phishing emails from bitcointaik.org

KWH

legendary

Activity: 1904

Merit: 1045

In Collateral I Trust.

Quote from: franky1 on May 08, 2014, 02:21:40 PM

Quote from: jonald_fyookball on May 08, 2014, 02:13:16 PM

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

Winner winner chicken dinner!

2tights

sr. member

Activity: 308

Merit: 251

I like big BITS and I cannot lie.

Quote from: Icardi09 on May 12, 2014, 10:44:17 AM

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

yw

Injust

legendary

Activity: 1008

Merit: 1000

Quote from: Icardi09 on May 12, 2014, 10:44:17 AM

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

And what's even clever of them is that they put a capital I

So with certain fonts, "I" is indistinguishable from "l"

Icardi09

sr. member

Activity: 476

Merit: 250

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

Mightycoin

member

Activity: 82

Merit: 10

I didn't get emails like that yet but thanks for telling maybe I would of fall for this Undecided

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Tammy Chan on May 10, 2014, 02:28:24 AM

Thanks for the alert.

OP, your email is hidden in your profile page (at least at this moment), so how did the email sender know your email address? Huh

He mentioned how earlier:

Quote from: 2tights on May 08, 2014, 02:32:15 PM

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

This is a fairly clever attack, surprised it wasn't registered earlier.

Tammy Chan

hero member

Activity: 820

Merit: 1000

Thanks for the alert.

OP, your email is hidden in your profile page (at least at this moment), so how did the email sender know your email address? Huh

escrow.ms

legendary

Activity: 1274

Merit: 1004

I've gotten too, made a thread about it yesterday.
https://bitcointalksearch.org/topic/bitcointalk-phishing-email-changing-your-forum-password-is-recommend-601729

Please use these website to report this domain.

http://www.google.com/safebrowsing/report_phish/?rd=1
http://www.phishtank.com/
https://submit.symantec.com/antifraud/phish.cgi
http://phishing.eset.com/report
http://toolbar.netcraft.com/report_url

Injust

legendary

Activity: 1008

Merit: 1000

Quote from: guybrushthreepwood on May 09, 2014, 01:18:45 PM

I'd reccomend hiding your email addresses if it's not absolutly neccesary to have them on display, but I suppose it might not matter that much if you're weary of any scams that might be sent to it.

I'm pretty good, AFAIK, against these scams because I use LastPass to store my passwords, thus if it doesn't autologin for me, I know something's off

And besides, the website had no https so it was pretty evident.

guybrushthreepwood

legendary

Activity: 1232

Merit: 1195

I'd reccomend hiding your email addresses if it's not absolutly neccesary to have them on display, but I suppose it might not matter that much if you're weary of any scams that might be sent to it.

Injust

legendary

Activity: 1008

Merit: 1000

Quote from: 2tights on May 08, 2014, 02:32:15 PM

Quote from: franky1 on May 08, 2014, 02:21:40 PM

Quote from: jonald_fyookball on May 08, 2014, 02:13:16 PM

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

Got me one of these emails today

Email below for anybody who's curious.

Code:

                                                                                                                                                                                                                                                               
Delivered-To: [removed]
Received: by 10.52.76.199 with SMTP id m7csp437305vdw;
        Fri, 9 May 2014 08:25:53 -0700 (PDT)
X-Received: by 10.66.150.69 with SMTP id ug5mr21474014pab.55.1399649153451;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Return-Path: 
Received: from erelay5.ox.registrar-servers.com (erelay5.ox.registrar-servers.com. [192.64.117.65])
        by mx.google.com with ESMTP id tv5si2430744pbc.158.2014.05.09.08.25.53
        for <[removed]>;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 192.64.117.65 as permitted sender) client-ip=192.64.117.65;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 192.64.117.65 as permitted sender) [email protected]
Received: from localhost (unknown [127.0.0.1])
	by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id EC3412204D16
	for <[removed]>; Fri,  9 May 2014 15:25:52 +0000 (UTC)
Received: from erelay1.ox.registrar-servers.com ([127.0.0.1])
	by localhost (erelay.ox.registrar-servers.com [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id ThIaU9sR71GS for <[removed]>;
	Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from imap2.ox.privateemail.com (imap2.ox.privateemail.com [198.187.29.234])
	by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id 4D0FE2204CFD
	for <[removed]>; Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from [192.168.0.50] (unknown [199.47.77.6])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.privateemail.com (Postfix) with ESMTPSA id 06D855A0086
	for <[removed]>; Fri,  9 May 2014 11:25:50 -0400 (EDT)
Message-ID: <[email protected]>
Date: Thu, 08 May 2014 09:31:58 -0700
From: Bitcoin Forum 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: [removed]
Subject: Changing your forum password is recommended.
X-Enigmail-Draft-Status: 512
Content-Type: multipart/alternative;
 boundary="------------040306080202000204040301"

This is a multi-part message in MIME format.
--------------040306080202000204040301
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Dear Injust,

Due to the OpenSSL heartbleed bug and recent attacks on our website,
changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=8543;sa=account

Username: Injust

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification
http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs


--------------040306080202000204040301
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


  
    
  
  
    Dear Injust,

    

    Due to the OpenSSL heartbleed bug and recent attacks on our website,
    changing your forum password is recommended.

    To set a new password click the following link:

    

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=account

    

    Username: Injust

    

    Regards,

    The Bitcoin Forum Team.

    

    ------------------

    You are receiving this message because you are a member of the

    Bitcoin Forum. If you do not want to receive further messages, you

    can change your notification preferences here:

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs

    

  


--------------040306080202000204040301--

2tights

sr. member

Activity: 308

Merit: 251

I like big BITS and I cannot lie.

Quote from: franky1 on May 08, 2014, 02:21:40 PM

Quote from: jonald_fyookball on May 08, 2014, 02:13:16 PM

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

mktrader

member

Activity: 84

Merit: 10

Hello World!!!

Quote from: franky1 on May 08, 2014, 02:21:40 PM

Quote from: jonald_fyookball on May 08, 2014, 02:13:16 PM

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This is very important information, specially for those new to the Bitcoin community!

franky1

legendary

Activity: 4410

Merit: 4766

Quote from: jonald_fyookball on May 08, 2014, 02:13:16 PM

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

How do you think they got your email to begin with?

BitCoinDream

legendary

Activity: 2394

Merit: 1216

The revolution will be digital

Registered yesterday and not even using https !!! Cheesy

2tights

sr. member

Activity: 308

Merit: 251

I like big BITS and I cannot lie.

Please be aware that I received a phishing email from bitcointaik.org

it includes a disguised link... don't click it or follow their password reset instructions as I'm sure it will log and steal your account.

Bitcoin Forum <[email protected]>
9:24 AM (1 hour ago)

to 2tights

Why is this message in Spam? You clicked "Report phishing" for this message. Learn more
Dear 2tights,

Due to the OpenSSL heartbleed bug and recent attacks on our website, changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=4981;sa=account

Username: 2tights

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=4981;sa=notification
http://bitcointaIk.org/index.php?action=login;u=4981;sa=pmpref

----------------------------------------------------

WHOIS information for bitcointaik.org:**

[Querying whois.publicinterestregistry.net]
[whois.publicinterestregistry.net]
Domain Name:BITCOINTAIK.ORG
Domain ID: D172552259-LROR
Creation Date: 2014-05-07T21:26:37Z
Updated Date: 2014-05-07T21:37:22Z
Registry Expiry Date: 2015-05-07T21:26:37Z
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Sponsoring Registrar IANA ID: 48
WHOIS Server:
Referral URL:
Domain Status: clientTransferProhibited
Domain Status: serverTransferProhibited
Domain Status: addPeriod
Registrant ID:537e559e0ebc27ea
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City:Panama
Registrant State/Province:Panama
Registrant Postal Code:00000
Registrant Country:PA
Registrant Phone:+507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email:[email protected]
Admin ID:537e559e0ebc27ea
Admin Name:WhoisGuard Protected
Admin Organization:WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City:Panama
Admin State/Province:Panama
Admin Postal Code:00000
Admin Country:PA
Admin Phone:+507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email:[email protected]
Tech ID:537e559e0ebc27ea
Tech Name:WhoisGuard Protected
Tech Organization:WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City:Panama
Tech State/Province:Panama
Tech Postal Code:00000
Tech Country:PA
Tech Phone:+507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email:[email protected]
Name Server:NS1.HIDEMYHOST.COM
Name Server:NS2.HIDEMYHOST.COM
Name Server:NS3.HIDEMYHOST.COM
Name Server:NS4.HIDEMYHOST.COM

Topic: phishing emails from bitcointaik.org (Read 1957 times)