Expose a Phishing website for EOS private Key

in #eos6 years ago

A few days ago, I check my EOS account in EOS explore, I find I receive a arbitration message from ECAF, it tell me there is a dispute of ownership of my account, you shall provide evidence about the ownership of your EOS account, ECAF is short for EOS Core Arbitration Forum, this is a organization for arbitration of dispute on EOS main net. The message as follow:
1.png

It give me a surprise at first, why my account is in dispute, so I open the link in the arbitration message, the page of the link is follow:
2.png

It show that your account is in dispute with others, so you need get in touch with ECAF by the follow link, I follow the Instruction on the page, this page ask you provide evidence of your ownership of your account:
3.png

So I upload the screen shot of my account information, after submit this evidence, it ask you input your owner key and active key of your EOS account:
4.png

When I input my private key, I am on the alert about the website, I google the ECAF public website, check different between these two domain name, I find they looks exactly the same, but the last letter n, domain name in the arbitration message is eoscorearbitatioņ.io, and google search result is eoscorearbitation.io, I think it is a phishing website finally.
See the follow picture, the domain name in upper is given by the arbitration message which I receive, the domain name in bellow is google search result, last letter have a little different, but if you are not careful, maybe can’t find different of them.
5.png

To verify my guess, I search the info of EOS account ecafofficiel, the arbitration message is sent by this account, I find this account sent huge of same arbitration message in the short time, it is impossible there appear so much of dispute cases in short time, so it is obvious, the EOS account ecafofficiel account group sending arbitration message, hope someone will leak his EOS private key.
6.png

Summary, this is a phishing website, we shall keep carefully of our private key, be alert on input your private key.