Fighting Fraud on EOS Blockchain

Story

We at EOS Tribe became aware of the ongoing fraud transactions sent to EOS accounts on behalf of TELOS foundation offering users to claim their TLOS tokens and providing a link to a fake clone Telos web site:

https://bloks.io/transaction/0ae858c6f9486f01ff00ff0bed2aadcf472dfa56adf250b6dbd88be2a9713cf8

{"from": "telos.x", "to": "ge4tknzvhege", "quantity": "0.0001 EOS", "memo": "Blockchain Perfected! 90% TLOS already claimed - Claim your TLOS tokens: https://telos-foundation.io/ (TLOS 토큰을 요구하십시오)(声明您的TLOS令牌)"}

Number of EOS users fell for a scam and lost control of their private key and thus funds in their account.
Those incidents were reported to EOS911, EOS Tribe and number of other Telegram channels.

We have taken steps to search for all recipients of such scam messages and sent alerts to those accounts about SCAM from our alert account: eostribalert
Example of such message:
https://bloks.io/transaction/19e26afa64b9277344390cdeb101ca6456809146218600c29be5f0bb74e252e3

EOSTribe ALERT: telos-foundation.io IS SCAM SITE THAT WILL STEAL YOUR PRIVATE KEY! Real Telos site: telosfoundation.io | telos-foundation.io是SCAM网站，它将窃取您的私钥！真正的Telos网站：telosfoundation.io

Since that time scammers got a notice and changed their tactics. They have created account looking similar to ours: eostribealrt and started sending Fake Alert messages to increasing number of EOS accounts:
https://bloks.io/transaction/aca01aae0c5215c56d4f41fcd4a44985822e247e3baaf69bfd4a938654e6d6ba

LAST CHANCE TO CLAIM YOUR 1:1 TLOS AIRDROP ONLY AT https://telosfundation.io/claim | 申请1：1 TLOS空投的最后机会 | 1 : 1 TLOS 에어 드롭을 주장 할 수있는 마지막 기회

^ Notice missing 'o' in the domain name.

We accepted the challenge and the fact that they now effectively commit crime under EOS Tribe name shows that they directly attack EOS Tribe reputation while scamming EOS account holders.

We have found all their recent transactions and resent batch transactions warning all accounts that received the scam messages with the following message:
https://bloks.io/transaction/21eb81dc21191df933ff24b1a04462b036d96f1681771466e0a93731989410e8

ALERT: telosfundation.io IS A FRAUD SITE! There is no claim for TLOS! Ignore messages from eostribealrt - they are scammers posing as eostribalert.

So far we have alerted more then 4K accounts and continue monitoring the network.

We are doing additional investigation and will report when we have more information.

So far based on suspected geographical location of the attackers they will most likely go unpunished even if legal actions are taken against them:

Domain registration information:

Domain Name: TELOS-FOUNDATION.IO
Registry Domain ID: D503300000505143673-LRMS
Registrar WHOIS Server: whois.rrpproxy.net
Registrar URL: http://www.key-systems.net
Updated Date: 2019-01-14T10:50:28Z
Creation Date: 2019-01-14T10:31:56Z
Registrant Organization: Internet Invest, Ltd. dba Imena.ua
Registrant State/Province: UA
Registrant Country: UA
<< First domain registered at imena.ua
IP: 192.227.133.18
Location: United States, New York
ISP: ColoCrossing, Hudson Valley Host - https://www.colocrossing.com/

Domain Name: TELOSFUNDATION.IO
Registry Domain ID: D503300000557796448-LRMS
Registrar WHOIS Server:
Registrar URL: http://www.netim.com
Updated Date: 2019-02-11T05:12:38Z
Creation Date: 2019-02-11T05:12:37Z
Registry Expiry Date: 2020-02-11T05:12:37Z
IP: 64.188.13.39
Location: United States, California, Los Angeles
ISP: QuadraNet Enterprises LLC - https://quadranet.com/

Summary

The lesson from all of this is for EOS account holders to be more vigilant and never use their private key on a web site no matter how legitimate it may look.

The weakest link in any technology is often us humans and hence the rise of social engineering in Blockchain fraud.

Safeguard your private keys like you would safeguard your cash!