Topic: Bitcoin Payment Recieved scam (Read 2745 times)
Fishing letter ???Please be careful with it.
Your paste of the email shows where the link really leads
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.
I heard somewhere that they purposely spell their emails wrong to weed out all of the smart people and are left with the stupid people. 
*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.
This is my favorite bit. I wonder where bitcoins go once they are 'reset'? lol.
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet. So, I am wondering, if I would have fallen for that, would I have a problem?
The best solution is to have the site bookmarked and always check it's the legit site first before you put anything in. 2 factor likely wont help you if you type that in as well but the site might be just hoping you don't have 2-factor set up.
I've just received an e-mail from [email protected] titled "Bitcoin Payment Recieved" claiming that I've received $2,031.88
Of course it's asking my to log on to my blockchain account.
I'm treating it as a scam because a) mispelling in title b) e-mail is NOT from blockchain address, and c) I don't have a blockchain account.
TREAT AS SUSPECT!
i suggest doing a couple of things:Of course it's asking my to log on to my blockchain account.
I'm treating it as a scam because a) mispelling in title b) e-mail is NOT from blockchain address, and c) I don't have a blockchain account.
TREAT AS SUSPECT!
1) enabling 2FA
2) bookmarking the real address and using it every time
3) in email you can add filters that move specific emails from senders to specific folders that you create, that way any other email that is just similar will go into "inbox" and real emails from the real sender in this case blockchain.info will go inside that folder
c) I don't have a blockchain account.
TREAT AS SUSPECT!
TREAT AS SUSPECT!
I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone
(though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see. i got my $2,031.88 - fools!
lol...
do you realize that some stupid folks could now try to follow the scam-link?
LOL, or leave him negative feedback from promoting a scam
(though if anyone lost money because of a joke/sarcasm it's probably their own fault). c) I don't have a blockchain account.
TREAT AS SUSPECT!
TREAT AS SUSPECT!
I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone
(though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see. i got my $2,031.88 - fools!
lol...
do you realize that some stupid folks could now try to follow the scam-link?
c) I don't have a blockchain account.
TREAT AS SUSPECT!
TREAT AS SUSPECT!
I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone
(though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see. i got my $2,031.88 - fools!
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
So, I am wondering, if I would have fallen for that, would I have a problem?
In addition to the previous responder, if your attacker had access to an (encrypted) wallet backup then they woudl not need the YubiKey to open the wallet in Blockchain.info and coudl steal your monies!
You should keep (even encrypted) backup files very safe.
*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.
This is my favorite bit. I wonder where bitcoins go once they are 'reset'? lol.
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet. So, I am wondering, if I would have fallen for that, would I have a problem?
The best solution is to have the site bookmarked and always check it's the legit site first before you put anything in. 2 factor likely wont help you if you type that in as well but the site might be just hoping you don't have 2-factor set up.
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet. So, I am wondering, if I would have fallen for that, would I have a problem?
c) I don't have a blockchain account.
This is the only thing that can save you from future scams and hacks. You might have dodged this one even if you had a blockchain account, but scams get better and blockchain.info can get hacked too.
Not having a blockchain account or not storing any BTC there is the only viable option imo.
Yes, it's a total scam, but creatively done nonetheless....
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.
But as it's been said, that fee is ridiculous.
It's great to see these things posted about, and people need to be careful. I'm only pointing out that the person may have done a "good job" or been "creative" creating the scam, however they were oblivious that the fee would never be that large and would tip me off immediately... :/ Also, why would you need to check within so many hours or else lose your whole balance? How does that make any sense?
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.
The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.
The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.
Well the really smart ones will, but most of these scams tend to be from non-english speaking countries and thus have poor language skills. The thing is with these sorts of scams it doesn't take that much effort out to send mass emails and they might get lucky and catch a few big hits. At the end of the day itr's free money for them so anything is a bonus.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
Official site should be bloCkchains.info
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.
The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.
The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.
I wonder how they got your email to start with.
It's very likely that they got it from another service you signed up and used your email address. If that service gets hacked or is compromised then they could have access to your email address. I believe the Feathercoin forum was hacked a while back and peoples emails may have been compromised, but this could happen to any forum especially if they're not careful.
Yes, it's a total scam, but creatively done nonetheless....
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.
Thanks for the warning mate , It would be very helpful also if you can screenshot the email
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
So, I am wondering, if I would have fallen for that, would I have a problem?
I received one email just like this cpl of days back and as soon as I read it my inner voice goes "yeah right!"
so I tagged it as spam and then like half an hour later, went to blockchain wallet with my original identifier and my inner voice was right.
so I tagged it as spam and then like half an hour later, went to blockchain wallet with my original identifier and my inner voice was right.
Jump to: