Author

Topic: I just got a really weird PM (Read 593 times)

legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
July 22, 2022, 11:10:27 AM
#30
Normally I wouldn't share something I've received by PM, but this feels dodgy and I have no idea who this person is:


This person didn't participate in that thread and the "link" is some kind of messed up BBCode (which I sanitized before quoting above):

Code:
[flash=200,200]https://[/flash][url=https://bitcointalk.login-index.php-topic.794551.0.thegermanaccess.com/?u=PowerGlove&l=5406168.0]bitcointalk.oгg/index.php?topic=5406168.0[/url]

Anybody know anything? Huh

Edit: Here's an image of the message for anyone still interested:



Notice how the link is blue when it should be green. Also, notice the weird underlining that stops short of extending all the way to the left.

I've condensed what I learned from other members into a simple guide: Don't get your Bitcointalk account "phished" (Desktop/Laptop). Thanks everybody!

my alt got that and the person sending the message is tagged for fishing passwords.


this is the guy that sent to my alt.

tuannguyentn1


https://bitcointalk.org/index.php?action=trust;u=1343680

this is what he sent to my alt (a1 Hashrate LLC2022)


Hello a1 Hashrate LLC2022,

I've replied to you
[url.  =.  http.  ://.  https : //bitcointalk . login-index.php-topic. 794551.0. PHISHING LINK REMOVED /?u= a1 Hashrate LLC2022 &l= 5405852.0] bitcointalk.oгg /index.php?topic = 5405852.0.   [/ url]



I chopped it up a bit to make it safe

legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
July 22, 2022, 08:21:12 AM
#29
Well I finally got a response after I left him feedback haha:

It seems that you have found his weak point, because he obviously knows how the trust system works considering how he reacted. However, there is one positive thing in everything - now he knows that the forum has its own detectives who can very easily find out who is sending merits to whom, and also connect it all to possible alt accounts.

I figured he might at least own up to selling merit rather than hacking accounts. I wonder if his account is actually hacked? It's an account from early 2018 but has long periods of inactivity. He mentions he's based in the UK in an earlier post but the messages he's sent me are in broken English, or at least it seems English isn't his first language.

I'm not an expert in such matters, so I'll leave it to someone else - although it is possible that someone really lives in the UK, but that he is an immigrant whose English is not his native language, and this can especially be seen in written expression. Perhaps it would be easiest to detect whether the owner has changed through IP logs, but if I'm not mistaken, only admins have access to this data?
hero member
Activity: 510
Merit: 4005
July 21, 2022, 05:40:25 PM
#28
#JOIN & #Proof of authentication

Facebook URL (personal): https://www.facebook.com/santhosh121081

Telegram username: @santhosh1981

ERC20 wallet for token distribution: 0x759b7576f2Ada6cD031A71Dd8070834e69e54DfD

Well played @SIXMJ, it's not at all suspicious to lose your shit and have a meltdown instead of answering the question. Cheesy
global moderator
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
July 21, 2022, 12:51:03 PM
#27
I messaged sixmj on the 16th asking if there was any good reason why he merited the earlier post and got no response.

It would be really strange if you got an answer, at least any meaningful one. The only reason why he gave merit to that post is to make that member Jr. Member, and besides, he probably thinks that no one will find out because the post is buried deep in the middle of some megathread from 2018. They want to cheat the system, but luckily they didn't even understand how it works.

Well I finally got a response after I left him feedback haha:

#JOIN & #Proof of authentication

Facebook URL (personal): https://www.facebook.com/santhosh121081

Telegram username: @santhosh1981

ERC20 wallet for token distribution: 0x759b7576f2Ada6cD031A71Dd8070834e69e54DfD

I figured he might at least own up to selling merit rather than hacking accounts. I wonder if his account is actually hacked? It's an account from early 2018 but has long periods of inactivity. He mentions he's based in the UK in an earlier post but the messages he's sent me are in broken English, or at least it seems English isn't his first language.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
July 18, 2022, 09:58:09 AM
#26
I messaged sixmj on the 16th asking if there was any good reason why he merited the earlier post and got no response.

It would be really strange if you got an answer, at least any meaningful one. The only reason why he gave merit to that post is to make that member Jr. Member, and besides, he probably thinks that no one will find out because the post is buried deep in the middle of some megathread from 2018. They want to cheat the system, but luckily they didn't even understand how it works.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 18, 2022, 09:02:33 AM
#25
The subdomains are hidden, so that less people get fooled. Most people will only look at the left-most part of the URL to see what website they are on, and hackers take advantage of that.
I would hate that "feature" in my browser. I like being able to see the subdomains, and my screen is big enough to highlight an unexpectedly long URL. It could be useful on small mobile screens though.

I'd hate it too, but there is no default configuration that satisfies everyone's wants at once. That's why I said there should be a settings option to toggle showing everything in the URL.



I already dislike how Chromium hides the "http://", which only pops up when I click to edit (and then moves the entire URL to the right).

Chrome developers have decided that for "aesthetic reasons" that they should not allow this and other settings to be configured.

I mean there are many ways you can implement a trap door where you can enable "minimalist" and "advanced" settings, without cluttering the settings dialog itself (chrome://experiments, command-line options, config files, the list goes on). That's a pretty narrow-minded design decision if you ask me.
global moderator
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
July 18, 2022, 07:16:41 AM
#24
That sixmj account merited the below post yesterday:

#Proof of authentication
telegram: @tnusa2
Bitcointalk profile link: https://bitcointalksearch.org/user/tuannguyentn1-1343680

Which was also banned for phishing yesterday: https://bitcointalksearch.org/topic/m.60584411

I messaged sixmj on the 16th asking if there was any good reason why he merited the earlier post and got no response.

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 18, 2022, 02:52:20 AM
#23
The subdomains are hidden, so that less people get fooled. Most people will only look at the left-most part of the URL to see what website they are on, and hackers take advantage of that.
I would hate that "feature" in my browser. I like being able to see the subdomains, and my screen is big enough to highlight an unexpectedly long URL. It could be useful on small mobile screens though.

I already dislike how Chromium hides the "http://", which only pops up when I click to edit (and then moves the entire URL to the right).
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 18, 2022, 02:48:01 AM
#22
@NotATether, I see. I thought you were saying that you don't see anything in the lower-left when you hover over a link.

Nah, that part has always been good. I use vanilla chromium with no extensions anyway.

I forgot to include this part, but when hovering over the link, the box should make the main domain name in bold text, for damn's sake.
hero member
Activity: 510
Merit: 4005
July 18, 2022, 02:33:55 AM
#21
@NotATether, I see. I thought you were saying that you don't see anything in the lower-left when you hover over a link.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 18, 2022, 02:07:39 AM
#20
Why have Chrome and Firefox stopped showing the links in big fat text at the bottom of the screen? (instead of the small tiny url cramped into one corner only when loading the page, which is for all practical purposes invisible to most users)??

That still works for me in both Firefox and Chrome (Windows and Linux). It is pretty small though. Maybe you have some unusual extension installed?


That box is exactly what I'm talking about, but let me clarify it with some ASCII drawings.

Right now, when you are loading a page on Chrome and Firefox, they look like this, with the url in the lower-left status trimmed (unless you move your mouse there, then it moves to the lower-right, and vice versa):

Code:
=============================================================
# <- -> % |bitcointalk.org.hackers.inc/login.php        | : #
#-----------------------------------------------------------#
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                         CONTENT                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#------------------------                                   #
#Loading https://hack...|                                   #
=============================================================

It's not proportional, the real browser window makes the status bar about half of this size, and slightly more text, but you get the idea.

What I believe they should be showing is this:

Code:
=============================================================
# <- -> % |               **hackers.inc**               | : #
#-----------------------------------------------------------#
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                         CONTENT                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#                                                           #
#------------------------                                   #
#Loading https://hack...|                                   #
=============================================================

There is only the root domain name in bold inside the URL bar (if you click inside the URL bar, then you will be able to see the full URL). The subdomains are hidden, so that less people get fooled. Most people will only look at the left-most part of the URL to see what website they are on, and hackers take advantage of that.

They already design it like that on mobile, but IMO this should be on desktop too, ideally with a setting to revert to the old behavior.
hero member
Activity: 510
Merit: 4005
July 17, 2022, 11:34:28 PM
#19
Why have Chrome and Firefox stopped showing the links in big fat text at the bottom of the screen? (instead of the small tiny url cramped into one corner only when loading the page, which is for all practical purposes invisible to most users)??

That still works for me in both Firefox and Chrome (Windows and Linux). It is pretty small though. Maybe you have some unusual extension installed?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 17, 2022, 10:57:26 PM
#18
Be careful with these types of weird messages. It's best to open links in incognito, or better yet, never open them. It's easy to spot, though, if you are used to checking the links before clicking. I have seen some posts, IIRC, that swap out something like that.

Why have Chrome and Firefox stopped showing the links in big fat text at the bottom of the screen? (instead of the small tiny url cramped into one corner only when loading the page, which is for all practical purposes invisible to most users)??

In lynx for comparison, there is a huge prominent notice at the last terminal line where I can clearly see the URL being loaded. You know what, maybe I'll continue browsing like this, unless I want to see images then maybe I can open Chrome as a guest. It's like PGP-encrypting your account before logging in.

SIXMJ who merited that post is worth looking into. He received 3 merits from  dragospirvu75 who has sent merit to the following:

    June 28, 2022, 01:12:32 AM: 3 to SIXMJ for Re: Want to buys some NFTs, please share your art...
    June 24, 2022, 12:26:27 AM: 1 to Irinatoken for Re: ð¥BLAZEPROTOCOL ð¥ Official Bounty Program
    June 12, 2022, 09:25:02 PM: 1 to Pktunnn for Re: ð [BOUNTY]!V! NOTCH COIN - ð°[100 000 000 NOTCH]ð° REWARD! ð
    June 11, 2022, 05:39:43 PM: 1 to ewck1442 for [ANN] Bitcoin Protocol - A Protocol to fulfulling Satoshi's Vision
    April 24, 2022, 02:43:32 PM: 1 to greenzon for Re: ð¥[BOUNTY]PIPSCHAIN - HYBRID EXCHANGE (Fiat & crypto currency in one platform)ð¥
    April 10, 2022, 04:43:42 AM: 1 to LoyceV for Re: I just began to run full node. Where do I see my contribution?

All are banned apart from Loyce. And guess what they're all banned for? Sending the same phishing PM including dragospirvu75. So either they're linked to the phishing or they're involved in selling merit to the phisher.

I can say that I had no idea that dragospirvu75 was harvesting merit for account farms, as someone who merited quite a few of his less shady posts.
newbie
Activity: 25
Merit: 1
July 17, 2022, 06:33:51 PM
#17
Anybody know anything? Huh
This is a known phishing scam attempt and it happened to me in bitcointalk forum few years ago, by hacked a now banned member kingpin4321.
I see this member who sent you message is now also banned, but best way is to report messages like this to moderator right away, and never click on any links you receive.
Generally speaking I don't trust any links I receive in forum or by emails and I always double check them.


Scammer has gone an extra mile to define mean to trap people by sending just a link to click in and once that is done your IP address display to them and them defines means to track your record and hack your account. Let's all be careful on link we click.
legendary
Activity: 2212
Merit: 7064
July 17, 2022, 10:55:32 AM
#16
Anybody know anything? Huh
This is a known phishing scam attempt and it happened to me in bitcointalk forum few years ago, by hacked a now banned member kingpin4321.
I see this member who sent you message is now also banned, but best way is to report messages like this to moderator right away, and never click on any links you receive.
Generally speaking I don't trust any links I receive in forum or by emails and I always double check them.

copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
July 17, 2022, 09:03:40 AM
#15
The URL is clickable, but the forum has implemented a security feature that will display links to the bitcointalk forum as green when the user hovers their mouse over the link, and will display as blue for all other links.
That "green" is barely noticeable on my screen, and I bet I'm not alone.
I am aware of the feature and notice it. The feature may not be all that well known.

I'm wondering why the security feature that stops fake links to be labeled "Bitcointalk.org" didn't kick in. Example:
http://google.com
Code:
[url=google.com]bitc ointalk.org[/url]
Converting the text to upper case answers it: BITCOINTALK.OГG.
Code:
google.com
It seems that using the above BB code will result in "google.com" to be displayed, however it will show as "bitcointalk.org" when previewing the post. It seems that saving the post will actually remove the BB code, and will only have the link after the "url=". Probably another good feature
hero member
Activity: 510
Merit: 4005
July 17, 2022, 06:55:56 AM
#14
I checked the Bitcointalk link i believe the spammer sent you and it seems a genuine Bitcointalk link which actually lead to a thread where a user is asking for help with Blockchain.com, this post is in the Beginners and Help Board.

I cleaned the link before posting it, to make it safe for other users to click. It's now a genuine Bitcointalk link, but it was a phishing link before (see BBCode in OP).
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
July 17, 2022, 06:21:30 AM
#13
Normally I wouldn't share something I've received by PM, but this feels dodgy and I have no idea who this person is:

I checked the Bitcointalk link i believe the spammer sent you and it seems a genuine Bitcointalk link which actually lead to a thread where a user is asking for help with Blockchain.com, this post is in the Beginners and Help Board.



But in as much as the link I quoted above looks genuine, I still did not understand why this user sent you this PM because I can also confirm that he didn't participate in the discussion on the thread, If he did, then maybe we would have given him the benefit of doubt and believe he probably wanted to PM another user but mistook you for that user by not taking notice of your username when he assumed he clicked the profile of the user he wanted to PM.

I will join other users to advice you report the PM and maybe block the user if you feel unsafe with your account., On no account should users unnecessarily PM other users on things that makes absolutely no sense, Bitcointalk is not Telagram where spammers have almost no restriction from PMing other random users.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
July 17, 2022, 04:41:08 AM
#12
One merit is still relatively hard to get, especially for a shitposter, but getting merit for this post today is a bit suspicious:

I don't agree that it's hard, not even for shitposters who will find a way to get it one way or another. It's no secret that there is a black market for merits, and if I'm not mistaken, the price is still 1 merit = $5. Given that a lot of bad things happen through PM, it would be good to think about blocking messages not only from Newbies but also from Jr.Members because I personally don't see any difference between those two ranks.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 17, 2022, 12:47:40 AM
#11
The URL is clickable, but the forum has implemented a security feature that will display links to the bitcointalk forum as green when the user hovers their mouse over the link, and will display as blue for all other links.
That "green" is barely noticeable on my screen, and I bet I'm not alone.

I'm wondering why the security feature that stops fake links to be labeled "Bitcointalk.org" didn't kick in. Example:
http://google.com
Code:
[url=google.com]bitc ointalk.org[/url]
Converting the text to upper case answers it: BITCOINTALK.OГG.



All are banned apart from Loyce.
I dodged the bullet there
copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
July 17, 2022, 12:10:39 AM
#10
@op did you get a warning on the message that it could be phishing?

If I am thinking of the same warning message, that warning is only displayed with newbies send a PM, and it is displayed for all newbies, regardless of PM content. The person who sent the OP the PM is a Junior Member


When I try to post the above BB code in a post, the link does not show up as green when I hover over the link. While this is a phishing link, santhosh121081 was not able to beat the anti-phishing measures of the forum.

That's weird. It was legit-looking and clickable in the PM. Maybe that URL has now been flagged by the system and so won't properly render anymore?
The URL is clickable, but the forum has implemented a security feature that will display links to the bitcointalk forum as green when the user hovers their mouse over the link, and will display as blue for all other links. The link in question was not to a bitcointalk forum page and was displayed as green
copper member
Activity: 2044
Merit: 793
July 16, 2022, 07:39:35 PM
#9
I wonder if he bought it?

All are banned apart from Loyce. And guess what they're all banned for? Sending the same phishing PM including dragospirvu75. So either they're linked to the phishing or they're involved in selling merit to the phisher.

Or could have fell for phishing message ? and the user sending them didn't feel the need to change their password or attempt email changing since they lowly ranked account, so they decided to send send out their smerit and using the victims account to send similar message to potentially get more victims ? because why risk all your alt accounts getting banned once if he indeed owns all of them ?
hero member
Activity: 510
Merit: 4005
July 16, 2022, 07:20:39 PM
#8
@op did you get a warning on the message that it could be phishing?

There was no warning when I first read the message and it had been sitting in my inbox for about 2 hours by that point. There was also no warning when I opened it a few hours later to click "Report To Admin".

There's now (I kept the message) a big red box with "This PM looks like possible phishing: examine links closely!".

Hmm, I wonder why that took so long to show up?

When I try to post the above BB code in a post, the link does not show up as green when I hover over the link. While this is a phishing link, santhosh121081 was not able to beat the anti-phishing measures of the forum.

That's weird. It was legit-looking and clickable in the PM. Maybe that URL has now been flagged by the system and so won't properly render anymore?
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
July 16, 2022, 06:19:07 PM
#7
@op did you get a warning on the message that it could be phishing?



You can easily spot different links. If you hover your mouse over at the link, verify if it's the same as the one posted.

You can also copy link text on mobile to copy a link that looks right onto your phone (to paste it in your search bar) or use copy link address and paste it into a notes app to interrogate to see if it's a trusted link - don't paste it into a search bar as you run the risk of accidentally hitting enter or paste and go and you may at the very least denonymise yourself.



Hopefully this gets fixed by admins to make more links return [suspicious link removed]

copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
July 16, 2022, 05:08:17 PM
#6

This person didn't participate in that thread and the "link" is some kind of messed up BBCode (which I sanitized before quoting above):

Code:
[flash=200,200]https://[/flash][url=https://bitcointalk.login-index.php-topic.794551.0.thegermanaccess.com/?u=PowerGlove&l=5406168.0]bitcointalk.oгg/index.php?topic=5406168.0[/url]

Anybody know anything? Huh
When I try to post the above BB code in a post, the link does not show up as green when I hover over the link. While this is a phishing link, santhosh121081 was not able to beat the anti-phishing measures of the forum.
global moderator
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
July 16, 2022, 10:34:46 AM
#5
You need to report the PM.

After 6 pages of applications to various bounty campaigns and periods of inactivity, this user has obviously come for his perma-ban. Only 1 merit to become a Jr.Member still proves to be a bad decision, because PMs from newbies can at least be blocked.

One merit is still relatively hard to get, especially for a shitposter, but getting merit for this post today is a bit suspicious:

#JOIN & #Proof of authentication

Facebook URL (personal): https://www.facebook.com/santhosh121081

Telegram username: @santhosh1981

ERC20 wallet for token distribution: 0x759b7576f2Ada6cD031A71Dd8070834e69e54DfD

I wonder if he bought it?

SIXMJ who merited that post is worth looking into. He received 3 merits from  dragospirvu75 who has sent merit to the following:

    June 28, 2022, 01:12:32 AM: 3 to SIXMJ for Re: Want to buys some NFTs, please share your art...
    June 24, 2022, 12:26:27 AM: 1 to Irinatoken for Re: 🔥BLAZEPROTOCOL 🔥 Official Bounty Program
    June 12, 2022, 09:25:02 PM: 1 to Pktunnn for Re: 🌎 [BOUNTY]⚡ NOTCH COIN - 💰[100 000 000 NOTCH]💰 REWARD! 🌎
    June 11, 2022, 05:39:43 PM: 1 to ewck1442 for [ANN] Bitcoin Protocol - A Protocol to fulfulling Satoshi's Vision
    April 24, 2022, 02:43:32 PM: 1 to greenzon for Re: 🔥[BOUNTY]PIPSCHAIN - HYBRID EXCHANGE (Fiat & crypto currency in one platform)🔥
    April 10, 2022, 04:43:42 AM: 1 to LoyceV for Re: I just began to run full node. Where do I see my contribution?

All are banned apart from Loyce. And guess what they're all banned for? Sending the same phishing PM including dragospirvu75. So either they're linked to the phishing or they're involved in selling merit to the phisher.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
July 16, 2022, 10:12:25 AM
#4
After 6 pages of applications to various bounty campaigns and periods of inactivity, this user has obviously come for his perma-ban. Only 1 merit to become a Jr.Member still proves to be a bad decision, because PMs from newbies can at least be blocked.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
July 16, 2022, 10:06:43 AM
#3
Be careful with these types of weird messages. It's best to open links in incognito, or better yet, never open them. It's easy to spot, though, if you are used to checking the links before clicking. I have seen some posts, IIRC, that swap out something like that.

You can easily spot different links. If you hover your mouse over at the link, verify if it's the same as the one posted.



Don't click links is a great motto as well.
staff
Activity: 3500
Merit: 6152
July 16, 2022, 09:59:21 AM
#2
Just report the PM. It's a phishing site, that's not the real bitcointalk forum. If you typed your password in there, make sure to change it.
hero member
Activity: 510
Merit: 4005
July 16, 2022, 09:53:14 AM
#1
Normally I wouldn't share something I've received by PM, but this feels dodgy and I have no idea who this person is:


This person didn't participate in that thread and the "link" is some kind of messed up BBCode (which I sanitized before quoting above):

Code:
[flash=200,200]https://[/flash][url=https://bitcointalk.login-index.php-topic.794551.0.thegermanaccess.com/?u=PowerGlove&l=5406168.0]bitcointalk.oгg/index.php?topic=5406168.0[/url]

Anybody know anything? Huh

Edit: Here's an image of the message for anyone still interested:



Notice how the link is blue when it should be green. Also, notice the weird underlining that stops short of extending all the way to the left.

I've condensed what I learned from other members into a simple guide: Don't get your Bitcointalk account "phished" (Desktop/Laptop). Thanks everybody!
Jump to: