⚠️ How Scammer tried to Hack my Bitcointalk and how to Protect yourself?⚠️ - page 3.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: Saint-loup on August 08, 2019, 04:24:50 AM

Why the real owner doesn't say anything, if his account had been hacked? Huh

He would already come in meta or on this thread to report the hack, no?
There is something fishy.

He was active in July almost on a daily basis and has not posted anything since July 30th. After that he either got hacked or went rogue.
He is now banned so I guess that is it.

Regarding the phishing attempt.
If you have ticked to always be logged on to bitcointalk and you see that the site is asking for your login details you should be alarmed.
If you have not ticked that option bitcointalk will log you out after 1 hour so if you open a new tab where you are asked to enter your login details confirm it on the page you usually visit when you login to bitcointalk. If you are logged out there as well, everything is fine. Log back in on the site you have saved and you usually log in on bitcointalk. If you are still logged in but the other tab is asking you to login again - you know it is a phishing attempt.

All this above is for those that don't understand phishing sites and that bitcointak internal sites are marked in green when you hover over it with your mouse.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Saint-loup on August 08, 2019, 05:17:08 AM

Quote from: dkbit98 on August 08, 2019, 04:25:29 AM

OK.. please examine the case and catch the fish.
I reported on time, and as fast as I could.

Now your thread has been moved in the beginners section I think very few members will see it.
So I think you should open a thread in Economy > Trading Discussion > Reputation section, on Kingpin4321. It's the right place for flags and tags.
https://bitcointalk.org/index.php?board=129.0

Listen...
Someone else proposed that I move it to B&H since it is also a guide for newbies
and I don't have extra time to move topics all day round....
It is where it is now.

Thanks.

Quote from: rhomelmabini on August 08, 2019, 12:42:51 AM

Quote from: darklus123 on August 07, 2019, 10:40:31 PM

Nice catch tho, it can really be pretty obvious attempt from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.

Well, I've got this assumption that the hacker thinks he can get as this user is just a Member rank and have little to know about phishing. Not knowing what he tried to mess is a techy guy and even surpass him on the knowledge about those kinds of things.

It might be good to move this one on B&H board as it is more appropriate there. Nice catch OP.

Update:
Reported to Commodo also
https://www.comodo.com/home/internet-security/submit.php?url=http://sebiltv.com.tr/index/index.php?topic=5088858.0&&submissionType=1&source=1

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: dkbit98 on August 08, 2019, 04:25:29 AM

OK.. please examine the case and catch the fish.
I reported on time, and as fast as I could.

Now your thread has been moved in the beginners section I think very few members will see it.
So I think you should open a thread in Economy > Trading Discussion > Reputation section, on Kingpin4321. It's the right place for flags and tags.
https://bitcointalk.org/index.php?board=129.0

dkbit98

legendary

Activity: 2212

Merit: 7064

Update:

I reported fake website to this website
Phishtank
https://www.phishtank.com/

https://www.phishtank.com/phish_detail.php?phish_id=6152971

I also reported it with Watchdog extension
https://www.cryptopolice.com/

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: LoyceV on August 08, 2019, 04:21:10 AM

Quote from: dkbit98 on August 08, 2019, 04:14:09 AM

Code:

https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782

Firefox expands it to this:

Code:

https://bitcointalk.xn--og-hlc/index.php?topic=5154525.0#msg51488782

And then obviously can't find the site.

If I try this (the first 5 characters copied from the URL from the PM, then "test" added by me:

Code:

k.oгgtest

Firefox turns it into this:

Code:

http://www.k.xn--ogtest-pof/

What kind of sorcery is this?

Must be a diacritical sign I guess.

efialtis

legendary

Activity: 1750

Merit: 1363

www.gosubetting.com

Received exactly the same from the same user - thanks for pointing this out op!

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: LoyceV on August 08, 2019, 04:21:10 AM

Code:

k.oгgtest

Firefox turns it into this:

Code:

http://www.k.xn--ogtest-pof/

What kind of sorcery is this?

That's no sorcery, but IDNA encoding.

The following cyrillic letter is the cause of that:

Code:

г

This is quite frequently used by phishing sites to deceive others into clicking on a 'known' URL.
That's a known problem with unicode domain names.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: LoyceV on August 08, 2019, 04:21:10 AM

Quote from: dkbit98 on August 08, 2019, 04:14:09 AM

Code:

https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782

Firefox expands it to this:

Code:

https://bitcointalk.xn--og-hlc/index.php?topic=5154525.0#msg51488782

And then obviously can't find the site.

If I try this (the first 5 characters copied from the URL from the PM, then "test" added by me:

Code:

k.oгgtest

Firefox turns it into this:

Code:

http://www.k.xn--ogtest-pof/

What kind of sorcery is this?

It reminds me of the homograph attack, which is now automatically replacred on all English boards.

Some weird $hit yeah...
I noticed that also with domains.

I notified and reported Google and Symantec,
as well as Metamask thanks to mainconcept

Quote from: Saint-loup on August 08, 2019, 04:24:50 AM

Quote from: dkbit98 on August 08, 2019, 04:10:30 AM

Quote from: Saint-loup on August 08, 2019, 04:01:52 AM

Quote from: Bttzed03 on August 08, 2019, 03:14:06 AM

I wonder why the account (kingpin4321) isn't tagged yet.

Quote from: dkbit98 on August 07, 2019, 05:33:30 PM

I created it.

Add the flag in your OP.

I supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account, it could have been bought too.

Someone stated this before:

Quote from: morvillz7z on August 07, 2019, 05:19:16 PM

I think kingpin4321 fell for the exact same thing.

Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag. Embarrassed

A third known case (possibly even more) within the past 36 hours: Link

And I checked his history also.

Why the real owner doesn't say anything, if his account had been hacked? Huh

He would already come in meta and on this thread to report the hack, no?
There is something fishy.

OK.. please examine the case and catch the fish.
I reported on time, and as fast as I could.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: dkbit98 on August 08, 2019, 04:10:30 AM

Quote from: Saint-loup on August 08, 2019, 04:01:52 AM

Quote from: Bttzed03 on August 08, 2019, 03:14:06 AM

I wonder why the account (kingpin4321) isn't tagged yet.

Quote from: dkbit98 on August 07, 2019, 05:33:30 PM

I created it.

Add the flag in your OP.

I supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account, it could have been bought too.

Someone stated this before:

Quote from: morvillz7z on August 07, 2019, 05:19:16 PM

I think kingpin4321 fell for the exact same thing.

Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag. Embarrassed

A third known case (possibly even more) within the past 36 hours: Link

And I checked his history also.

Why the real owner doesn't say anything, if his account had been hacked? Huh

He would already come in meta or on this thread to report the hack, no?
There is something fishy.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: dkbit98 on August 08, 2019, 04:14:09 AM

Code:

https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782

Firefox expands it to this:

Code:

https://bitcointalk.xn--og-hlc/index.php?topic=5154525.0#msg51488782

And then obviously can't find the site.

If I try this (the first 5 characters copied from the URL from the PM, then "test" added by me:

Code:

k.oгgtest

Firefox turns it into this:

Code:

http://www.k.xn--ogtest-pof/

What kind of sorcery is this?

It reminds me of the homograph attack, which is now automatically replacred on all English boards.

This is the culprit:

Code:

г

Google confirms it's Cyrillic: https://en.wikipedia.org/wiki/Ge_(Cyrillic)

I guess theymos missed this one.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: LoyceV on August 08, 2019, 04:04:17 AM

Can you copy the URL as shown in the PM?

I'm asking because you can't do this (I can't even do it within quote tags, so I've replaced the "/" by "slash"):

Code:

[url=https://bitcointalkFAKE.org]http://bitcointalk.org[slashurl]

It shows like this:
https://bitcointalkFAKE.org

I think the scammer replaced the lower case L by an upper case i:

Code:

[url=https://bitcointalkFAKE.org]https://bitcointaIk.org[/url]

And now it works:
https://bitcointaIk.org

Sure I can.
Here it is:

Code:

https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782

Active now:

Code:

http://sebiltv.com.tr/index/index.php?topic=5088858.0&

NOTE to newbies:
Do NOT visit this links!

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Saint-loup on August 08, 2019, 04:01:52 AM

Quote from: Bttzed03 on August 08, 2019, 03:14:06 AM

I wonder why the account (kingpin4321) isn't tagged yet.

Quote from: dkbit98 on August 07, 2019, 05:33:30 PM

I created it.

Add the flag in your OP.

I supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account, it could have been bought too.

Someone stated this before:

Quote from: morvillz7z on August 07, 2019, 05:19:16 PM

I think kingpin4321 fell for the exact same thing.

Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag. Embarrassed

A third known case (possibly even more) within the past 36 hours: Link

And I checked his history also.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Can you copy the URL as shown in the PM?

I'm asking because you can't do this (I can't even do it within quote tags, so I've replaced the "/" by "slash"):

Code:

[url=https://bitcointalkFAKE.org]http://bitcointalk.org[slashurl]

It shows like this:
https://bitcointalkFAKE.org

I think the scammer replaced the lower case L by an upper case i:

Code:

[url=https://bitcointalkFAKE.org]https://bitcointaIk.org[/url]

And now it works:
https://bitcointaIk.org

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: Bttzed03 on August 08, 2019, 03:14:06 AM

I wonder why the account (kingpin4321) isn't tagged yet.

Quote from: dkbit98 on August 07, 2019, 05:33:30 PM

I created it.

Add the flag in your OP.

I've supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account or a bought account.

But yes I'm a little bit surprised to see that so few people have already done the same. Huh

https://bitcointalk.org/index.php?action=trust;u=2447711

Bttzed03

legendary

Activity: 2114

Merit: 1150

https://bitcoincleanup.com/

I wonder why the account (kingpin4321) isn't tagged yet.

Quote from: dkbit98 on August 07, 2019, 05:33:30 PM

I created it.

Add the flag in your OP.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: darklus123 on August 07, 2019, 10:40:31 PM

Nice catch tho, it can really be pretty obvious attempt from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.

Quote from: dkbit98 link=topic=5173531.msg52094489#msg52094489 date=1565214527

~

As if lightlord would even care. There is also actually no point in letting him know.

Same reason why he hacked user kingpin4321
and maybe he thinks members like me are stupid brainless sheeps.

Thank you for your 'advice'.

Quote from: mainconcept on August 08, 2019, 02:02:33 AM

I just opened a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3221

The site should be blocked through the MetaMask extension if they accept it.

Thanks.
Fake bitcointalk login website is still very much active!
I noticed that time is not changing on fake site June 07, 2019, 10:23:06 PM for now

https://whois.domaintools.com/sebiltv.com.tr

mainconcept

sr. member

Activity: 588

Merit: 422

I just opened a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3221

The site should be blocked through the MetaMask extension if they accept it.

rhomelmabini

hero member

Activity: 2030

Merit: 578

No God or Kings, only BITCOIN.

Quote from: darklus123 on August 07, 2019, 10:40:31 PM

Nice catch tho, it can really be pretty obvious attempt from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.

Well, I've got this assumption that the hacker thinks he can get as this user is just a Member rank and have little to know about phishing. Not knowing what he tried to mess is a techy guy and even surpass him on the knowledge about those kinds of things.

It might be good to move this one on B&H board as it is more appropriate there. Nice catch OP.

darklus123

hero member

Activity: 1246

Merit: 588

Nice catch tho, it can really be pretty obvious attempt from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.

Quote from: dkbit98 on August 07, 2019, 04:48:47 PM

~

As if lightlord would even care. There is also actually no point in letting him know.

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

I think it is good to use Trust, rather than Flag. Of if you still want to use Flag, it should be a Newbie Flag, as this Flag created by admin, on @newsilike:
https://bitcointalk.org/index.php?action=trust;u=157669
That guy has not broken any contract with you, and has not yet stolen your money.

Topic: ⚠️ How Scammer tried to Hack my Bitcointalk and how to Protect yourself?⚠️ - page 3. (Read 1507 times)