The video Larry posted almost sounds and looks like a foreign language to me. I'll probably have to watch 10x the content I just watched similar in nature before it starts to make sense to me. The big take away I got out of it was that some scamcoins<?> are using .io or other endings that are also used for websites which leads people to their website which some how facilitates the scam?
It's actually a bit more involved than that, just getting someone to visit a web site.
Ethereum, and Binance Smart Chain, support the idea of "Smart Contracts". Think of them kind of like automated vending machines that live on the blockchain. You can feed them various "Coins" / "Tokens", and they will process them a certain way. (DeFi works like this, as I understand it, as you can trade certain tokens IN and get certain tokens OUT, based on exchange rates, fees, etc.)
These scams are basically like a scammy vending machine, that you feed the "fake" airdropped tokens, and they get access to your wallet via the "Smart Contract" that you sent coins to and "allowed" the transaction, and then they steal your other tokens. Thank goodness that MetaMask evidently has something like Windows UAC, where they prompt you before any smart contract attempts to "spend" your tokens. Otherwise, Vosk would have been cleaned out.
Think of them like the crypto-culture version of the "Free Vacation Scam". You get a cold-call, offering that you've "Won a free $5000 vacation" (free air-dropped scam tokens), but in order to "Claim your prize", you need to give them banking or CC# details, to "pay for reservations". But once they get your banking info, they clear out your account.
This being the crypto-sphere, you may have no real recourse, although the last part of the video was interesting, some way to void authorizations on the Ethereum and Binance Smart chain? I'll have to look into that more. One of the issues with Bitcoin and forks, is that the transaction is basically non-reversable once it goes through. Which is what the first post was about.