Block.one, the private company behind the EOSIO architecture and the EOS token, has made a statement to warn members of the EOSIO community about a phishing attack that was discovered on Sunday (27 May 2018).
The phishing attack involved an email that was sent out to several members of the EOS community -- people who had been in email communication with block.one -- that included a link to a scam website pretending to be an official site for EOS token registration ahead of the upcoming mainnet launch. This attack was quite sophisticated in that some of the emails sent out actually came from block.one's Zendesk support system, which had been temporarily breached when these emails were sent.
The fraudulent email had the words "upcoming June 1st update" in its subject line. The website referenced in the email -- "eoslaunch.io" -- is not in any way associated with block.one. According to the results of a WHOIS lookup, the "eoslaunch.io" domain was registered by GoDaddy on 26 May 2018. This means that this phishing scam could have only started on this date.
Block.one says that it "learned of this matter quickly after it occurred." It seems as though they were first alerted to this scam when Reddit user "designeey" made a post on 27 May 2018 on the EOS Subredit with the subject line "Please Help!! Scammed by developers@block.one email", in which he claimed that he had become the victim of a phishing attack, as a result of which 5,158 EOS tokens (at press time, according to data from CryptoCompare, worth around $61,500) were stolen.