Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Spear phish attempt via discord - fake mee6 bot - steals tokens and admin access of phished staff so scammers can post bogus links on behalf of the staff to instill trust.
This fake bot is extremely dangerous as is poses danger to the whole ecosystem.
This spear phishing scam attempt was made against a lot of DEX and DAO team members, but as the domain of the fake mee6 is fresh i imagine they might target other brands as well
I believe they wanted to get the staff team member to visit a bogus discord via web browser instead of the native client
and by "verifying" via the fake mee6 bot upon entering the fake coin market cap discord, the scammers obtain the discord tokens for access of the staff member and can then login as them (account take over)
Then they could wreck chaos by posting scam link inside the discord via the staff member's own account!!!!!
SCAM "instructions"
馃毄(huge red flag!)
TOKEN STEALING EXFIL - 馃毄(GIGA huge red flag!)
FAKE messages
full story:
https://twitter.com/steviepxyz/status/1628238813825847301