. Good thing I remember this thread of yours.



I almost fall into this trap because it was sent through my mail inbox, not in a spam message. But luckily I'm a Chrome user.

sr. member
Activity: 520
Merit: 250
KUWA.ai
Thank you for providing information that is handy for us, I also have received an incoming message from someone who did send airdrop brave link, but there are some of my friends who are trapped because they are tempted by the gifts given so that they follow all what is ordered by the fraudster including fill out the form and click on the download link, what do they need to do now to get rid of the phishing trap? Whether the download link will also work on Android because as far as I know the link is only for PCs, but my friend tried to download it via a mobile device but in the end the link did not work, did the phishing trap also affect the Android device?
sr. member
Activity: 1078
Merit: 310


Just updated the OP with an image of the scammers follow up email with the same phishing link that was sent to another email address of mine. It seems these bad actors are getting more brazen and more persistent with their phishing activities. Angry
sr. member
Activity: 1078
Merit: 310
I also receive emails like that even though I've never joined other BAT campaigns, but I often receive phishing emails.
Is there another way to stop this email, it is very annoying for me and this is afraid of being used by someone else.

Since you often received phishing emails, I would assume your email address had fallen into the wrong hands which is very unfortunate but this scenario are very common nowadays considering that there are black markets where these kinds of data are being bought or sold for illicit purposes.

Now, its technically possible to block certain email addresses from sending us unsolicited emails but this is just a tentative solution since these perpetrators could easily circumvent this method just by using a new email address for sending spam phishing emails. Another one is to filter your emails and redirect it to a certain folder if your email platform provides that feature.

If you would like to received less spam and other malicious emails, I suggest you try to use disposable emails instead of your personal email and this could be used for one time purposes such as registrations to less important sites, etc., which could be later discarded at a predefined time.

Finally, I believe all of these techniques doesn't guarantee  a hassle free email experience, so that I think the best way to stop these kinds of email is to be more vigilant and suspicious and create a mass awareness or inform the community at once if we encounter it so that other people may know and could possibly avoid being victimized!

I guess time will come that these kinds of emails will be easily distinguished and avoided  that I think it will discourage its perpetrators from doing the same technique again if it becomes ineffective and could stop its operations thus could significantly reduce the amount of spam and malicious emails we received regularly!

"Awareness is key to prevention!"
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I also receive emails like that even though I've never joined other BAT campaigns, but I often receive phishing emails.
Is there another way to stop this email, it is very annoying for me and this is afraid of being used by someone else.

You receive such e-mails for the reason that your e-mail address posted publicly somewhere, and is probably part of some spam e-mail base that resales in the black market. The simplest solution is to create a new email, and if that is not an option to simply ignore such messages. Way to stop this e-mail is to report it as spam in settings of your e-mail provider, so after a certain number of reports, such e-mail will directly go in the spam folder.

For those who use Brave it is a known fact that users get only 5 BAT tokens at the start, and I think some $5 worth of tokens for the month of surfing. The very fact that someone is giving 1500 BATs is already enough warning that this is a fraud.

sr. member
Activity: 1092
Merit: 284
I also receive emails like that even though I've never joined other BAT campaigns, but I often receive phishing emails.
Is there another way to stop this email, it is very annoying for me and this is afraid of being used by someone else.
newbie
Activity: 11
Merit: 0
I'm so happy i didn't fall for this, as the clone was well planned and executed, i will share this information with others so they don't fall for it as well. Thank you very much for this information it is very helpful.
sr. member
Activity: 1078
Merit: 310
The brave site is pretty well cloned, although it is relatively simple, and most of the menu items just points to the original site’s content .. except for the download file itself which is different.

Virustotal displays the file as Malware (Avira does that so far): https://www.virustotal.com/gui/url/12322e193dda741bf0e7d6e5944b2d736c7f5fee9a625f5e3a2efa81823c4c2e/detection

Yeah, they cloned the site almost exactly as the original and official Brave site except for the "Google form" button beside the download button but if we hover our mouse to the download button, then we could easily distinguish the fake one which doesn't use the brave.com domain. I'm pretty sure there will be more detection once AV companies get to analyze the file thoroughly - I suspect its loaded with a trojan considering the fake installer file size is 9.2 MB whereas the genuine Brave installer is only at 1.2 MB!

The general problem is that, if you are not suspicious from the beginning, one normally does not go into the trouble of doing the above, thus potentially falling for the trap. Which goes to show that you are the first firewall against this from happening.

Absolutely! This is the first step of defense we all should practice! If we can just all become more vigilant and investigate a little on this type of fraudulent activities, then we can inform and sound an alarm immediately to the community so that in our own little way we could help in stopping this malwares to propagate further more. Smiley
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
The brave site is pretty well cloned, although it is relatively simple, and most of the menu items just points to the original site’s content .. except for the download file itself which is different.

Virustotal displays the file as Malware (Avira does that so far): https://www.virustotal.com/gui/url/12322e193dda741bf0e7d6e5944b2d736c7f5fee9a625f5e3a2efa81823c4c2e/detection

Remember that the site itself does not necessarily encounter an entry using Virustotal (the close site does not: https://www.virustotal.com/gui/url/56a6e6a37b2c3fec6201ca9bd2839e50ab6c1f6b6bd1545e836a71b9a1530f99/detection), but rather the url that points to the download file. That is the one that needs to be examined with extra care.

In addition, ScamAdviser raises a bunch of warning signs that need to be looked at: https://www.scamadviser.com/check-website/bounty-brave.info.

The general problem is that, if you are not suspicious from the beginning, one normally does not go into the trouble of doing the above, thus potentially falling for the trap. Which goes to show that you are the first firewall against this from happening.
sr. member
Activity: 1078
Merit: 310
Another phishing site, report it to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en to be taken down asap.

Edit:

You can also post the phishing site in this format if you want more people to report it:
Code:
Phishing site: https:xxxx


Done. Thank you for the info. Smiley


Thanks for posting it here, This is obviously a fake/phishing website but some newbies might be fool by them.  BAT using yahoo email is very suspicious in the first place. The only legit BAT airdrop is from brave browser and coinbase.

Yeah. Its very obvious and the fact that users needs to download a Brave browser installer again doesn't feel right when they can do it via updates, assuming the bounty was legitimate.
full member
Activity: 1176
Merit: 162
Thanks for posting it here, This is obviously a fake/phishing website but some newbies might be fool by them.  BAT using yahoo email is very suspicious in the first place. The only legit BAT airdrop is from brave browser and coinbase.

legendary
Activity: 2114
Merit: 1150
https://bitcoincleanup.com/
Another phishing site, report it to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en to be taken down asap.

Edit:

You can also post the phishing site in this format if you want more people to report it:
Code:
Phishing site: https:xxxx
sr. member
Activity: 1078
Merit: 310
Just recently, I have received an email purportedly coming from the Brave browser team with the subject "Update your Brave browser. Get 1,500 BAT tokens" after which I became suspicious since 1.5k BAT bounty to be given individually sounds too good to be true and I see many red flags on the email (as illustrated below) and suspicious links which I find very obvious to be forms of scam tactics!

Please disregard this email and don't visit those sites listed on the form or give any personal information whatsoever. This is obviously a scam bounty program and the link to the download page is a phishing site - identical to the official Brave website! Also, we may run the risk of downloading a trojan or any other malware that could be embedded if we proceed to download that  installer without hesitation.



Follow up email with same phishing link








Comparisons

Brave Browser Official Main Page



Phishing site main page


                         Legit download message box                        Fake download message box  
       



Legit downloaded file
                     
 

Fake downloaded file


Note: Notice the distinctive differences on attributes on both pages, download message boxes and the downloaded files enclosed with red markers.


Code:
Phishing Site: https://bounty-brave.info/

Note: Some information on the email were omitted for privacy purposes.
Jump to: