Topic: Bitsler casino phishing attack underway (Read 282 times)

No you did not lock. :p

Hello Gabriel. This is great if e-mail shows links of just main domain and not mirror domains. But if, for the reason you described, you must use mirror domain I suggest that you make note in e-mail that explains that the links are from mirror domain. Highlighting this will not come across like someone is trying to hide a phishing link in e-mail. Also it would be good idea to make domains of mirror links on main domain(bitsler.com), and and reference to this list in e-mail, just making a note that you are sending links from mirror domain and users can check that everything is legit on main bitsler domain.

This would definitely sound safer, and it would also promote good practice of avoiding of link clicking to your users.


Sorry this was my mistake, I read the mail too quick and understood it wrong.

These are good improvements, the message would be sent just to those who have balance, so it would be less space for misunderstanding.


Thanks for your clarifications and feedback, I will now lock the topic.

1st, welcome back boss Gabriel.

---

Yeah this if already resolved should either be closed or moved to, scam-accusation (not guilty section).

To Theymos, maybe thats a good suggestion.

Hi ovcijisir,
Again, there is no problem with false alarms. However, I agree that the email template is a bit sloppy, and I’m happy to get feedback to improve it.
Indeed, we changed some settings with our email provider so players using our mirror domains to log in (like bitsler.gg) can still click our emails, but this leads to the issue you described. We made some adjustments, and you should now see only bitsler.com links (or whatever mirror you’re using) on transactional email CTAs.
About the urgency, if you received this email, it means you also received the 1st one 1 month ago, explaining that after 6months of inactivity, your account was now considered dormant. Then, after that, you will receive 1 email every month (like this one) until your account gets closed. We will give more context so it makes more sense to players who did not get/read the first email. Obviously, if you have any doubts you can always log in to Bitsler on your side without clicking that link in the email. Would it sound safer if we wrote that option in the email?
The amount of your balance was correct. When your account becomes dormant, all your balances are converted into USDT. That said, I agree it makes no sense to mention so many decimals for USDT (old crypto habits :sweat_smile:). We will fix that asap.
Also, as others have mentioned, it’s kind of dumb to mention that more fees will be charged next month if the balance is already empty. As a quick fix, we will mention, “and if you still have balance.” Then, when time permits, we’ll try to make the mailing process more dynamic based on account balances, so we send those emails only if the balance is not empty yet.
I hope this helps answer your worries. If you guys have any other (doable:stuck_out_tongue:) suggestions, we’ll be happy to review them, but preferably in a more constructive section than the scam one.
Best,
Gabriel

Hello BitSler support, thank you for the feedback and sorry about raising false alarm, but your e-mail triggered too many red flags:

• url of link did not match website url
• e-mail demanded urgent action to avoid losing funds
• btc balance was not matching

I would thank you for clarifying the situation, it would be great if there would be some action to avoid false alarms like this in future, because crypto community must be extra cautious because tiny mistake like clicking wrong link could cost us our funds and mismatch between legit domain and link in e-mail is big red flag.

Hi,
Thank you for contacting us and trying to protect the community.
However, in this case, those emails are legit automated emails from Bitsler.
Our email provider uses our online domain to track clicks on the emails and redirect to the original domain we used on the backend (either bitsler.com or any of our mirror domains like bitsler.gg)
If we use a bitsler.com subdomain (like we did for some time), players using bitsler.gg would be unable to register or click the links from our emails.

Was it ever ascertained where the scammers obtain the email addresses from?

Same for me as far as I stopped using Bitsler more than a year ago. I do have the phishing email but I'm not dumb enough to click nor did I care to login and check anything.

I hope Bitsler didn't get breached somehow or sell any info. I always got the feeling they were pretty good as far as security on the site went.

I stopped using bitsler more than a year ago. I think I received the same time but I can't remember the details also, I have not checked the URL as I had stopped using the site. And I had just deleted the message and as the message was more than a month ago the trash has also gone.

If someone had funds on Bitsler and found this email  while being inactive on this gambling for a while, he would be affected by the panic. With Spear Phishing from the official email, the casino player may feel that the message is from a trusted source and rush to log in to his account through the phishing link.

Attention and caution are two important factors when dealing with these emails, whether the messages are related to a casino, exchange, or any other financial company. Any platform could be vulnerable to a breach of user data or other methods through which scammers could target the affected casino players. I will now report the phishing domain that ends with .info.

Not a bad attempt, considering that there is such a thing as dormant account fee where casinos and centralized services charge your account a fee if you haven't used it for a long time. But it's usually much longer than 30 days. 12 months is more likely. I have also had dummy accounts at online casinos deleted for never using them and only creating them to check certain data for the threads I have on Bitcointalk.

The scammers were a bit too hasty with their message and contradict themselves.
They state that your balance will expire soon, but also that your balance is 0. Not only that, but they warn you that they will charge another dormant account fee next month (from an account with a 0 balance). I have never heard or seen a casino account with a negative balance.

Other than that, I believe this could trick careless players and beginners.

That's why it's important to always scam the URLs you are going to before you use them. VirusTotal helps a lot here, but I am not sure if it can consistently detect phishing pages, as opposed to malware which it finds really well.

Your thread is a very important warning and message for those that do use Bitsler. If they click the links and enter their details they are going to make huge problems for themselves.

Not specifically related to this email but in the general sense, sometimes the scammers work very hard to try to fool potential victims and the attempts are both elaborate and sophisticated. People have to always be aware of possible phishing before they click any links no matter how genuine any emails might appear to be.

This looks like a typical phishing attack but it is a bit strange if they actually used real Bitsler email account.
It's more likely coming from similar domain or scammers used punycodes for that, but I would always check destination link before clicking on it.
Every time we register on some website we are increasing chances of our email and personal information being leaked, so be careful everyone.

Actually, I just checked my email to see if I had a similar message like the one you posted, and surprisingly, there was one - it was an old message from 2023. So, these scammers have been doing this for quite some time. Luckily, I didn’t have any balance in my Bitsler account back then, so I just ignored it.

Anyway, thanks for sharing! It’s a good warning for those who have accounts to be cautious and not fall for these scammers.

Please keep us informed if you receive anything, so we know if the scam is still going.


I do not remember that I used that username anywhere else, so there is high probability of user database leak.

Also, note that link to bitsler.info is exact scam copy of bitsler.com

You have to assume that the people who buy these email address lists in bulk try to correlate emails used on crypto related sites like for example coinbase to casinos that use crypto like bitsler. It is how scammers usually approach and if you are trying this in real life at least 10-20% will be correctly corelated.

Hence they send these scam emails in mass and those few people if they are frightened they will fall for the trap. The only way to prevent this is to learn how this scam works and delete those emails as soon as you get them.

How do they get your email? I’m just curious because if they have your email, and you only use it for your Bitsler account, then it’s possible that it was leaked from Bitsler. I’ve received some phishing attempts as well, but mine were from an exchange, Coinbase. I wasn’t too surprised, though, since I use that email for various online activities.

Checked all, and nothing suspicious for now.
If the campaign has just started, scammers may be working in batches, maybe in time other Bitsler users will receive similar emails.

I have not yet informed Bitsler, but thank you for reminder.


Edit. Bitsler support informed
https://bitcointalksearch.org/topic/m.64831827



The username in e-mail is the same I have on my Bitsler account. It is good idea to check spam folder too, e-mail could be there.