A scammer is Phishing Omisego through an E-mail by promoting Reward Campaign for Milestone Achievement, by creating a fake blog news and promoting themselves through a Campaign, which links to a MyEtherWallet phishing site designed to steal tokens.
For a Milestone Achievement they have put up Phishing Email strategy where the Email states ‘Milestone achievement for the project in which their payments channel network has reached 10,000 transactions per second (tx/sec) and in order to celebrate this achievement, they’re launching a rewards campaign.
An Email was circulated which is promoting alleged reward campaign from OmiseGO ($OMG), an “open payment platform and decentralized exchange” that aims to “unbank the banked.”
The actual trick which they had used in Phishing email is using the origin of the Email which comes from an address at “mailbox 49832-omisego.network,” and to the untrained eye, it would appear to be a valid email from the real OmiseGO project.
Someone has created OmiseGo fake blog as if the user ‘Continue reading’ the link given below in an Email, they are directed to a website that uses Punycode to simulate an omisego brand in the domain name (omisegọ).
The OmiseGo actually don’t own the website of this blog but the website page is designed in such a way that it looks like a Medium.com blog. For the record, OmiseGO does use Medium for their blog, but it is hosted at blog.omisego.network.
The blog post takes you to the homepage which is the narrative payment channel transactions per the second milestone and which continues to promote the community rewards campaign.
Someone has made Omisego fake blog links users to the root domain (omisegọ[.]com).
To push their modified theme or strategy they created fake website page which looks like the root domain looks like the real OmiseGO website.
The website asks users to generate a “unique 24-digit binding AuthCode” tied to their OMG wallet address and it is designed in a way to convince the user that isn’t merely a scam trying to steal their tokens.
When the user follows the instructions of the fake OmiseGO website, the “Sign Contract” button leads to another website that uses Punycode (myethėrwalleṫ[.]com) to appear as the real MyEtherWallet website.
And, when finally the users follow all the instructions which are asked by the fake MyEtherWallet website, they will be unsuspecting, giving scammers access to their wallets and which will lose their tokens from their wallet.