Author

Topic: Coinbase Phishing - Be careful (Read 991 times)

legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
April 05, 2014, 04:20:56 AM
#15
Quote
732342.34425 BTC (worth ₹21,555,874,551.88 INR)

See he is trying to pay you at cheaper rate ₹21,555,874,551.88 / 732342.34425 = 29,434 Rs. Send a mail back to him to negotiate for better deals .. ha ha.. Tongue

I sent back a 1 satoshi invoice.
sr. member
Activity: 378
Merit: 250
April 04, 2014, 10:36:14 PM
#14
Quote
732342.34425 BTC (worth ₹21,555,874,551.88 INR)

See he is trying to pay you at cheaper rate ₹21,555,874,551.88 / 732342.34425 = 29,434 Rs. Send a mail back to him to negotiate for better deals .. ha ha.. Tongue
legendary
Activity: 1258
Merit: 1001
April 04, 2014, 03:40:44 AM
#13
Quote
Coinbase   
Hi Benson Samuel,

[email protected] just sent you a request to pay 732342.34425 BTC (worth ₹21,555,874,551.88 INR) using Coinbase.

Click here to sign in and complete this payment

Kind regards,
The Coinbase Team

Not a very smart way to phish, but possibility of accidental clicks are always there.
Be careful with invoices to a live coinbase account.
Could be a mt gox guy trying to recover their losses with one shot? haha
Just wondering what made him to think you have so many bitcoins though.
sr. member
Activity: 350
Merit: 252
REAL-EYES || REAL-IZE || REAL-LIES||
April 03, 2014, 03:34:39 AM
#12
Was just re-reading the article and it seems that these were not picked up from the Coinbase API, but were just invoices sent to all Coinbase customers. It is a nifty feature.
http://blog.coinbase.com/post/81407694500/update-on-coinbase-data-security

Quote
We’d also like to address the claim of a “leaked” list of Coinbase emails and user names.  This list (the size of which is less than one half of one percent of Coinbase users) was not the result of a data breach at Coinbase.  This list of emails was likely sourced from other sites - probably Bitcoin related ones.  It’s clear there was no data breach because no other user information is provided.

So, someone just found an e-mail list and sent them all invoices using the Coinbase API.
Hackers job is lot easier than a programmers ...! A programmer code's a program with so much pressure and a hacker jumps in and tells other ,bamm that line of code was wrong...! out of thousands of line it is hard to make sure you are doing everything correct all the time..!
 Long story short: Exchanges should take members security a lil more seriously now , I'm not saying that claims made by CB are false because I didn't received any such Phishing mail and I have a acc/ in CB ..! but they should always remain on their toes when it comes to members security.
legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
April 03, 2014, 03:04:51 AM
#11
Glad i didn't received it..! just wondering how they got the email address.? did they bought the database or hacked it.?

There was a leak and my ID found its way on a pastebin.

It is not really a leak, there is a way to get use user emails through the coinbase api. It is a harmless feature from what I can see.
I don't think that is harmless feature..! if anyone can get bulk emails. using CB api, the rate of spam and phishing will only go higher..!

Was just re-reading the article and it seems that these were not picked up from the Coinbase API, but were just invoices sent to all Coinbase customers. It is a nifty feature.
http://blog.coinbase.com/post/81407694500/update-on-coinbase-data-security

Quote
We’d also like to address the claim of a “leaked” list of Coinbase emails and user names.  This list (the size of which is less than one half of one percent of Coinbase users) was not the result of a data breach at Coinbase.  This list of emails was likely sourced from other sites - probably Bitcoin related ones.  It’s clear there was no data breach because no other user information is provided.

So, someone just found an e-mail list and sent them all invoices using the Coinbase API.
sr. member
Activity: 350
Merit: 252
REAL-EYES || REAL-IZE || REAL-LIES||
April 03, 2014, 03:00:03 AM
#10
Glad i didn't received it..! just wondering how they got the email address.? did they bought the database or hacked it.?

There was a leak and my ID found its way on a pastebin.

It is not really a leak, there is a way to get use user emails through the coinbase api. It is a harmless feature from what I can see.
I don't think that is harmless feature..! if anyone can get bulk emails. using CB api, the rate of spam and phishing will only go higher..!
legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
April 03, 2014, 02:55:18 AM
#9
Glad i didn't received it..! just wondering how they got the email address.? did they bought the database or hacked it.?

There was a leak and my ID found its way on a pastebin.

It is not really a leak, there is a way to get use user emails through the coinbase api. It is a harmless feature from what I can see.


Mt. Gox user DB leak ?

Coinbase. Not a DB leak, more like a well written script on their API to get use e-mail ID's.

http://pastebin.com/RzWipJFb
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
April 03, 2014, 02:45:30 AM
#8
Glad i didn't received it..! just wondering how they got the email address.? did they bought the database or hacked it.?

There was a leak and my ID found its way on a pastebin.

It is not really a leak, there is a way to get use user emails through the coinbase api. It is a harmless feature from what I can see.


Mt. Gox user DB leak ?
legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
April 03, 2014, 02:22:05 AM
#7
Glad i didn't received it..! just wondering how they got the email address.? did they bought the database or hacked it.?

There was a leak and my ID found its way on a pastebin.

It is not really a leak, there is a way to get use user emails through the coinbase api. It is a harmless feature from what I can see.
sr. member
Activity: 350
Merit: 252
REAL-EYES || REAL-IZE || REAL-LIES||
April 02, 2014, 03:09:25 PM
#6
Glad i didn't received it..! just wondering how they got the email address.? did they bought the database or hacked it.?
hero member
Activity: 490
Merit: 500
April 02, 2014, 10:57:27 AM
#5
Thanks for the heads up, Benson
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
April 02, 2014, 07:11:09 AM
#4
Quote
Coinbase   
Hi Benson Samuel,

[email protected] just sent you a request to pay 732342.34425 BTC (worth ₹21,555,874,551.88 INR) using Coinbase.

Click here to sign in and complete this payment

Kind regards,
The Coinbase Team

Not a very smart way to phish, but possibility of accidental clicks are always there.
Be careful with invoices to a live coinbase account.

Phishing aside, that's very lucrative amount of BTC Cheesy
They should have at least chosen a viable amount like 20 BTC or something to not make people suspicious.
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
April 02, 2014, 06:21:40 AM
#3
Quote
Coinbase   
Hi Benson Samuel,

[email protected] just sent you a request to pay 732342.34425 BTC (worth ₹21,555,874,551.88 INR) using Coinbase.

Click here to sign in and complete this payment

Kind regards,
The Coinbase Team

Not a very smart way to phish, but possibility of accidental clicks are always there.
Be careful with invoices to a live coinbase account.

Lol @mailinator.com wat a noob

April 1 joke Wink
hero member
Activity: 546
Merit: 501
Cypherpunk and full-time CryptoAnarchist
April 01, 2014, 11:59:36 AM
#2
Quote
Coinbase   
Hi Benson Samuel,

[email protected] just sent you a request to pay 732342.34425 BTC (worth ₹21,555,874,551.88 INR) using Coinbase.

Click here to sign in and complete this payment

Kind regards,
The Coinbase Team

Not a very smart way to phish, but possibility of accidental clicks are always there.
Be careful with invoices to a live coinbase account.

Lol @mailinator.com wat a noob
legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
April 01, 2014, 03:05:43 AM
#1
Quote
Coinbase   
Hi Benson Samuel,

[email protected] just sent you a request to pay 732342.34425 BTC (worth ₹21,555,874,551.88 INR) using Coinbase.

Click here to sign in and complete this payment

Kind regards,
The Coinbase Team

Not a very smart way to phish, but possibility of accidental clicks are always there.
Be careful with invoices to a live coinbase account.
Jump to: