A common thing scammers do is copy material from other sites that the scammer's victims are familiar with and trust. The scammers put that material in their own sites to try to trick the victims into thinking that are on the site they trust.
Yeah so I imagine how this would work to steal people’s funds in this case is to take copyrightable brand assets from someweb3company.xyz. Use them to make a youtube video saying something like “someweb3company.xyz is doing a limited time offer of a free thing. Log in with your wallet details at someweb3company.totallylegitoffer.xyz to claim!” Or some variant on that. Logging in with your wallet gives them permission to steal all your stuff. Because “logging in with a web3 wallet” is actually signing something with your private key. That something can be a json token thing for logging in, but it can also be a transaction and the UX is so god-awful that people often don’t pay much attention to which they are doing and get ripped off.
