Good work Quickseller, it's quite upsetting that these people are so common on bitcointalk.org. It gives us good posters/people a really bad experience. Unfortunately some people will fall for this kind of trick. All we can do is try & stay vigiliant & keep our wits about us.
To everybody else please report anything suspicious & don't follow any instructions sent to you via PM from either a user you're not expecting communications with or a newbie. We still have to protect ourselves even though the mods do their best to ban/remove scammers.
Topic: Phishing link received from user - bobbo54113 (Read 886 times)
Bumping this because of relevance. Apparently this incident is related to the above as I received a report that the same domain was used to get the password to the account in the referenced thread.
The message was apparently sent via the bitdice.me chat and the IP of the account was linked to dzeros who is a serial scammer and whose identity has been determined to be scammer James Volpe.
The message was apparently sent via the bitdice.me chat and the IP of the account was linked to dzeros who is a serial scammer and whose identity has been determined to be scammer James Volpe.
The PM came from a brand new account that was just registered.
It is not possible to achieve what he is claiming to have done after someone simply clicks on a link
It is not possible to achieve what he is claiming to have done after someone simply clicks on a link
I received the following PM from someone with the subject '100 bitcoins' - it appears to be some kind of extortion attempt
!!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!!
we have acquired all of your passwords and login information through an sql injection that was sent through the phishing site. we will keep grabbing info until you meet our demands.
1. You will NOT release the information.
2. You will leave them alone.
3. You will send an apology PM to them.
If these demands are not met, we will never stop.
- ANONMERC
P.S. To get rid of an sql injection script, you have to format your C drive. Cheers.
we have acquired all of your passwords and login information through an sql injection that was sent through the phishing site. we will keep grabbing info until you meet our demands.
1. You will NOT release the information.
2. You will leave them alone.
3. You will send an apology PM to them.
If these demands are not met, we will never stop.
- ANONMERC
P.S. To get rid of an sql injection script, you have to format your C drive. Cheers.
Haha this is escalating quicker than I ever imagined. Is it coming from another alt of the previous one? Also, why would he leave a hint as to how the receiver of the message get rid of the malicious script?
-snip-
P.S. To get rid of an sql injection script, you have to format your C drive. Cheers.
P.S. To get rid of an sql injection script, you have to format your C drive. Cheers.
Seriously?
I received the following PM from someone with the subject '100 bitcoins' - it appears to be some kind of extortion attempt
!!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!!
we have acquired all of your passwords and login information through an sql injection that was sent through the phishing site. we will keep grabbing info until you meet our demands.
1. You will NOT release the information.
2. You will leave them alone.
3. You will send an apology PM to them.
If these demands are not met, we will never stop.
- ANONMERC
P.S. To get rid of an sql injection script, you have to format your C drive. Cheers.
we have acquired all of your passwords and login information through an sql injection that was sent through the phishing site. we will keep grabbing info until you meet our demands.
1. You will NOT release the information.
2. You will leave them alone.
3. You will send an apology PM to them.
If these demands are not met, we will never stop.
- ANONMERC
P.S. To get rid of an sql injection script, you have to format your C drive. Cheers.
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
He started doing with his alt now. https://bitcointalksearch.org/topic/bitcointalk-phishing-pm-warning-1083313
Report it to all available mods not just BadBear. Someone will deal with it asap. Edit: Left a negative as a warning.
Done, and thanks. I also left a negative, however my ratings do not show up by default for some strange reason. 
I would suggest removing that link from the op , just incase someone reads the "i" being replaced part after clicking on the link. Or have the link colored in red, with the danger message before the link.
global moderator
Activity: 3850
Merit: 2643
Join the world-leading crypto sportsbook NOW!
Report it to all available mods not just BadBear. Someone will deal with it asap. Edit: Left a negative as a warning.
Scammers/spammers Profile Link: https://bitcointalksearch.org/user/bobbo54113-385484
I received the below PM from the above user:
I am not selling accounts currently. If you are interested in buying an account then you can send me sufficient funds to pay for an account and I can purchase one on your behalf. Alternatively, you can create a thread yourself and attempt to purchase an account from the owner with escrow.
Let m know if you have any questions. Thanks.
QS
thanks for replying, i would love your help i can include a tip. can we talk more about this on skype so we can talk faster? I already added you, or we can talk on email if you want
ty
My Skype is on my profile. I will GPG sign all messages that include any kind of payment address
I already added you, waiting approval
Are you DekuTree?
yes
I couldn't find the initial PM, the profile he sent is https://bitcolntalk.org/index.php?action=profile;u=388262 and he wants 0.5btc for it? is that a good price? << Danger, fake link - do not enter your account credentials after clicking the above link
The link received contains a fake domain with the "i" in bitcointalk replaced with an "L" and when clicking on the above link, it asks for your username/password combination which you obviously do not want to enter.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I am not an idiot and did not enter my password when prompted when accessing the fake domain “bitcolntalk.org”
June 7 2015 ~4:27 AM EST
QS
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJVdACdAAoJEFMt0pDwvrUW124IAKq56hlD+pSJ35FXn76SRRA1
R3qywgD5+xhfiyTLlZblui+3ONvrIu8tRzZtZ7YS2Szle5LUJzAw62pyBppEvYrx
0XNILbGvDeSz7cCHCcLbUZriGGNhnLtNqW7k77CFfDThflxGXsaNayKMaddxkLPd
iwABS4WyLKskbcnja+E18gyg/WZAjllOvXGoxXAOsLxKriDZRKjzpetZlTDWbAto
3+ACv4C8sGah0k90MwqGUcsKDGex5B1hvHlzND1pUo+kMv6Ydu0R500OsGIWzTfz
jVOXjgkeG4IAMD52+vtT+u9TrwN1KlfBK8vnI+0ZRVGYDl3jsaomrqq4kFlnSCg=
=lBwU
-----END PGP SIGNATURE-----
I reported the PM to BadBear asking for that account to get banned, however I am not sure if he is online/awake now.
I received the below PM from the above user:
Hi again, if you can not contact me on skype ( i might be offline or out of the house ) [email protected] is my email, i prefer talking on skype though just send me an email so i know when to go online. if you missed my skype it is larry.barker11 . thank you!
Hi,I am not selling accounts currently. If you are interested in buying an account then you can send me sufficient funds to pay for an account and I can purchase one on your behalf. Alternatively, you can create a thread yourself and attempt to purchase an account from the owner with escrow.
Let m know if you have any questions. Thanks.
QS
ty
yes
I couldn't find the initial PM, the profile he sent is https://bitcolntalk.org/index.php?action=profile;u=388262 and he wants 0.5btc for it? is that a good price? << Danger, fake link - do not enter your account credentials after clicking the above link
The link received contains a fake domain with the "i" in bitcointalk replaced with an "L" and when clicking on the above link, it asks for your username/password combination which you obviously do not want to enter.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I am not an idiot and did not enter my password when prompted when accessing the fake domain “bitcolntalk.org”
June 7 2015 ~4:27 AM EST
QS
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJVdACdAAoJEFMt0pDwvrUW124IAKq56hlD+pSJ35FXn76SRRA1
R3qywgD5+xhfiyTLlZblui+3ONvrIu8tRzZtZ7YS2Szle5LUJzAw62pyBppEvYrx
0XNILbGvDeSz7cCHCcLbUZriGGNhnLtNqW7k77CFfDThflxGXsaNayKMaddxkLPd
iwABS4WyLKskbcnja+E18gyg/WZAjllOvXGoxXAOsLxKriDZRKjzpetZlTDWbAto
3+ACv4C8sGah0k90MwqGUcsKDGex5B1hvHlzND1pUo+kMv6Ydu0R500OsGIWzTfz
jVOXjgkeG4IAMD52+vtT+u9TrwN1KlfBK8vnI+0ZRVGYDl3jsaomrqq4kFlnSCg=
=lBwU
-----END PGP SIGNATURE-----
I reported the PM to BadBear asking for that account to get banned, however I am not sure if he is online/awake now.
Jump to: