Author

Topic: Phishing Alert (mail-blockchain dot info) (Read 1149 times)

legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
July 09, 2014, 07:46:03 PM
#9
I've been getting these emails sporadically for the past 6-8 months. Always go in my trashcan lol.
hero member
Activity: 573
Merit: 500
Got the same and was looking and clicking in my gmail to find "blokchaln.info" - but can not.
How did you find that info ?

If you will open mail-blockchain dot info in your browser it will redirect you to blokchln dot info where phishing page is hosted.

ahe, now I get it - missed the .info / .com part  Smiley
legendary
Activity: 1274
Merit: 1004
Got the same and was looking and clicking in my gmail to find "blokchaln.info" - but can not.
How did you find that info ?

If you will open mail-blockchain dot info in your browser it will redirect you to blokchln dot info where phishing page is hosted.
legendary
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
I receive soooooo many emails from fake

-spendbitcoins
-btc-e
-coinedup
-blockchain.info

and many more. They all have the same JAR file virus attachment.

I don't even use some of those sites so they obviously just try there luck i'll be retarded and open the JAR file.

sr. member
Activity: 350
Merit: 252
REAL-EYES || REAL-IZE || REAL-LIES||
Thanks for the heads up
I got similar mail to my mailing account few days ago , telling me that " My Wallet Account has been locked " Followed by a suspicious link asking me to click to unlock my account . I avoided clicking any link but I'm used to getting these mails now and I avoid clicking any link which appears even lil suspicious.
 

hero member
Activity: 573
Merit: 500
How did you find that info ?

You can check the full email header by the following steps.

https://support.google.com/mail/answer/22454?hl=en
Quote
1. Log in to Gmail
2. Open the message you'd like to view headers for.
3. Click the down arrow next to Reply, at the top of the message pane.
4. Select Show Original.
The full headers will appear in a new window.

Thanks, I already did that but can not see the "misspelling" of blockchain ;

Delivered-To: @gmail.com
Received: by 10.64.225.226 with SMTP id rn2csp313690iec;
        Fri, 4 Jul 2014 09:14:33 -0700 (PDT)
X-Received: by 10.236.180.169 with SMTP id j29mr17834267yhm.47.1404490473381;
        Fri, 04 Jul 2014 09:14:33 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mail.blockchain.info ([69.197.35.141])
        by mx.google.com with ESMTP id t65si34781667yhb.12.2014.07.04.09.14.32
        for <@gmail.com>;
        Fri, 04 Jul 2014 09:14:33 -0700 (PDT)
Received-SPF: fail (google.com: domain of [email protected] does not designate 69.197.35.141 as permitted sender) client-ip=69.197.35.141;
Authentication-Results: mx.google.com;
       spf=hardfail (google.com: domain of [email protected] does not designate 69.197.35.141 as permitted sender) [email protected];
       dmarc=fail (p=NONE dis=NONE) header.from=blockchain.info
Received: by mail.blockchain.info (Postfix, from userid 48)
   id 21F3A358194; Fri,  4 Jul 2014 09:14:32 -0700 (PDT)
To:@gmail.com
Subject: Blockchain - Transaction Received
Date: Fri, 4 Jul 2014 09:14:32 -0700
From: Blochchain <[email protected]>
Message-ID: <[email protected]>
X-Priority: 3
X-Mailer: PHPMailer 5.0.2 (phpmailer.codeworxtech.com)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="UTF-8"



hero member
Activity: 577
Merit: 504
How did you find that info ?

You can check the full email header by the following steps.

https://support.google.com/mail/answer/22454?hl=en
Quote
1. Log in to Gmail
2. Open the message you'd like to view headers for.
3. Click the down arrow next to Reply, at the top of the message pane.
4. Select Show Original.
The full headers will appear in a new window.
hero member
Activity: 573
Merit: 500
Got the same and was looking and clicking in my gmail to find "blokchaln.info" - but can not.
How did you find that info ?
legendary
Activity: 1274
Merit: 1004
http://who.is/whois/mail-blockchain.info



This domain is a redirect to hxxp://blokchaln.info

http://who.is/whois/blokchaln.info

Source:
Quote
                                                                                                                                                                                               
http://pastie.org/9355244
Jump to: