Phishing scammers took advantage of what appeared to be a major blunder by well-known cosplayer and online personality Alodia Gosiengfiao after she asked her legion of fans to post their email addresses in order to join a livestream game.
Just a few hours after posting the invitation in her Facebook page on Thursday night, Oct. 22, Gosiengfiao was flooded with email addresses from her followers who were eager to join her in playing the game “Among Us” with fellow streamer Dexie Diaz.
In a now-deleted public post, the cosplayer requested her fans to “post [their] email” so she and her team can directly contact them and be invited to her Discord server.
Phishing scammers took no time exploiting the situation and immediately grabbed the freely available email addresses. The unsuspecting fans then received messages disguised as Discord invitations.
After receiving complaints from fans who were emailed from unknown accounts with seemingly broken or dead links, Gosiengfiao took down her original post and issued an apology in a subsequent post.
She explained that she was unaware of how attackers exploit public information. She then provided her legitimate email address.
Phishers are known for using custom 404 pages in phishing campaigns, but the website forgery in this case involved a replica of Gosiengfiao’s online site which extracted information from a visitor.