Author

Topic: phishing emails from bitcointaik.org (Read 1957 times)

KWH
legendary
Activity: 1904
Merit: 1045
In Collateral I Trust.
May 14, 2014, 04:36:03 PM
#17
How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.


so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'


Winner winner chicken dinner!
sr. member
Activity: 308
Merit: 251
I like big BITS and I cannot lie.
May 14, 2014, 04:22:37 PM
#16
http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

yw
legendary
Activity: 1008
Merit: 1000
May 12, 2014, 11:58:22 AM
#15
http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

And what's even clever of them is that they put a capital I Smiley
So with certain fonts, "I" is indistinguishable from "l"
sr. member
Activity: 476
Merit: 250
May 12, 2014, 10:44:17 AM
#14
http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info
member
Activity: 82
Merit: 10
May 10, 2014, 03:55:29 AM
#13
I didn't get emails like that yet but thanks for telling maybe I would of fall for this  Undecided
vip
Activity: 1316
Merit: 1043
👻
May 10, 2014, 02:58:44 AM
#12
Thanks for the alert.

OP, your email is hidden in your profile page (at least at this moment), so how did the email sender know your email address?  Huh
He mentioned how earlier:

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

This is a fairly clever attack, surprised it wasn't registered earlier.
hero member
Activity: 820
Merit: 1000
May 10, 2014, 02:28:24 AM
#11
Thanks for the alert.

OP, your email is hidden in your profile page (at least at this moment), so how did the email sender know your email address?  Huh
legendary
Activity: 1008
Merit: 1000
May 09, 2014, 07:59:58 PM
#9
I'd reccomend hiding your email addresses if it's not absolutly neccesary to have them on display, but I suppose it might not matter that much if you're weary of any scams that might be sent to it.

I'm pretty good, AFAIK, against these scams because I use LastPass to store my passwords, thus if it doesn't autologin for me, I know something's off Smiley

And besides, the website had no https so it was pretty evident.
legendary
Activity: 1232
Merit: 1195
May 09, 2014, 01:18:45 PM
#8
I'd reccomend hiding your email addresses if it's not absolutly neccesary to have them on display, but I suppose it might not matter that much if you're weary of any scams that might be sent to it.
legendary
Activity: 1008
Merit: 1000
May 09, 2014, 12:05:45 PM
#7
How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

Got me one of these emails today Smiley

Email below for anybody who's curious.

Code:
                                                                                                                                                                                                                                                               
Delivered-To: [removed]
Received: by 10.52.76.199 with SMTP id m7csp437305vdw;
        Fri, 9 May 2014 08:25:53 -0700 (PDT)
X-Received: by 10.66.150.69 with SMTP id ug5mr21474014pab.55.1399649153451;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Return-Path:
Received: from erelay5.ox.registrar-servers.com (erelay5.ox.registrar-servers.com. [192.64.117.65])
        by mx.google.com with ESMTP id tv5si2430744pbc.158.2014.05.09.08.25.53
        for <[removed]>;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 192.64.117.65 as permitted sender) client-ip=192.64.117.65;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 192.64.117.65 as permitted sender) [email protected]
Received: from localhost (unknown [127.0.0.1])
by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id EC3412204D16
for <[removed]>; Fri,  9 May 2014 15:25:52 +0000 (UTC)
Received: from erelay1.ox.registrar-servers.com ([127.0.0.1])
by localhost (erelay.ox.registrar-servers.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id ThIaU9sR71GS for <[removed]>;
Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from imap2.ox.privateemail.com (imap2.ox.privateemail.com [198.187.29.234])
by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id 4D0FE2204CFD
for <[removed]>; Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from [192.168.0.50] (unknown [199.47.77.6])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.privateemail.com (Postfix) with ESMTPSA id 06D855A0086
for <[removed]>; Fri,  9 May 2014 11:25:50 -0400 (EDT)
Message-ID: <[email protected]>
Date: Thu, 08 May 2014 09:31:58 -0700
From: Bitcoin Forum
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: [removed]
Subject: Changing your forum password is recommended.
X-Enigmail-Draft-Status: 512
Content-Type: multipart/alternative;
 boundary="------------040306080202000204040301"

This is a multi-part message in MIME format.
--------------040306080202000204040301
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Dear Injust,

Due to the OpenSSL heartbleed bug and recent attacks on our website,
changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=8543;sa=account

Username: Injust

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification
http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs


--------------040306080202000204040301
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


 
   
 
 
    Dear Injust,

   

    Due to the OpenSSL heartbleed bug and recent attacks on our website,
    changing your forum password is recommended.

    To set a new password click the following link:

   

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=account

   

    Username: Injust

   

    Regards,

    The Bitcoin Forum Team.

   

    ------------------

    You are receiving this message because you are a member of the

    Bitcoin Forum. If you do not want to receive further messages, you

    can change your notification preferences here:

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs

   

 


--------------040306080202000204040301--
sr. member
Activity: 308
Merit: 251
I like big BITS and I cannot lie.
May 08, 2014, 02:32:15 PM
#6
How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.
member
Activity: 84
Merit: 10
Hello World!!!
May 08, 2014, 02:30:07 PM
#5
How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'


This is very important information, specially for those new to the Bitcoin community!
legendary
Activity: 4410
Merit: 4766
May 08, 2014, 02:21:40 PM
#4
How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
May 08, 2014, 02:13:16 PM
#3
How do you think they got your email to begin with?
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
May 08, 2014, 01:11:44 PM
#2
Registered yesterday and not even using https !!! Cheesy
sr. member
Activity: 308
Merit: 251
I like big BITS and I cannot lie.
May 08, 2014, 12:54:12 PM
#1
Please be aware that I received a phishing email from bitcointaik.org


it includes a disguised link... don't click it or follow their password reset instructions as I'm sure it will log and steal your account.


Bitcoin Forum <[email protected]>
9:24 AM (1 hour ago)

to 2tights

Why is this message in Spam? You clicked "Report phishing" for this message.  Learn more
Dear 2tights,

Due to the OpenSSL heartbleed bug and recent attacks on our website, changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=4981;sa=account

Username: 2tights

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=4981;sa=notification
http://bitcointaIk.org/index.php?action=login;u=4981;sa=pmpref

----------------------------------------------------

WHOIS information for bitcointaik.org:**

[Querying whois.publicinterestregistry.net]
[whois.publicinterestregistry.net]
Domain Name:BITCOINTAIK.ORG
Domain ID: D172552259-LROR
Creation Date: 2014-05-07T21:26:37Z
Updated Date: 2014-05-07T21:37:22Z
Registry Expiry Date: 2015-05-07T21:26:37Z
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Sponsoring Registrar IANA ID: 48
WHOIS Server:
Referral URL:
Domain Status: clientTransferProhibited
Domain Status: serverTransferProhibited
Domain Status: addPeriod
Registrant ID:537e559e0ebc27ea
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City:Panama
Registrant State/Province:Panama
Registrant Postal Code:00000
Registrant Country:PA
Registrant Phone:+507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email:[email protected]
Admin ID:537e559e0ebc27ea
Admin Name:WhoisGuard Protected
Admin Organization:WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City:Panama
Admin State/Province:Panama
Admin Postal Code:00000
Admin Country:PA
Admin Phone:+507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email:[email protected]
Tech ID:537e559e0ebc27ea
Tech Name:WhoisGuard Protected
Tech Organization:WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City:Panama
Tech State/Province:Panama
Tech Postal Code:00000
Tech Country:PA
Tech Phone:+507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email:[email protected]
Name Server:NS1.HIDEMYHOST.COM
Name Server:NS2.HIDEMYHOST.COM
Name Server:NS3.HIDEMYHOST.COM
Name Server:NS4.HIDEMYHOST.COM
Jump to: