You may not quite understand what “web3” is all about (I do not claim to do so), but it appears phishers may already use it. At least a particular web3 platform, “Skynet,” aka “slasky.net,” is already being abused. [FWIW: the page was reported to [email protected]]
The platform is pretty much a free file hosting platform. You upload an HTML file, which will display at a particular “slasky.net” URL. Like all similar file hosting platforms, it is ready to be abused by phishing scams.
Here is what the phishing page looks like if I append my “[email protected]” email address to the URL
var mainPage = 'https://'+my_slice;
var sv = my_slice;
var image = "url('https://image.thum.io/get/auth/53562-77e4da5126dd25414aacf01ccad53fff/width/1200/https://"+sv;"')"
document.body.style.backgroundImage = image;
Any data collected by the login form is then posted to https://cryptoglobalinvestment.net/obinna/New.php . The domain “cryptoglobalinvestment.net” redirects to blockchain.com. I doubt that the domain is related to blockchain.com. cryptoglobalinvestment.net is interestingly not using anonymized registration data. The email used to register it “[email protected]” is also used for a few other domain names that are currently not reachable. For example 1stalliancecredit.com.
For the first two attempts, the site will return a password error. On the third attempt, it will redirect the user to email.[user domain] in an attempt to direct the user to a likely webmail server.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.