Scammers use messages (email, text, phone) to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. Armed with that information, they can gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful because people aren’t aware of the risks. The FBI’s Internet Crime Complaint Center reported that $57 million was lost to phishing schemes in one year.
To continue to stay ahead of those trying to inform potential victims of the dangers, they are constantly coming up with new ways of attracting potential victims. One such recent attempt has been launch via the Discord game messaging application. Earlier today, one of our readers received this message from an unknown user on Discord.
After receiving the message, the user went and created an account on https://galachange.com, which looks After receiving the message, the target registered an account on https://galachange.com, which looks legitimate enough. The reader entered his code as instructed and was astounded to find his account had indeed been credited with 14.47 ETH. So he decided to withdraw this crypto winfall into his personal wallet.
That was when the other shoe dropped. The exchange required the new account be activated with a deposit of 0.01BTC(US$330) before he would be able to remove his winnings. The message on the screen assured him that he was free to withdraw the deposited amount plus his 14.47 ETH immediately after the verification was complete.
Thankfully the reader was astute enough to stop here and seek more information on the exchange before making the deposit, but there are probably many others who do not. We can not say definitively that he wouldn’t have gotten his money back, but lets look at the facts.
- This message about winning a prize was sent privately, without the user entering any publicized draw. Companies regularly do use competitions like this to ADVERTISE their company or products. They certainly don’t keep them quiet except for the lucky winners!
- Galachange claims to have been in business for over two years, yet a quick whois of their domain tells a different story.
- The wording of the original message is flawed, to say the least. While this is not proof of wrongdoing, any company giving away 2000 ETH (US$4.25M) would undoubtedly spend a few bucks to have a native speaker proofread their messages.
Domain Name: GALACHANGE.COM Registry Domain ID: 2628389154_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2021-07-21T22:33:46Z Creation Date: 2021-07-21T22:33:43Z
How to respond
When contacted by parties with news that is too good to be true, it probably isn’t true. Therefore, Don’t do anything until you have verified the source. Certainly, do not give anyone access to your accounts or personal details unless you know who they are and that you can trust them.