Author

Topic: Bitcoin Payment Recieved scam (Read 2758 times)

newbie
Activity: 27
Merit: 0
November 25, 2014, 03:57:17 AM
#33
Fishing letter ???Please be careful with it.
legendary
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
November 24, 2014, 03:24:52 AM
#32
Your paste of the email shows where the link really leads
legendary
Activity: 1540
Merit: 1001
Crypto since 2014
November 24, 2014, 01:15:46 AM
#31
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.
I heard somewhere that they purposely spell their emails wrong to weed out all of the smart people and are left with the stupid people.
hero member
Activity: 686
Merit: 500
November 23, 2014, 07:02:06 PM
#30
*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.

This is my favorite bit. I wonder where bitcoins go once they are 'reset'? lol.

I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet.

The best solution is to have the site bookmarked and always check it's the legit site first before you put anything in. 2 factor likely wont help you if you type that in as well but the site might be just hoping you don't have 2-factor set up.
2FA with blockchain.info wallets is really nothing more then a false sense of security and they really should disable it. All it does is delay an attacker from being able to log into your identifier without our 2FA device however they can potentially get past this via social engineering blockchain support and/or getting a backup of your encrypted wallet file and importing it into their own identifier with the same password(s) that your identifier has
legendary
Activity: 3472
Merit: 10611
November 21, 2014, 12:39:30 PM
#29
I've just received an e-mail from [email protected] titled "Bitcoin Payment Recieved" claiming that I've received $2,031.88

Of course it's asking my to log on to my blockchain account.

I'm treating it as a scam because a) mispelling in title b) e-mail is NOT from blockchain address, and c) I don't have a blockchain account.


TREAT AS SUSPECT!
i suggest doing a couple of things:
1) enabling 2FA
2) bookmarking the real address and using it every time
3) in email you can add filters that move specific emails from senders to specific folders that you create, that way any other email that is just similar will go into "inbox" and real emails from the real sender in this case blockchain.info will go inside that folder
hero member
Activity: 525
Merit: 500
November 21, 2014, 11:44:12 AM
#28
c) I don't have a blockchain account.


TREAT AS SUSPECT!

I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  Grin (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see.


i got my $2,031.88 - fools!



lol...
do you realize that some stupid folks could now try to follow the scam-link?

LOL, or leave him negative feedback from promoting a scam Cheesy (though if anyone lost money because of a joke/sarcasm it's probably their own fault).
sr. member
Activity: 266
Merit: 250
November 21, 2014, 11:04:16 AM
#27
c) I don't have a blockchain account.


TREAT AS SUSPECT!

I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  Grin (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see.


i got my $2,031.88 - fools!



lol...
do you realize that some stupid folks could now try to follow the scam-link?
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
November 21, 2014, 10:59:06 AM
#26
c) I don't have a blockchain account.


TREAT AS SUSPECT!

I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  Grin (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see.


i got my $2,031.88 - fools!

sr. member
Activity: 302
Merit: 250
November 21, 2014, 10:57:18 AM
#25
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?

In addition to the previous responder, if your attacker had access to an (encrypted) wallet backup then they woudl not need the YubiKey to open the wallet in Blockchain.info and coudl steal your monies!

You should keep (even encrypted) backup files very safe.
hero member
Activity: 976
Merit: 575
Cryptophile at large
November 21, 2014, 10:34:03 AM
#24
*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.

This is my favorite bit. I wonder where bitcoins go once they are 'reset'? lol.

I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet.

The best solution is to have the site bookmarked and always check it's the legit site first before you put anything in. 2 factor likely wont help you if you type that in as well but the site might be just hoping you don't have 2-factor set up.
legendary
Activity: 906
Merit: 1002
November 21, 2014, 09:58:54 AM
#23
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet.

c) I don't have a blockchain account.

This is the only thing that can save you from future scams and hacks. You might have dodged this one even if you had a blockchain account, but scams get better and blockchain.info can get hacked too.

Not having a blockchain account or not storing any BTC there is the only viable option imo.
Everything is done on the client side (key creation, key encryption/decryption TX pushing) so as long as you are using their wallet you should be fine. You just need to be sure that you are actually using their wallet and not an imposter; their wallet is open source and is available on github so you could potentially get it from there and run it locally
hero member
Activity: 504
Merit: 500
November 21, 2014, 09:31:38 AM
#22
Yes, it's a total scam, but creatively done nonetheless....
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.


But as it's been said, that fee is ridiculous.

It's great to see these things posted about, and people need to be careful. I'm only pointing out that the person may have done a "good job" or been "creative" creating the scam, however they were oblivious that the fee would never be that large and would tip me off immediately... :/ Also, why would you need to check within so many hours or else lose your whole balance? How does that make any sense?
hero member
Activity: 525
Merit: 500
November 21, 2014, 09:04:14 AM
#21
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.

The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.

Well the really smart ones will, but most of these scams tend to be from non-english speaking countries and thus have poor language skills. The thing is with these sorts of scams it doesn't take that much effort out to send mass emails and they might get lucky and catch a few big hits. At the end of the day itr's free money for them so anything is a bonus.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
November 21, 2014, 09:02:39 AM
#20

Official site should be bloCkchains.info
This post shows that you yourself will be scammed, and get others scammed in the process too. it is blockchain.info, not blockchainS.
hero member
Activity: 910
Merit: 509
November 21, 2014, 09:00:43 AM
#19
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.

The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.
hero member
Activity: 525
Merit: 500
November 21, 2014, 08:56:06 AM
#18
I wonder how they got your email to start with.

It's very likely that they got it from another service you signed up and used your email address. If that service gets hacked or is compromised then they could have access to your email address. I believe the Feathercoin forum was hacked a while back and peoples emails may have been compromised, but this could happen to any forum especially if they're not careful.
sr. member
Activity: 308
Merit: 250
November 21, 2014, 08:41:49 AM
#17
Yes, it's a total scam, but creatively done nonetheless....
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.
sr. member
Activity: 353
Merit: 250
Zichain
November 21, 2014, 06:03:35 AM
#16
Thanks for the warning mate , It would be very helpful also if you can screenshot the email
hero member
Activity: 714
Merit: 500
November 21, 2014, 05:05:41 AM
#15
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
hero member
Activity: 672
Merit: 502
November 21, 2014, 04:58:42 AM
#14
I received one email just like this cpl of days back and as soon as I read it my inner voice goes "yeah right!" Grin

so I tagged it as spam and then like half an hour later, went to blockchain wallet with my original identifier and my inner voice was right.  Cheesy
newbie
Activity: 50
Merit: 0
November 21, 2014, 04:54:57 AM
#13
I wonder how they got your email to start with.
legendary
Activity: 1734
Merit: 1015
November 21, 2014, 04:27:41 AM
#12
c) I don't have a blockchain account.

This is the only thing that can save you from future scams and hacks. You might have dodged this one even if you had a blockchain account, but scams get better and blockchain.info can get hacked too.

Not having a blockchain account or not storing any BTC there is the only viable option imo.
legendary
Activity: 1638
Merit: 1010
https://www.bitcoin.com/
November 21, 2014, 12:49:26 AM
#11
Sure is a scam, $34.56 transaction fee for sending $2031.88
This scammer obviously doesn't know bitcoin very well, he must be thinking of bank fees.
legendary
Activity: 1386
Merit: 1016
November 20, 2014, 11:27:21 PM
#10
I have blockchain. Info wallet. I have a habbit when I receives bitcoin payment email, I will click the tx and see how much I have received then click my bitcoin address on that page. I remember all my address in blockchain.info. If I found the strange bitcoin receiving address, I will be suspicious. I never sign  in my blockchain account unless I need to make a payment.
hero member
Activity: 1106
Merit: 527
November 20, 2014, 10:40:23 PM
#9
do you sure the mail send by "blokchains.info"?

text version of the mail...
this email address is not from mtgox or bct.. curious where they got it from...

Subject:    Bitcoin Payment Recieved
Date:    Thu, 20 Nov 2014 12:49:49 -0500
From:    [email protected] <[email protected]>
To:    [email protected]



   transaction summary!

**Amount Recieved :** $2,031.88
**Transaction Fee :** $34.56
**Sent Time : *20/11/14

*Confirm Login Link :*

https://blockchain.info/wallet/login

Transaction Containing outputs from which we were unable to decode a
bitcoin address

*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.

*
*
*

aha, I‘m careless  Grin

it's blokchains.info miss the letter c

Official site should be bloCkchains.info
sr. member
Activity: 266
Merit: 250
November 20, 2014, 10:32:56 PM
#8
do you sure the mail send by "blokchains.info"?

text version of the mail...
this email address is not from mtgox or bct.. curious where they got it from...

Subject:    Bitcoin Payment Recieved
Date:    Thu, 20 Nov 2014 12:49:49 -0500
From:    [email protected] <[email protected]>
To:    [email protected]



   transaction summary!

**Amount Recieved :** $2,031.88
**Transaction Fee :** $34.56
**Sent Time : *20/11/14

*Confirm Login Link :*

https://blockchain.info/wallet/login

Transaction Containing outputs from which we were unable to decode a
bitcoin address

*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.

*
*
*
hero member
Activity: 1106
Merit: 527
November 20, 2014, 10:27:58 PM
#7
do you sure the mail send by "blokchains.info"?
mkc
hero member
Activity: 517
Merit: 501
November 20, 2014, 08:07:43 PM
#6
Yeah, me too. Almost fall for it. Until my browser blocked me ...
sr. member
Activity: 266
Merit: 250
November 20, 2014, 08:04:14 PM
#5
i got the same mail...
legendary
Activity: 906
Merit: 1002
November 20, 2014, 08:03:38 PM
#4
c) I don't have a blockchain account.


TREAT AS SUSPECT!

I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  Grin (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see.
The attacker is likely betting that the OP does not know what his addresses are outside of his wallet so he would be forced to log into blockchain.info to check his balance/see the received funds.

I would guess that the cost of sending such spam would be somewhat cheap and would be more then paid for if only one or two people were to leak their identifier/password to the phishing site and do not have a 2nd password enabled.
global moderator
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
November 20, 2014, 03:08:08 PM
#3
c) I don't have a blockchain account.


TREAT AS SUSPECT!

I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  Grin (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see.
hero member
Activity: 784
Merit: 1000
Pools Of Honor
November 20, 2014, 03:01:57 PM
#2
thanks... happened to me too...
hero member
Activity: 560
Merit: 500
November 20, 2014, 02:37:32 PM
#1
I've just received an e-mail from [email protected] titled "Bitcoin Payment Recieved" claiming that I've received $2,031.88

Of course it's asking my to log on to my blockchain account.

I'm treating it as a scam because a) mispelling in title b) e-mail is NOT from blockchain address, and c) I don't have a blockchain account.


TREAT AS SUSPECT!
Jump to: