Don't trust... verify
Topic: [BEWARE!] Bitcointalk Credential Phishing Attack -- Targeting Collectibles - page 2. (Read 471 times)
May 22, 2021, 09:52:14 PM
Thank you for making this thread/post.
Don't trust... verify
Don't trust... verify
May 22, 2021, 03:53:14 PM
Forum friends,
I want to make everyone aware of a new tactic that scammers are employing to phish Bitcointalk forum credentials from those who frequent the Collectibles section. These credentials can then be used to forcibly take over the account, and then use the account (and its implied trust) to facilitate scams.
Attack
Stage 1:
PM to the user with a link that appears to be a valid page on the forum (hint, it's not -- see stage 2)
Stage 2:
User is redirected to a malicious domain controlled by the threat actors; note the domain is actually raiciegodesign[.]com and the username is tracked in the URL
https://bitcointalk[.]org.topic-index.php-5329455.0.raiciegodesign[.]com/index.php?u=blucepheus&l=5338607.60
Upon entering credentials, the page will simply refresh, and guess what? Your credentials are now posted to the threat actors' server, and they can instantly take over your account (the first thing they'll do is change your password and email to lock you out). In addition, they now have access to your profile and will probably attempt to log in to your personal email account using your account password, as well as other services like Amazon, financial institutions, etc.
It appears the scammers have expanded past Telegram and are now using PMs as a medium to phish credentials, and likely use those stolen credentials to facilitate scams. For a long time, we have acted under the assumption that a PM from a trusted user on the forum is enough to validate. This proves it is not.
Protect Yourself:
Stay safe and remain vigilant.
-bc
I want to make everyone aware of a new tactic that scammers are employing to phish Bitcointalk forum credentials from those who frequent the Collectibles section. These credentials can then be used to forcibly take over the account, and then use the account (and its implied trust) to facilitate scams.
Attack
Stage 1:
PM to the user with a link that appears to be a valid page on the forum (hint, it's not -- see stage 2)
Stage 2:
User is redirected to a malicious domain controlled by the threat actors; note the domain is actually raiciegodesign[.]com and the username is tracked in the URL
https://bitcointalk[.]org.topic-index.php-5329455.0.raiciegodesign[.]com/index.php?u=blucepheus&l=5338607.60
Upon entering credentials, the page will simply refresh, and guess what? Your credentials are now posted to the threat actors' server, and they can instantly take over your account (the first thing they'll do is change your password and email to lock you out). In addition, they now have access to your profile and will probably attempt to log in to your personal email account using your account password, as well as other services like Amazon, financial institutions, etc.
It appears the scammers have expanded past Telegram and are now using PMs as a medium to phish credentials, and likely use those stolen credentials to facilitate scams. For a long time, we have acted under the assumption that a PM from a trusted user on the forum is enough to validate. This proves it is not.
Protect Yourself:
- Inspect any URL before entering credentials
- Use a very unique, complex password on Bitcointalk to protect your other accounts; consider a password manager for generation, i.e. 1Password
- Do everything you can to verify that the person you're speaking to via PM is truly that individual. Consider the possibility that their account is being operated by a scammer.
- Use a trusted escrow for any high-value transactions.
Stay safe and remain vigilant.
-bc
Jump to: