Author

Topic: ⚠️ How Scammer tried to Hack my Bitcointalk and how to Protect yourself?⚠️ (Read 1498 times)

legendary
Activity: 2212
Merit: 7064
Thanks for the heads up. While trained eyes might spot it from a mile away, it looks innocuous to many newbies. I guess that's why their PM is disabled by default as a counter-measure.

But I feel that the "You are navigating to an external link (insert link). Do you want to continue?" prompt page would be way more effective in nullifying these things.
Yeah, I guess that would be good update for bitcointalk forum, and I think it is easy to implement it fast.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
Thanks for the heads up. While trained eyes might spot it from a mile away, it looks innocuous to many newbies. I guess that's why their PM is disabled by default as a counter-measure.

But I feel that the "You are navigating to an external link (insert link). Do you want to continue?" prompt page would be way more effective in nullifying these things.
hero member
Activity: 2926
Merit: 567
bump

This is a very important thread that should be bump from time to time so people will be aware of ti to always look on the url of any site that you are going to visit especially Bitcointalk, your account here is very important especially if you have a high rank.
legendary
Activity: 2212
Merit: 7064
legendary
Activity: 2212
Merit: 7064
...

You have a nice little collection there Smiley

I don't know if we can find exact source for all off them,
as most of accounts used for this have been hacked.
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
Since this topic was bumped today i decided to look around and gather information about these very specific phishing attacks, code name - I've replied to you.
I believe all these PMs are sent by the same scammers, as you will see below, the first reported case dates from as early as 2016 and have not stopped yet.
What they all have in common is the message itself, which is the same: "Hi I've replied to you:

Here's a few of them (probably missing ones shared on local boards):

April 09, 2016 - https://bitcointalksearch.org/topic/sucker-attempted-to-hack-me-because-lisk-holder-1430961

March 13, 2017 - https://bitcointalksearch.org/topic/beware-of-phishing-attempts-1823854

April 24, 2017 - https://bitcointalksearch.org/topic/moneytalk69-sending-link-to-fake-bitcointalk-1884287

September 27, 2017 - https://bitcointalksearch.org/topic/beware-of-the-user-noobita-2212540

November 05, 2017 - https://bitcointalksearch.org/topic/did-i-get-hacked-need-help-2360981

November 10, 2017 - https://bitcointalksearch.org/topic/scammer-account-kiranoble-sends-private-messages-with-fishing-link-2384313

November 11, 2017 - https://bitcointalksearch.org/topic/jhong03-spreading-phishing-links-2385827

November 16, 2017 - https://bitcointalksearch.org/topic/be-careful-rosma-yeni-tried-to-fishphishing-me-2412522

November 17, 2017 - https://bitcointalksearch.org/topic/dolphin123-send-phishing-link-2415681

December 18, 2017 - https://bitcointalksearch.org/topic/tygr1269tygr-private-message-scam-2606107

March 10, 2018 - https://bitcointalksearch.org/topic/phishing-attempt-from-user-dayujun-3094992

March 12, 2018 - https://bitcointalksearch.org/topic/user-torbellino777-phishing-bitcointalk-users-3109869

March 14, 2018 - https://bitcointalk.org/index.php?topic=3120906.0;

March 25, 2018 - https://bitcointalksearch.org/topic/scammer-zulrayyan-3196724

March 25, 2018 - https://bitcointalksearch.org/topic/mark-this-scammer-with-red-ledigi-3197069

April 23, 2018 - https://bitcointalksearch.org/topic/sportsbetio-phishing-3378394

June 05, 2018 - https://bitcointalksearch.org/topic/infohati-hati-phishing-bitcointalkorg-mode-baru-4423403

June 05, 2018 - https://bitcointalksearch.org/topic/staff-kindly-handle-this-scamer-4419956

August 13, 2019 - https://bitcointalksearch.org/topic/user-zoneterror-probably-trying-to-steal-my-accountclear-phising-attempt-5175274
legendary
Activity: 2212
Merit: 7064
...

Yes. It is clearly connected and using same tactics, as I wrote in @morvillz7z topic.


This Phishing strategy became popular in this community with a different style of fraud. If you manage to avoid their first attempt of phishing they will think for another way and so on so forth.

In this case, everyone should continue not tired reading some advice from our fellow forum members, because there will be a time that we will fall to their trap and the last thing we could do is to regret that we didn't pay attention to the warning of the concern members.

Thanks for this awareness it may look like a simple thing to do but the way you let us see the actual photo of phishing will help us a lot to be aware when this kind of message will be sent to us especially those members who are not fluent in English including myself.




That is why I recommend everyone to have some fun and learn Phishing protection fast
by simply playing Quizzes that will teach you the basics of phishing.
And if you think you are an expert you can always test yourself again:
[LEARN] Phishing Quizzes - Beginners & Experts 👈
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Here are a couple more cases, with the same objective, but different kick-off approach:

[Beware]Bitcointalk PHISHING attempt by E-Mail
Fake airdrop / phishing website posted in "Services"

The former is initiated by the reception of an external Email allegedly sent from Bitcointalk, asking you to prove you are the owner of your account. The email obviously is not sent from Bitcointalk, but camouflaged just enough to make you think it might be. The contained phishing link looks like a regular Bitcointalk link, but it isn’t. You are directed to a phishing site that has an initial screen that asks you for your login credentials, it captures them, and then redirects you to Bitcointalk (official site, but obviously without having performed the actual real login).

The latter created an Airdrop thread, luring people to participate. He then PMs them, providing a phishing link similar to the above case (on the same domain and all; same site).
 
All in all, we need to place proper attention to cases such as these, and the one nicely detailed in the OP.
hero member
Activity: 2268
Merit: 588
You own the pen
This Phishing strategy became popular in this community with a different style of fraud. If you manage to avoid their first attempt of phishing they will think for another way and so on so forth.

In this case, everyone should continue not tired reading some advice from our fellow forum members, because there will be a time that we will fall to their trap and the last thing we could do is to regret that we didn't pay attention to the warning of the concern members.

Thanks for this awareness it may look like a simple thing to do but the way you let us see the actual photo of phishing will help us a lot to be aware when this kind of message will be sent to us especially those members who are not fluent in English including myself.

member
Activity: 952
Merit: 41
The rate at which scammers are trying to take over bitcointalk account this days is on the rise so one need to be careful as long as we all know what phishing sites are all about.
sr. member
Activity: 2030
Merit: 356
...

Yeah... I know all about this.
If someone wants to be evil he can always invent new ways to scam people.
One more thing he can do is to buy any bitcointalk alternative domains
https://www.namecheap.com/domains/registration/results.aspx?domain=bitcointalk


That is why I advice people to play anti-phishing quizzes
and learn protection in fun way:

https://bitcointalksearch.org/topic/learn-phishing-quizzes-beginners-experts-5178375

Being in an internet world, everyone should know what is phishing and what are the common ways by which scammers can scam you by impersonating the fake site as a real one. Since people do not listen and pay attention to these details, many have lost their accounts (social media & others) and even lost money from their bank accounts etc.
legendary
Activity: 2212
Merit: 7064
...

Yeah... I know all about this.
If someone wants to be evil he can always invent new ways to scam people.
One more thing he can do is to buy any bitcointalk alternative domains
https://www.namecheap.com/domains/registration/results.aspx?domain=bitcointalk


That is why I advice people to play anti-phishing quizzes
and learn protection in fun way:

https://bitcointalksearch.org/topic/learn-phishing-quizzes-beginners-experts-5178375
sr. member
Activity: 859
Merit: 251
I think everyone should think about personal security as a standard operating procedure. Gone are the days that simple and similar  passwords across all web properties are enough. Everything is getting on the Internet, even your finances. That's why every link should be thought as suspect.
sr. member
Activity: 1337
Merit: 288
0xbt
These scammers did a bad job.
I always look in the browser line.
And if I saw this nonsense, I would laugh.))

But there are trickier ways!
To do this, you need to register a domain using similar letters:
ì - í - ï - ı - i / ό - ὂ - ὄ - ὅ - ö - o .............
And the "bitcointalk" site might look like this:
bıtcoıntalk.org
bitcόintalk.org
bìtcoìntalk.org
bitcointȧlk.org
...............

An example of such a site is http://lokıdn.com/blog.php
And mail -  info@lokıdn.com

I tried to register a site with such letters(bıtcόìntȧlk).
Try it yourself - https://godaddy.com
And here's what happened:

https://uk.godaddy.com/domainsearch/find?checkAvail=1&domainToCheck=bıtcόìntȧlk


Therefore, we must be careful.

https://pentest.com.tr/blog/Lapse-of-Keyboard-at-Internationalized-Domain-Name-EN.html
https://en.wikipedia.org/wiki/Í
https://en.wikipedia.org/wiki/Acute_accent
https://en.wikipedia.org/wiki/Latin_script_in_Unicode
legendary
Activity: 3346
Merit: 3125
Great tutorial dkbit98, This phishing attack failed, but sadly some times the hacker has good luck and get access to the accounts... People are thinking, who is stupid enough to lose his account by this way, but we could be distracted and when we realize it was a fake page it's too late.

This was a phishing attack, just one of those multiples attacks we can see on this forum, so, we should walk carefully in this mined field. Thanks again for the tutorial, i will leave a merit on the main post Wink
legendary
Activity: 2212
Merit: 7064
Quote from: bob123
It is not about who is smarter, but who is more retarded (the target or the scammer).

IMO most scams around here are so blatantly obvious and no one would fall for it if they at least applied basic knowledge regarding securing their coins and common sense.
But unfortunately greed > common sense.

I agree with you.
Retarded greed wins most of the time when combined with hurry speed, lack of attention and get rich quick mentality.
Sadly if I may say  Undecided
legendary
Activity: 1624
Merit: 2481
Scammers are smart
Lol, who to believe?
scammers are often pretty stupid


It is not about who is smarter, but who is more retarded (the target or the scammer).

IMO most scams around here are so blatantly obvious and no one would fall for it if they at least applied basic knowledge regarding securing their coins and common sense.
But unfortunately greed > common sense.
legendary
Activity: 2212
Merit: 7064
Scammers are smart
Lol, who to believe?
scammers are often pretty stupid


Trust no one. VERIFY Grin

Modern viruses and trojans are not made by stupid, but rather evil individuals
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
newbie
Activity: 3
Merit: 0
thanks  Smiley
its reall helpfull for me to avoid any scam  Shocked
legendary
Activity: 1624
Merit: 2481
For instance, some versions of wallets like Electrum had vulnerabilities.

Just like any other wallet.

Each wallet had vulnerabilities in the past. There is not a single one which didn't.
And some do even still have vulnerabilities which will never be fixed (e.g. jaxx).



Also, don't click on any links you receive via pm or email unless you really know the sender.

Even if you know the sender you shouldn't click on links without verifying it.
If the original sender is compromised, malware could send emails to all contacts. While you'd believe the sender is a well known friend, in reality it is just some attacker who compromised the system of your friend.

Do not trust, verify.
legendary
Activity: 2212
Merit: 7064
Correct, what I mean is devices should be secured as much as possible, and should be the first priority of anyone who want to enter crypto world. Without devices security, they will lose money sooner or later.

I agree with you.
Scammers are smart and they always invent new ways to scam people,
so we have to update our devices on regular basis, and keep them protected as much as possible.

There is no perfect 100% protection ... sadly  Undecided

Make sure the updates are legit. Many programs gained new vulnerabilities after being updated. For instance, some versions of wallets like Electrum had vulnerabilities.
I always say that the safest way is to keep your money offline on a separate device and have another PC to use for torrents, opening emails, forums and chats, and so on.
Also, don't click on any links you receive via pm or email unless you really know the sender.

All good advises, and we should all know them,
but sadly many newbies don't, so we have to remind them all the time.
And even experts can become victims if they are not super careful
legendary
Activity: 2814
Merit: 1192
Correct, what I mean is devices should be secured as much as possible, and should be the first priority of anyone who want to enter crypto world. Without devices security, they will lose money sooner or later.

I agree with you.
Scammers are smart and they always invent new ways to scam people,
so we have to update our devices on regular basis, and keep them protected as much as possible.

There is no perfect 100% protection ... sadly  Undecided

Make sure the updates are legit. Many programs gained new vulnerabilities after being updated. For instance, some versions of wallets like Electrum had vulnerabilities.
I always say that the safest way is to keep your money offline on a separate device and have another PC to use for torrents, opening emails, forums and chats, and so on.
Also, don't click on any links you receive via pm or email unless you really know the sender.
newbie
Activity: 3
Merit: 0
Thanks for taking your time to do this especially for the newbies like us in the forum, I have just been scrolling and getting used to this forum, infact this is my first post so far. Thanks for the lesson.
legendary
Activity: 2212
Merit: 7064
Correct, what I mean is devices should be secured as much as possible, and should be the first priority of anyone who want to enter crypto world. Without devices security, they will lose money sooner or later.

I agree with you.
Scammers are smart and they always invent new ways to scam people,
so we have to update our devices on regular basis, and keep them protected as much as possible.

There is no perfect 100% protection ... sadly  Undecided
legendary
Activity: 2296
Merit: 1014
Correct, what I mean is devices should be secured as much as possible, and should be the first priority of anyone who want to enter crypto world. Without devices security, they will lose money sooner or later.
Which is very wide knowledge to learn. Its about knowing what you doing in computer world, knowing whats possible for hackers (almost everything) and whats not possible. Where you should focus your efforts to stay secure (crypto world).
This knowledge need often branches of more specialized computer knowledge to understand them.

Example from friend of friend, easiest to learn for him is by practice so he tried to write trojan horse, and he saw what is needed (from common shared knowledge) to avoid detection from Anti Virus software and now he knew that AV software is no good and you cant feel secure with it.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
Correct, what I mean is devices should be secured as much as possible, and should be the first priority of anyone who want to enter crypto world. Without devices security, they will lose money sooner or later.
legendary
Activity: 2212
Merit: 7064
another way to secure your profile is to Stake your Bitcoin address
This step is only helpful to secure forum accounts, not to secure bitcoin.  Grin
Hackers can hack your computers, steal your account, and steal your money.
You can use signed message to get your account back, while your bitcoin will be stolen forever. There is no backwards trip for your bitcoin from hackers to you.

But you can always use empty BTC address with no Bitcoins to stake your address  Wink
hero member
Activity: 1680
Merit: 583
xUSD - The PRIVATE stable coin - Haven Protocol
another way to secure your profile is to Stake your Bitcoin address
This step is only helpful to secure forum accounts, not to secure bitcoin.  Grin
Hackers can hack your computers, steal your account, and steal your money.
You can use signed message to get your account back, while your bitcoin will be stolen forever. There is no backwards trip for your bitcoin from hackers to you.
it's obvious
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
another way to secure your profile is to Stake your Bitcoin address
This step is only helpful to secure forum accounts, not to secure bitcoin.  Grin
Hackers can hack your computers, steal your account, and steal your money.
You can use signed message to get your account back, while your bitcoin will be stolen forever. There is no backwards trip for your bitcoin from hackers to you.
legendary
Activity: 2212
Merit: 7064
another way to secure your profile is to Stake your Bitcoin address

this is the most efficient way to prove your ownership of your Bitcointalk account -> Stake your Bitcoin address here

all you have to do is to use your BTC wallet and make a message like this ->

Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is at bitcointalk.org. The current date is .
-----BEGIN SIGNATURE-----


-----END BITCOIN SIGNED MESSAGE-----

and post it in that thread above, someone will quote you and you are safe
if you get hacked, you will proof your identity with your BTC wallet

the tutorial -> How to sign a message?!



Good point.
I added that on the list on page 1,
and I also staked my Bitcoin address some time ago Wink

One more thing would be good to have installed is
Malwarebytes Browser Extension

for Firefox
https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/?src=search

For Brave and Chrome browsers
https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee




hero member
Activity: 1680
Merit: 583
xUSD - The PRIVATE stable coin - Haven Protocol
another way to secure your profile is to Stake your Bitcoin address

this is the most efficient way to prove your ownership of your Bitcointalk account -> Stake your Bitcoin address here

all you have to do is to use your BTC wallet and make a message like this ->

Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is at bitcointalk.org. The current date is .
-----BEGIN SIGNATURE-----


-----END BITCOIN SIGNED MESSAGE-----

and post it in that thread above, someone will quote you and you are safe
if you get hacked, you will proof your identity with your BTC wallet

the tutorial -> How to sign a message?!


legendary
Activity: 2212
Merit: 7064
I just opened a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3221

The site should be blocked through the MetaMask extension if they accept it.

My pull request got accepted, MetaMask now blocks the site:


Great news!
Thank you for your support and fast response.
+merit


they've been doing this phishing since the dawn of time but it still works for some. it should be common sense to see something is wrong if there is the need to login again when you know you are already loggedin. the url of the website is very important to notice here.

It may be obvious for you and me, but average user can get distracted
thinking it is just a browser issue, and enter his details, resulting in his account being hacked.
legendary
Activity: 3178
Merit: 1054
they've been doing this phishing since the dawn of time but it still works for some. it should be common sense to see something is wrong if there is the need to login again when you know you are already loggedin. the url of the website is very important to notice here.

I just opened a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3221

The site should be blocked through the MetaMask extension if they accept it.

My pull request got accepted, MetaMask now blocks the site:



when you aren't sure which app to use your metamask, don't use it. browser apps aren't something you can controll, you may have the privkeys but pick which app to use your metamask.
sr. member
Activity: 588
Merit: 422
I just opened a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3221

The site should be blocked through the MetaMask extension if they accept it.

My pull request got accepted, MetaMask now blocks the site:

sr. member
Activity: 1050
Merit: 277
That is pretty clever and quite a nasty way to phish. You see the link and click and without thinking you login again. The thing is I always keep myself logged in so if I do log out it is because I logged out myself.
It is a bit odd to get a link right to the reply saying they have replied to you. Though this is a perfect way to let someone know you have replied. I think at anytime you are ever asked to login for any reason what so ever that you should check the address. Even pages I bookmark I check the address just incase.

Very nasty and very easy to fall for this if you not paying much attention which is easy.
legendary
Activity: 2604
Merit: 2353
OK.. please examine the case and catch the fish.
I reported on time, and as fast as I could.


Now your thread has been moved in the beginners section I think very few members will see it.
So I think you should open a thread in Economy > Trading Discussion > Reputation  section, on Kingpin4321. It's the right place for flags and tags.
https://bitcointalk.org/index.php?board=129.0
Listen...
Someone else proposed that I move it to B&H since it is also a guide for newbies
and I don't have extra time to move topics all day round....
It is where it is now.

Thanks.
Nice catch tho, it can really be pretty obvious attempt  from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.
Well, I've got this assumption that the hacker thinks he can get as this user is just a Member rank and have little to know about phishing. Not knowing what he tried to mess is a techy guy and even surpass him on the knowledge about those kinds of things.

It might be good to move this one on B&H board as it is more appropriate there. Nice catch OP.
You didn't understand me, I wasn't suggesting you to move this thread there but to create another one for flagging and tagging Kingpin4321 since he was still hurting people according to Efialtis testimonial.
Now he seems to have been banned, so the issue about him is closed, normally.  

BTW I don't think it's a topic for beginners since the hacker is not targeting newbie accounts and the case is raising concerns about homographic attacks, so it was a rather weird suggestion from this guy...  Undecided



All this above is for those that don't understand phishing sites and that bitcointak internal sites are marked in green when you hover over it with your mouse.
People are not only using old computers with mouse, we are in 2019 now.  Wink
legendary
Activity: 2212
Merit: 7064
One more thing.
It is better to use Firefox browser as it shows warnings for this unsecure logins

This does just mean that the website does not use https.
This is definitely NOT an indicator for the authenticity of a website.

I'd expect any phishing site not created by completely incapable people to have a TLS certificate. You can get them for free.

I know that  Grin
And I just say it is one more step to protect yourself better...
Firefox is better than Chrome... but you still need to use your brain.

As for better protection my suggestions are on first page
legendary
Activity: 1624
Merit: 2481
One more thing.
It is better to use Firefox browser as it shows warnings for this unsecure logins

This does just mean that the website does not use https.
This is definitely NOT an indicator for the authenticity of a website.

I'd expect any phishing site not created by completely incapable people to have a TLS certificate. You can get them for free.
legendary
Activity: 2212
Merit: 7064
One more thing.
It is better to use Firefox browser as it shows warnings for this unsecure logins



legendary
Activity: 2730
Merit: 7065
Why the real owner doesn't say anything, if his account had been hacked?  Huh
He would already come in meta or on this thread to report the hack, no?
There is something fishy.
He was active in July almost on a daily basis and has not posted anything since July 30th. After that he either got hacked or went rogue.
He is now banned so I guess that is it.

Regarding the phishing attempt.
If you have ticked to always be logged on to bitcointalk and you see that the site is asking for your login details you should be alarmed.
If you have not ticked that option bitcointalk will log you out after 1 hour so if you open a new tab where you are asked to enter your login details confirm it on the page you usually visit when you login to bitcointalk. If you are logged out there as well, everything is fine. Log back in on the site you have saved and you usually log in on bitcointalk. If you are still logged in but the other tab is asking you to login again - you know it is a phishing attempt.

All this above is for those that don't understand phishing sites and that bitcointak internal sites are marked in green when you hover over it with your mouse.
legendary
Activity: 2212
Merit: 7064
OK.. please examine the case and catch the fish.
I reported on time, and as fast as I could.


Now your thread has been moved in the beginners section I think very few members will see it.
So I think you should open a thread in Economy > Trading Discussion > Reputation  section, on Kingpin4321. It's the right place for flags and tags.
https://bitcointalk.org/index.php?board=129.0


Listen...
Someone else proposed that I move it to B&H since it is also a guide for newbies
and I don't have extra time to move topics all day round....
It is where it is now.

Thanks.

Nice catch tho, it can really be pretty obvious attempt  from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.
Well, I've got this assumption that the hacker thinks he can get as this user is just a Member rank and have little to know about phishing. Not knowing what he tried to mess is a techy guy and even surpass him on the knowledge about those kinds of things.

It might be good to move this one on B&H board as it is more appropriate there. Nice catch OP.


Update:
Reported to Commodo also
https://www.comodo.com/home/internet-security/submit.php?url=http://sebiltv.com.tr/index/index.php?topic=5088858.0&&submissionType=1&source=1
legendary
Activity: 2604
Merit: 2353
OK.. please examine the case and catch the fish.
I reported on time, and as fast as I could.


Now your thread has been moved in the beginners section I think very few members will see it.
So I think you should open a thread in Economy > Trading Discussion > Reputation  section, on Kingpin4321. It's the right place for flags and tags.
https://bitcointalk.org/index.php?board=129.0
legendary
Activity: 2212
Merit: 7064
legendary
Activity: 2604
Merit: 2353
Code:
https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782
Firefox expands it to this:
Code:
https://bitcointalk.xn--og-hlc/index.php?topic=5154525.0#msg51488782
And then obviously can't find the site.

If I try this (the first 5 characters copied from the URL from the PM, then "test" added by me:
Code:
k.oгgtest
Firefox turns it into this:
Code:
http://www.k.xn--ogtest-pof/
What kind of sorcery is this?
Must be a diacritical sign I guess.
legendary
Activity: 1750
Merit: 1363
www.gosubetting.com
Received exactly the same from the same user - thanks for pointing this out op!
legendary
Activity: 1624
Merit: 2481
Code:
k.oгgtest
Firefox turns it into this:
Code:
http://www.k.xn--ogtest-pof/
What kind of sorcery is this?

That's no sorcery, but IDNA encoding.

The following cyrillic letter is the cause of that:
Code:
г

This is quite frequently used by phishing sites to deceive others into clicking on a 'known' URL.
That's a known problem with unicode domain names.
legendary
Activity: 2212
Merit: 7064
Code:
https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782
Firefox expands it to this:
Code:
https://bitcointalk.xn--og-hlc/index.php?topic=5154525.0#msg51488782
And then obviously can't find the site.

If I try this (the first 5 characters copied from the URL from the PM, then "test" added by me:
Code:
k.oгgtest
Firefox turns it into this:
Code:
http://www.k.xn--ogtest-pof/
What kind of sorcery is this?

It reminds me of the homograph attack, which is now automatically replacred on all English boards.

Some weird $hit yeah...
I noticed that also with domains.

I notified and reported Google and Symantec,
as well as Metamask thanks to mainconcept


I wonder why the account (kingpin4321) isn't tagged yet.

I created it.
Add the flag in your OP.
I supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account, it could have been bought too.

Someone stated this before:

I think kingpin4321 fell for the exact same thing.

Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag.  Embarrassed

A third known case (possibly even more) within the past 36 hours: Link

And I checked his history also.
Why the real owner doesn't say anything, if his account had been hacked?  Huh
He would already come in meta and on this thread to report the hack, no?
There is something fishy.

OK.. please examine the case and catch the fish.
I reported on time, and as fast as I could.

legendary
Activity: 2604
Merit: 2353
I wonder why the account (kingpin4321) isn't tagged yet.

I created it.
Add the flag in your OP.
I supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account, it could have been bought too.

Someone stated this before:

I think kingpin4321 fell for the exact same thing.

Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag.  Embarrassed

A third known case (possibly even more) within the past 36 hours: Link

And I checked his history also.
Why the real owner doesn't say anything, if his account had been hacked?  Huh
He would already come in meta or on this thread to report the hack, no?
There is something fishy.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Code:
https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782
Firefox expands it to this:
Code:
https://bitcointalk.xn--og-hlc/index.php?topic=5154525.0#msg51488782
And then obviously can't find the site.

If I try this (the first 5 characters copied from the URL from the PM, then "test" added by me:
Code:
k.oгgtest
Firefox turns it into this:
Code:
http://www.k.xn--ogtest-pof/
What kind of sorcery is this?

It reminds me of the homograph attack, which is now automatically replacred on all English boards.

This is the culprit:
Code:
г
Google confirms it's Cyrillic: https://en.wikipedia.org/wiki/Ge_(Cyrillic)

I guess theymos missed this one.
legendary
Activity: 2212
Merit: 7064
Can you copy the URL as shown in the PM?

I'm asking because you can't do this (I can't even do it within quote tags, so I've replaced the "/" by "slash"):
Code:
[url=https://bitcointalkFAKE.org]http://bitcointalk.org[slashurl]
It shows like this:
https://bitcointalkFAKE.org

I think the scammer replaced the lower case L by an upper case i:
Code:
[url=https://bitcointalkFAKE.org]https://bitcointaIk.org[/url]

And now it works:
https://bitcointaIk.org


Sure I can.
Here it is:

Code:
https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782

Active now:
Code:
http://sebiltv.com.tr/index/index.php?topic=5088858.0&

NOTE to newbies:
Do NOT visit this links!
legendary
Activity: 2212
Merit: 7064
I wonder why the account (kingpin4321) isn't tagged yet.

I created it.
Add the flag in your OP.
I supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account, it could have been bought too.

Someone stated this before:

I think kingpin4321 fell for the exact same thing.

Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag.  Embarrassed

A third known case (possibly even more) within the past 36 hours: Link

And I checked his history also.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Can you copy the URL as shown in the PM?

I'm asking because you can't do this (I can't even do it within quote tags, so I've replaced the "/" by "slash"):
Code:
[url=https://bitcointalkFAKE.org]http://bitcointalk.org[slashurl]
It shows like this:
https://bitcointalkFAKE.org

I think the scammer replaced the lower case L by an upper case i:
Code:
[url=https://bitcointalkFAKE.org]https://bitcointaIk.org[/url]

And now it works:
https://bitcointaIk.org
legendary
Activity: 2604
Merit: 2353
I wonder why the account (kingpin4321) isn't tagged yet.

I created it.
Add the flag in your OP.
I've supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account or a bought account.

But yes I'm a little bit surprised to see that so few people have already done the same.  Huh


https://bitcointalk.org/index.php?action=trust;u=2447711
legendary
Activity: 2114
Merit: 1150
https://bitcoincleanup.com/
I wonder why the account (kingpin4321) isn't tagged yet.

I created it.
Add the flag in your OP.
legendary
Activity: 2212
Merit: 7064
Nice catch tho, it can really be pretty obvious attempt  from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.

 
Quote from: dkbit98  link=topic=5173531.msg52094489#msg52094489 date=1565214527
~
As if lightlord would even care. There is also actually no point in letting him know.

Same reason why he hacked user kingpin4321
and maybe he thinks members like me are stupid brainless sheeps.

Thank you for your 'advice'.

I just opened a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3221

The site should be blocked through the MetaMask extension if they accept it.



Thanks.
Fake bitcointalk login website is still very much active!
I noticed that time is not changing on fake site June 07, 2019, 10:23:06 PM for now

https://whois.domaintools.com/sebiltv.com.tr








sr. member
Activity: 588
Merit: 422
I just opened a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3221

The site should be blocked through the MetaMask extension if they accept it.

hero member
Activity: 2030
Merit: 578
No God or Kings, only BITCOIN.
Nice catch tho, it can really be pretty obvious attempt  from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.
Well, I've got this assumption that the hacker thinks he can get as this user is just a Member rank and have little to know about phishing. Not knowing what he tried to mess is a techy guy and even surpass him on the knowledge about those kinds of things.

It might be good to move this one on B&H board as it is more appropriate there. Nice catch OP.
hero member
Activity: 1246
Merit: 588
Nice catch tho, it can really be pretty obvious attempt  from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.

 
~
As if lightlord would even care. There is also actually no point in letting him know.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
I think it is good to use Trust, rather than Flag.  Of if you still want to use Flag, it should be a Newbie Flag, as this Flag created by admin, on @newsilike:
https://bitcointalk.org/index.php?action=trust;u=157669
That guy has not broken any contract with you, and has not yet stolen your money.
legendary
Activity: 2212
Merit: 7064
To OP,
Mind to create flag for kingpin4321?
i will support you.

I can do it... my only concern is that it is a hacked account,
and even if I want to punish the hacker, I also want to bring back original user kingpin4321.

Maybe it is best to wait for moderators to decide.

EDIT:
I created it.
Who knows how many users he contacted...

hero member
Activity: 994
Merit: 593
aka JAGEND.
To OP,
Mind to create flag for kingpin4321?
i will support you.


legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
I think kingpin4321 fell for the exact same thing.

Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag.  Embarrassed

A third known case (possibly even more) within the past 36 hours: Link
legendary
Activity: 2212
Merit: 7064
On this forum, when you rollover with the cursor the link is green if it’s a link from this forum, it’s blue, if is a link outside of this forum
So, this is also a way to prevent to click on a scam link

I will add that also.
Thanks
hero member
Activity: 1680
Merit: 583
xUSD - The PRIVATE stable coin - Haven Protocol
On this forum, when you rollover with the cursor the link is green if it’s a link from this forum, it’s blue, if is a link outside of this forum
So, this is also a way to prevent to click on a scam link
legendary
Activity: 2212
Merit: 7064
Thanks.

One more thing I noticed, after I entered fake account information with password FU.K YOUXXX
is that it redirects me to regular Bitvest Plinko Signature Campaign after it takes my 'login details'
https://bitcointalksearch.org/topic/open-bitvestio-plinko-sign-camp-member-hero-acceptednew2-5088858

Maybe lightlord, creator of this topic, should be contacted regarding this,
just that he is aware of the situation.
They are probably using other random links, with malicious attachments.

One more way to super protect is to install browser extension called NoScript, but it is a bit complex.
legendary
Activity: 3136
Merit: 3213
Nice guide and Information about that phishing site and how they doing it .
Hope that this are reading a lot of users and that not much fall into the trap with that .
Nice catch .
legendary
Activity: 2212
Merit: 7064
Hello my fellow Bitcointalkers!

Today I will show you how one scammer tried to hack my Bitcointalk account,
and I will teach you how to prevent any future similar hack attack.


1. I received PM from unknown member with this content






2. DO NOT click on any link as it redirects you to FAKE Bitcointalk clone website from Turkey.
With intention to collect your Login information and password, and takeover your account.






3. ALWAYS check website Link in address bar, and if it is safe HTTPS.


4. Always check user trust and profile and again DO NOT CLICK on any links.


When you hover over with mouse over link that is outside this forum, color will be blue




When you hover over link and you see green color, that is link inide Bitcointalk forum.




Here we have clear case of hacked account: kingpin4321
- password is changed recently
https://bitcointalksearch.org/user/kingpin4321-2447711







5. Report user to admin/moderator and give him negative trust.




6. Report phishing website to Google and Symantec.
https://submit.symantec.com/antifraud/phish.cgi
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
https://www.phishtank.com/
https://www.comodo.com/home/internet-security/submit.php?

7. Learn how to protect yourself better.



- use Firefox browser, it shows you warnings for unsecure logins, and it is more secure than Chrome browser. Alternative is Brave browser.

- use browser extensions: HTTPS everywhere, ClearURL, NoScript or uMatrix (for experts)

- install Malwarebytes Browser Extension for protection
https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/?src=search
https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee


- stake your Bitcoin address on forum to prove ownership of your Bitcointalk account -> Stake your Bitcoin address here


8. Ask me if you have any questions.


I will update this topic with more information if needed.
Thank you for your attention.





Translated and adapted to Russian language by bakasabo:
https://bitcointalksearch.org/topic/m.52098506


[LEARN] Phishing Quizzes - Beginners & Experts 👈
Jump to: