以太坊导以太坊导
One of the things that scares me about wide-spread blockchain adoption are phishing scams that prey on those that don’t understand how blockchain technology works.
的事情ØNE让我害怕约广泛传播blockchain采用的网络钓鱼诈骗,关于那些不懂技术怎么blockchain作品猎物。
I recently experienced a phishing scam on Facebook where someone tried to get me to reveal my private key.
我最近在Facebook上经历了网络钓鱼诈骗,有人试图让我透露我的私钥。
Here’s how the scam unfolded, and some of the tell-tale signs that should make you raise red flags if you come across something similar.
这是骗局的展开方式,如果遇到类似的情况,一些告示牌应该使您举起红旗。
第1步-在Facebook上通知某人分享了我的照片。 (Step 1 — Notification on Facebook that someone shared a photo of me.)
Who wouldn’t pay attention when you’re notified that your photo has been shared?
当收到通知您照片已共享的通知时,谁不会关注?
第2步-让某人单击链接。 (Step 2 — Get someone to click on a link.)
The phishing scam notified me that I was awarded 10 Ether. Plenty of broken English raised red flags.
网络钓鱼诈骗通知我,我被授予10个以太币。 大量的英语破损引起了红旗。
But I was still curious and wanted to investigate.
但是我仍然很好奇,想调查一下。
第3步-领取您的奖金。 (Step 3 - Claim Your Prize.)
Wow, someone wants to give me 10 ETH ($1,619.90 in dollars as of November 21, 2019) out of the graciousness of their own heart…
哇,有人想出于自己的亲切之情,给我10 ETH(截至2019年11月21日,美元为1,619.90美元)…
Obviously there’s a catch. Let’s dig a bit deeper.
显然有一个陷阱。 让我们深入一点。
步骤4 —输入您的私钥 (Step 4 — Enter Your Private Key)
BAM! Phishing scam confirmed. Reveal your private key and your money is as good as gone…
AM! 网络钓鱼诈骗得到确认。 揭露您的私钥,您的钱已荡然无存…
Other telltale sales included weird domains (“airdrops-holders-eth.xyz”), and NO other links on any of the pages worked.
其他的销售故事包括怪异的域名(“ airdrops-holders-eth.xyz”),并且任何页面上的其他链接都没有。
违规域名 (Offending Domains)
For anybody interested, the domains that were part of this phishing scam included the following:
对于感兴趣的任何人,此网络钓鱼骗局的一部分包括以下内容:
https://receipt-invoice-ethereum.rewards-erc20-tokens.com
https://receipt-invoice-ethereum.rewards-erc20-tokens.com
https://airdrops-holders-eth.xyz/myetherwallet.html?/access-my-wallet
https://airdrops-holders-eth.xyz/myetherwallet.html?/access-my-wallet
结论 (Conclusion)
People new to blockchain systems should be inculcated with the mantra “NEVER REVEAL YOUR PRIVATE KEY”.
刚接触区块链系统的人应该被灌输“永不泄露您的私钥”的口号。
Things like this worry me about widespread blockchain adoption.
这样的事情让我担心区块链的广泛采用。
翻译自: https://medium.com/coinmonks/anatomy-of-an-ethereum-phishing-scam-on-facebook-9772bf080d43
以太坊导以太坊导