Thanks for the warning @acidyo!
This one is particularly sneaky because of its "genuine looking" nature. Research study? Sure. No promise of "riches," just a small token thank you for participation.
Checked it (I have a "trash machine" I use only for dodgy stuff)
Launches from what is actually a legit domain. No weirdness. No forwarding. No sneaky background install/download attempts. Actually has an entire "survey" that looks like could be genuine. Includes limitations to disqualify people. Everything looks copacetic till the very end where you click to "submit" the survey.
Then there's a "you have to be logged in to get your reward" message.
BIG RED FLAG!! Of course you don't have to be "logged in" for someone to send you a couple of Hive.
Just a warning to all that some things can be set up to be incredibly authentic looking!
Hey thanks for taking the time to check it out! And yeah, that's where many would fall for it along with looking somewhat harmless early on.
Whoever did this went to a lot of trouble to disguise their intentions, OR it's a genuine thing that was very poorly conceived... because if they can send us 0.001 Hive without being logged in, they can also send people 3 Hive without being logged in... all they need is your username, and that's public information. Besides, why send a wallet memo, rather than just make a public post about who and what they are? Pretty sketchy...
The reason I even mention "genuine" is that the names given as originators of the survey ARE verifiable faculty members at the University of Hong Kong.
Sad that we live in a world where we have to be so uber-suspicious of everything...
=^..^=
It's actually perfectly reasonable to have someone sign a message to authenticate who they are. It would be a means to prevent impersonation and to a degree sybil attacks.
The only keychain command I received was to sign a message, ie. to log in. However it is entirely possible that the back end code sends different commands to different users (depending on value of account, for example). The important thing for users to do is to learn the skill to evaluate the transaction that they are signing. In principle, even trusted sites like peakd.com and hive.blog could cheat users by doing a 'switcheroo' with transaction details in a keychain command.
I would also suggest that the use of memo messages is probably part of the study design to avoid sampling bias. Making a post about it would encourage major sampling bias.
That is certainly a valid point.
At the same time, relying only on responses from a wallet memo creates its own sampling bias in that you're only going to get responses from people who are not suspicious of wallet memos... which almost suggests that there's really no "winning" in trying to conduct such a survey, if it actually IS legit.
=^..^=
This certainly sounds and looks very strange, but the person behind this seems to be a legitimate person who is indeed a researcher.
https://www.hkubs.hku.hk/tc/people/sichen-dong/
This may actually be a real survey, but being conducted in a non-appropriate way
I have not yet seen the "you have to be logged in to get your reward" message so I am not sure where it is and of course I discourage everyone from logging in it
It looks like a rather sophisticated campaign.