I just got an email allegedly from Brave saying if I install an updated version of the browser (which comes from a different web address, not the Brave website) and enter my Ethereum address into it, I will be given 1300 free BAT. The email was mass-mailed to dozens of other addresses, and also did not come from Brave Software. I am 99% certain this is a phishing attempt. It would be a good idea to send out an immediate information email letting people know they should NOT fall for this.
Here is the Google Form the link sends you to (which includes a link to download an “updated” version of Brave, but click the link and it does NOT take you to the Brave website):
By the way I did attempt a “Reply All,” but my email client would not allow me to send an email with so many recipients.
EDIT: I was able to send out emails to 50 people at a time alerting them to the phishing/malware attempt. I also reported the form to Google Forms for phishing, and reported the shortlink being used in the disguised link. I have no reason to believe these were the only people emailed this message, so an informational email would still be prudent in my opinion. Let me know if you would like me to forward the original email somewhere, or post the headers, or anything like that.
EDIT2: The shortlink provider has responded and terminated the user account that created the shortlinks. The link in the email now goes to an error message, and the download link on the fake website does also. This is a preventative measure but there is nothing stopping the phisher from doing this again with new shortlinks from somewhere else.
EDIT3: The fake site now fails to load, instead the “site cannot be reached” error appears.
