Pages:
Author

Topic: Bitcoin Payment Recieved scam (Read 2758 times)

newbie
Activity: 27
Merit: 0
November 25, 2014, 03:57:17 AM
#33
Fishing letter ???Please be careful with it.
legendary
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
November 24, 2014, 03:24:52 AM
#32
Your paste of the email shows where the link really leads
legendary
Activity: 1540
Merit: 1001
Crypto since 2014
November 24, 2014, 01:15:46 AM
#31
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.
I heard somewhere that they purposely spell their emails wrong to weed out all of the smart people and are left with the stupid people.
hero member
Activity: 686
Merit: 500
November 23, 2014, 07:02:06 PM
#30
*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.

This is my favorite bit. I wonder where bitcoins go once they are 'reset'? lol.

I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet.

The best solution is to have the site bookmarked and always check it's the legit site first before you put anything in. 2 factor likely wont help you if you type that in as well but the site might be just hoping you don't have 2-factor set up.
2FA with blockchain.info wallets is really nothing more then a false sense of security and they really should disable it. All it does is delay an attacker from being able to log into your identifier without our 2FA device however they can potentially get past this via social engineering blockchain support and/or getting a backup of your encrypted wallet file and importing it into their own identifier with the same password(s) that your identifier has
legendary
Activity: 3472
Merit: 10611
November 21, 2014, 12:39:30 PM
#29
I've just received an e-mail from [email protected] titled "Bitcoin Payment Recieved" claiming that I've received $2,031.88

Of course it's asking my to log on to my blockchain account.

I'm treating it as a scam because a) mispelling in title b) e-mail is NOT from blockchain address, and c) I don't have a blockchain account.


TREAT AS SUSPECT!
i suggest doing a couple of things:
1) enabling 2FA
2) bookmarking the real address and using it every time
3) in email you can add filters that move specific emails from senders to specific folders that you create, that way any other email that is just similar will go into "inbox" and real emails from the real sender in this case blockchain.info will go inside that folder
hero member
Activity: 525
Merit: 500
November 21, 2014, 11:44:12 AM
#28
c) I don't have a blockchain account.


TREAT AS SUSPECT!

I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  Grin (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see.


i got my $2,031.88 - fools!



lol...
do you realize that some stupid folks could now try to follow the scam-link?

LOL, or leave him negative feedback from promoting a scam Cheesy (though if anyone lost money because of a joke/sarcasm it's probably their own fault).
sr. member
Activity: 266
Merit: 250
November 21, 2014, 11:04:16 AM
#27
c) I don't have a blockchain account.


TREAT AS SUSPECT!

I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  Grin (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see.


i got my $2,031.88 - fools!



lol...
do you realize that some stupid folks could now try to follow the scam-link?
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
November 21, 2014, 10:59:06 AM
#26
c) I don't have a blockchain account.


TREAT AS SUSPECT!

I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  Grin (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see.


i got my $2,031.88 - fools!

sr. member
Activity: 302
Merit: 250
November 21, 2014, 10:57:18 AM
#25
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?

In addition to the previous responder, if your attacker had access to an (encrypted) wallet backup then they woudl not need the YubiKey to open the wallet in Blockchain.info and coudl steal your monies!

You should keep (even encrypted) backup files very safe.
hero member
Activity: 976
Merit: 575
Cryptophile at large
November 21, 2014, 10:34:03 AM
#24
*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.

This is my favorite bit. I wonder where bitcoins go once they are 'reset'? lol.

I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet.

The best solution is to have the site bookmarked and always check it's the legit site first before you put anything in. 2 factor likely wont help you if you type that in as well but the site might be just hoping you don't have 2-factor set up.
legendary
Activity: 906
Merit: 1002
November 21, 2014, 09:58:54 AM
#23
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet.

c) I don't have a blockchain account.

This is the only thing that can save you from future scams and hacks. You might have dodged this one even if you had a blockchain account, but scams get better and blockchain.info can get hacked too.

Not having a blockchain account or not storing any BTC there is the only viable option imo.
Everything is done on the client side (key creation, key encryption/decryption TX pushing) so as long as you are using their wallet you should be fine. You just need to be sure that you are actually using their wallet and not an imposter; their wallet is open source and is available on github so you could potentially get it from there and run it locally
hero member
Activity: 504
Merit: 500
November 21, 2014, 09:31:38 AM
#22
Yes, it's a total scam, but creatively done nonetheless....
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.


But as it's been said, that fee is ridiculous.

It's great to see these things posted about, and people need to be careful. I'm only pointing out that the person may have done a "good job" or been "creative" creating the scam, however they were oblivious that the fee would never be that large and would tip me off immediately... :/ Also, why would you need to check within so many hours or else lose your whole balance? How does that make any sense?
hero member
Activity: 525
Merit: 500
November 21, 2014, 09:04:14 AM
#21
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.

The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.

Well the really smart ones will, but most of these scams tend to be from non-english speaking countries and thus have poor language skills. The thing is with these sorts of scams it doesn't take that much effort out to send mass emails and they might get lucky and catch a few big hits. At the end of the day itr's free money for them so anything is a bonus.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
November 21, 2014, 09:02:39 AM
#20

Official site should be bloCkchains.info
This post shows that you yourself will be scammed, and get others scammed in the process too. it is blockchain.info, not blockchainS.
hero member
Activity: 910
Merit: 509
November 21, 2014, 09:00:43 AM
#19
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.

The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.
hero member
Activity: 525
Merit: 500
November 21, 2014, 08:56:06 AM
#18
I wonder how they got your email to start with.

It's very likely that they got it from another service you signed up and used your email address. If that service gets hacked or is compromised then they could have access to your email address. I believe the Feathercoin forum was hacked a while back and peoples emails may have been compromised, but this could happen to any forum especially if they're not careful.
sr. member
Activity: 308
Merit: 250
November 21, 2014, 08:41:49 AM
#17
Yes, it's a total scam, but creatively done nonetheless....
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.
sr. member
Activity: 353
Merit: 250
Zichain
November 21, 2014, 06:03:35 AM
#16
Thanks for the warning mate , It would be very helpful also if you can screenshot the email
hero member
Activity: 714
Merit: 500
November 21, 2014, 05:05:41 AM
#15
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
hero member
Activity: 672
Merit: 502
November 21, 2014, 04:58:42 AM
#14
I received one email just like this cpl of days back and as soon as I read it my inner voice goes "yeah right!" Grin

so I tagged it as spam and then like half an hour later, went to blockchain wallet with my original identifier and my inner voice was right.  Cheesy
Pages:
Jump to: