This swamp monster did a phishing attempt on my main account today, and I take that very personally.
What this thing does:
Looks for transactions on block explorer of significant size.
Creates new Principal with same first 3 letters and last 3 of the recipient principal.
sends .0002 icp to the new principal, then the new principal transfers .0001 icp to the sending “honeypot” account it sniffed. If that person is not careful they may accidently send their ICP to the spam principal (many people on this forum have already been a victim).
No I did not send any ICP to it just wanted to draw attention if any blockchain detectives want to try to pursue this. Please have at it.