Expose a Phishing website for EOS private Key
A few days ago, I check my EOS account in EOS explore, I find I receive a arbitration message from ECAF, it tell me there is a dispute of ownership of my account, you shall provide evidence about the ownership of your EOS account, ECAF is short for EOS Core Arbitration Forum, this is a organization for arbitration of dispute on EOS main net. The message as follow:
It give me a surprise at first, why my account is in dispute, so I open the link in the arbitration message, the page of the link is follow:
It show that your account is in dispute with others, so you need get in touch with ECAF by the follow link, I follow the Instruction on the page, this page ask you provide evidence of your ownership of your account:
So I upload the screen shot of my account information, after submit this evidence, it ask you input your owner key and active key of your EOS account:
When I input my private key, I am on the alert about the website, I google the ECAF public website, check different between these two domain name, I find they looks exactly the same, but the last letter n, domain name in the arbitration message is eoscorearbitatioņ.io, and google search result is eoscorearbitation.io, I think it is a phishing website finally.
See the follow picture, the domain name in upper is given by the arbitration message which I receive, the domain name in bellow is google search result, last letter have a little different, but if you are not careful, maybe can’t find different of them.
To verify my guess, I search the info of EOS account ecafofficiel, the arbitration message is sent by this account, I find this account sent huge of same arbitration message in the short time, it is impossible there appear so much of dispute cases in short time, so it is obvious, the EOS account ecafofficiel account group sending arbitration message, hope someone will leak his EOS private key.
Summary, this is a phishing website, we shall keep carefully of our private key, be alert on input your private key.