Possible Phishing Link from user - Aid Needed.

timerland

hero member

Activity: 1526

Merit: 596

Quote from: akamit on March 25, 2018, 03:44:14 PM

Check this out > https://bitcointalksearch.org/topic/scammer-zulrayyan-3196724

A similar case posted over an hour ago in scam accusation board.

Roll Eyes

They might be a gang who's sending phishing links to other users. Both the accused users have similarities between them.

Instead of an organized gang, they might just be all victims of clicking on the same phishing link. And when they do get hacked, they are able to take over the hacked accounts and basically send more PMs from their accounts. Think of it as an ever expanding network of infected accounts, also trying to infect other accounts.

That should be the case, leading to more and more people being victims and sending out these phishing links without their consent.

I've seen 2 similar cases in scam accusations today, I don't think it's a coincidence. I doubt that anything bad will happen to you just by clicking on the link and checking it out before exiting it, but it's best to run some antiviral scans still just to be sure.

akamit

hero member

Activity: 1498

Merit: 596

Check this out > https://bitcointalksearch.org/topic/scammer-zulrayyan-3196724

A similar case posted over an hour ago in scam accusation board.

Roll Eyes

They might be a gang who's sending phishing links to other users. Both the accused users have similarities between them.

AlexUAE777

newbie

Activity: 32

Merit: 0

Perhaps my account was compromised before and used for phishing.
Nevertheless, really sorry for that. Hope nobody get hurt by this/these mails.

magneto

hero member

Activity: 1666

Merit: 753

Not new at all. I encountered the same problem here last year in November: https://bitcointalksearch.org/topic/jhong03-spreading-phishing-links-2385827.

I clicked on the link, realised that it was a phishing link, and then went back straightaway without submitting any data. I use a Mac OS. After 4 months, nothing bad has happened yet. I think it's unlikely that any malware has been installed onto your computer, but if you're having some weird stuff happening to you in the shut down process, you better get your computer checked out with antivirus, or reset windows if it's something serious.

Quote from: warningsigns on March 24, 2018, 07:10:49 PM

Just curious. What exactly do these phishers aim to achieve by penetrating the accounts? It's not like they can steal coins within the short time span when the genuine owners realize what happened and the accounts are then tagged for being hacked into.

Or is it a quick sale? Which seems unlikely, given they first need to put up ads which would be open for all to see, including DT members.

Neither will taking out loans work. This is a painstakingly time consuming process involving signing of staked addresses etc. And lenders do a systematic check of the forum for any record of the account having any open and unresolved issues.

I'm guessing that they'll either attempt to scam in trades where signing messages is not as common, or try to launch an attack on the forum with the data they get. But your account details are compromised for sure if you submit any data and that's all you'll need to worry about.

Aventhe

full member

Activity: 322

Merit: 134

Quote from: BCTBF on March 24, 2018, 06:33:11 PM

I experienced it too, but with the difference I was not redirected to the login page, but strangely when I got a link like that, I was redirected to a thread and I logout by itself. But after I felt something strange, I immediately retyped bitcointalk.org in the address bar, and I went back to my account and without the need to login. I think that's very strange.

Well, that's kinda what happened to me.

warningsigns

hero member

Activity: 896

Merit: 1082

Just curious. What exactly do these phishers aim to achieve by penetrating the accounts? It's not like they can steal coins within the short time span when the genuine owners realize what happened and the accounts are then tagged for being hacked into.

Or is it a quick sale? Which seems unlikely, given they first need to put up ads which would be open for all to see, including DT members.

Neither will taking out loans work. This is a painstakingly time consuming process involving signing of staked addresses etc. And lenders do a systematic check of the forum for any record of the account having any open and unresolved issues.

BCTBF

sr. member

Activity: 560

Merit: 257

I experienced it too, but with the difference I was not redirected to the login page, but strangely when I got a link like that, I was redirected to a thread and I logout by itself. But after I felt something strange, I immediately retyped bitcointalk.org in the address bar, and I went back to my account and without the need to login. I think that's very strange.

nguyenkhanhhung14

member

Activity: 252

Merit: 14

Marketplace for sensor data

Quote from: Aventhe on March 24, 2018, 05:26:02 PM

Quote from: nguyenkhanhhung14 on March 24, 2018, 05:23:19 PM

Quote from: Aventhe on March 24, 2018, 05:17:29 PM

Quote from: nguyenkhanhhung14 on March 24, 2018, 05:00:17 PM

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia

). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

Maybe he felt to hard to get enough 100 Merits to get to Full Member rank so he tried to hack Full member account in this forum and your account look really good cause you have managed few bounty campaigns before

). Or maybe this one is not only sent for you, he sent it for hundreds other member one by one then he could easily clean his Outbox by deleting all his sent PM

.

I guess so, however the code was specifically made for me. My Account name & the numbers in the end of the url is the thread number to my Datecoin signature campaign.

Finally you can ensure that your account still safe and nobody will fall into this phishing trap anymore cause this amateur hackers have been exposed. Grin

. I think this is the last time you click on any link without checking the bottom left corner Grin

.

Aventhe

full member

Activity: 322

Merit: 134

Quote from: nguyenkhanhhung14 on March 24, 2018, 05:23:19 PM

Quote from: Aventhe on March 24, 2018, 05:17:29 PM

Quote from: nguyenkhanhhung14 on March 24, 2018, 05:00:17 PM

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia

). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

Maybe he felt to hard to get enough 100 Merits to get to Full Member rank so he tried to hack Full member account in this forum and your account look really good cause you have managed few bounty campaigns before

). Or maybe this one is not only sent for you, he sent it for hundreds other member one by one then he could easily clean his Outbox by deleting all his sent PM

.

I guess so, however the code was specifically made for me. My Account name & the numbers in the end of the url is the thread number to my Datecoin signature campaign.

nguyenkhanhhung14

member

Activity: 252

Merit: 14

Marketplace for sensor data

Quote from: Aventhe on March 24, 2018, 05:17:29 PM

Quote from: nguyenkhanhhung14 on March 24, 2018, 05:00:17 PM

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia

). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

Maybe he felt to hard to get enough 100 Merits to get to Full Member rank so he tried to hack Full member account in this forum and your account look really good cause you have managed few bounty campaigns before

). Or maybe this one is not only sent for you, he sent it for hundreds other member one by one then he could easily clean his Outbox by deleting all his sent PM

.

Aventhe

full member

Activity: 322

Merit: 134

Quote from: nguyenkhanhhung14 on March 24, 2018, 05:00:17 PM

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia

). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

EcuaMobi

legendary

Activity: 1876

Merit: 1475

Quote from: Aventhe on March 24, 2018, 03:29:45 PM

However I do have the Bitcointalk PM notification via e-mail setup, and here is the message: [img ]http://https://i.imgur.com/XdMOS3X.png[/img]

Aventhe has granted me temporary access to his email account and I've verified this email.
I've checked the headers and compared it with notifications from PMs I sent to him and, to my knowledge, the email seems real.

I'm tagging AlexUAE777.

nguyenkhanhhung14

member

Activity: 252

Merit: 14

Marketplace for sensor data

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia

). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

Aventhe

full member

Activity: 322

Merit: 134

Quote from: EcuaMobi on March 24, 2018, 10:26:42 AM

Quote from: Aventhe on March 24, 2018, 08:51:37 AM

When I clicked on the link it brought me to a Bitcointalk.org login page and asked for my login, however I didnt put anything into it just pressed the backspace to go back to the normal forum. Would this save my info or could it still have been stolen?

If you didn't enter your password there then you should be fine.

Quote from: Aventhe on March 24, 2018, 09:06:11 AM

I tried to shutdown my computer and a weird program was still running that would stop it the shutdown process. Possible malware? If yes, can they still access files after a PC format?

It's not very likely anything got installed just from opening the page. Did you download anything? Did you do anything else at all?
But that does look like malware if it stops the shutdown process. If you format the PC you will get rid of everything, but when you restore your files you may re-install whatever you have now.
Make sure to have a proper antivirus.

Please report his PM and in the comment ask the moderator to post here confirming the veracity of the PM. Then I'll tag AlexUAE777 to try and stop him.
Or you can temporarily allow me or another trusted user to access your account to verify the PM is real

Could theymos verify that such email has been sent to me, or is that out of the boundaries?

Aventhe

full member

Activity: 322

Merit: 134

However I do have the Bitcointalk PM notification via e-mail setup, and here is the message:

Notice the timing matches up. Also, I am more than willing to give someone my email login to verify the message and check the sender's address (if it is actually Bitcointalk).

~~Even if the message content can't be verified~~, a message was sent and that for sure can be verified.

EcuaMobi, no I didn't input anything into the webpage, but I still believe it was malware. Lauda via Telegram in brief explained that with JS it can be anything.

Edit: if I am not incorrect, emails don't show what the user has written the url to look like, but rather what it redirects to.

Aventhe

full member

Activity: 322

Merit: 134

Quote from: Vod on March 24, 2018, 11:55:51 AM

Quote from: EcuaMobi on March 24, 2018, 11:51:56 AM

I've asked OP to prove the PM is real. If it is then I'll tag you too. If he doesn't prove it after some days you could ask vod to remove the feedback he's left on your profile

I've also asked the OP to prove the PM was real, and will remove my negative trust if proof is not provided.

Fuck, I've already deleted the PM in case I accidentally click on it from another device, bad choice right there as I should have waited. If someone does have the balls to enter that url, you will know it is legitimate.

+ I also took a screenshot of the PM on my phone before I deleted it, idk if that helps. I hope it's understandable I don't like malware laying around in my messages.

Vod

legendary

Activity: 3668

Merit: 3010

Licking my boob since 1970

Quote from: EcuaMobi on March 24, 2018, 11:51:56 AM

I've asked OP to prove the PM is real. If it is then I'll tag you too. If he doesn't prove it after some days you could ask vod to remove the feedback he's left on your profile

I've also asked the OP to prove the PM was real, and will remove my negative trust if proof is not provided.

EcuaMobi

legendary

Activity: 1876

Merit: 1475

Quote from: AlexUAE777 on March 24, 2018, 11:08:33 AM

May I ask why user with nickname Vod (https://bitcointalksearch.org/user/vod-30747) put a distrust on me with reference to this topic?
I didn't send any link!!!

If the PM was sent from your account then your account does deserve negative trust, regardless of the IP. It's trivial to use another IP so you can't prove it wasn't really you. And even if you account was really compromised then it deserves negative trust because it can be compromised again.

I've asked OP to prove the PM is real. If it is then I'll tag you too. If he doesn't prove it after some days you could ask vod to remove the feedback he's left on your profile

AlexUAE777

newbie

Activity: 32

Merit: 0

May I ask why user with nickname Vod (https://bitcointalksearch.org/user/vod-30747) put a distrust on me with reference to this topic?
I didn't send any link!!!

AlexUAE777

newbie

Activity: 32

Merit: 0

First of all. I didn't send any link to the topic starter.
He contacted me in Telegram and asked why do I have to send him phishing link.
I was out of the city and couldn't react immediately, since I hadn't laptop with me.
With 15-20 minutes I was able to log into my account and check Outbox for mentioned message & link there was no such message.
Aventhe reported that my account was online, while I wasn't logged in and when I logged in I saw that account total logged in time is 16 hours 30 minutes.
I suppose that if the message was really sent, it could be my account was hacked, so I changed my pw.
Didn't find where to look for access IP list, so perhaps we need someone with admin rights to check it further.

https://i.imgur.com/aaGWL5p.jpg

Topic: Possible Phishing Link from user - Aid Needed. (Read 310 times)