Instead of creating their own scam sites, the threat actors leave all the social engineering work to the original scammers. Trend Micro researchers estimate that Water Labbu has compromised at least 45 scam websites.
To avoid these types of scams, always research dApp sites, especially liquidity mining platforms, to determine if they are legitimate before connecting a wallet to them. Also, periodically review wallets’ allowed sites to make sure a scam site was not inadvertently added. In addition, avoid conducting investments with unvetted or anonymous parties introduced via social media, as these scenarios commonly lead to scams. Finally, avoid trading cryptocurrency on unknown or unvetted exchanges, as these activities put the entirety of a wallet at risk.