Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Author

Topic: Possible Romanian Phishing attempt using "metatrading" domain. (Read 897 times)

V.Lace
hero member
Activity: 616
Merit: 500
Possible Romanian Phishing attempt using "metatrading" domain.
November 09, 2015, 10:39:23 AM
#8
Quote from: Cyrus on November 04, 2015, 09:49:29 PM
Quote from: --Encrypted-- on November 04, 2015, 10:51:22 AM
I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalksearch.org/topic/--1237344
https://bitcointalksearch.org/topic/--1237363

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalksearch.org/user/mari88-398526

Thanks  Cyrus, cause I am also from Romania!!!
hennessyhemp
hero member
Activity: 511
Merit: 500
Hempire Loading...
Re: Possible Romanian Phishing attempt using "metatrading" domain.
November 06, 2015, 02:20:30 AM
#7
Quote from: Cyrus on November 04, 2015, 09:49:29 PM
Quote from: --Encrypted-- on November 04, 2015, 10:51:22 AM
I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalksearch.org/topic/--1237344
https://bitcointalksearch.org/topic/--1237363

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalksearch.org/user/mari88-398526

Updated thread and title to more accurately represent Romanian delegates. 
Cyrus
administrator
Activity: 3920
Merit: 3123
Re: Possible Romanian Phishing attempt using "metatrading" domain.
November 04, 2015, 09:49:29 PM
#6
Quote from: --Encrypted-- on November 04, 2015, 10:51:22 AM
I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalksearch.org/topic/--1237344
https://bitcointalksearch.org/topic/--1237363

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalksearch.org/user/mari88-398526
--Encrypted--
copper member
Activity: 924
Merit: 1007
hee-ho.
Re: Possible Romanian Phishing attempt using "metatrading" domain.
November 04, 2015, 10:51:22 AM
#5
bump.

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalksearch.org/topic/--1237344
https://bitcointalksearch.org/topic/--1237363

don't know enough to report it. if someone is sure then they should report those topics.


update:
that site leads me to a download page with a malware download.
https://www.virustotal.com/en/file/32829d353a9bd9b208d848c4af6a819e3ed72aca64882498473ca82d8e8243f2/analysis/1446649120/

going to report those topics now.
RustyNomad
sr. member
Activity: 336
Merit: 251
Re: Possible Romanian Phishing attempt using "metatrading" domain.
October 17, 2015, 04:59:01 PM
#4
Metatrader was created by MetaQuotes http://www.metaquotes.net/

Guess you know that already but just posting it here for reference should somebody else might pickup on the 'metatrader' part.

There is only two places from where you should download Metatrader and that is from MetaQuotes and or your broker's website. Also be very careful with downloading indicator and or expert advisor files for this platform especially if from unknown sites. If you do check them with a virus scanner first. These indicators and or expert advisors (EA's) can be coded to call dll files and many other things so will not be surprised either if this route is followed to slip something onto pc's.
hennessyhemp
hero member
Activity: 511
Merit: 500
Hempire Loading...
Re: Possible Romanian Phishing attempt using "metatrading" domain.
October 17, 2015, 04:46:38 PM
#3
Quote from: --Encrypted-- on October 17, 2015, 02:51:19 PM
you mean this domain -> www [dot] metatrading4 [dot] com ?

I saw someone posted this awhile ago (might be your account). can't find it now though.

Yes.
--Encrypted--
copper member
Activity: 924
Merit: 1007
hee-ho.
Re: Possible Romanian Phishing attempt using "metatrading" domain.
October 17, 2015, 02:51:19 PM
#2
you mean this domain -> www [dot] metatrading4 [dot] com ?

I saw someone posted this awhile ago (might be your account). can't find it now though.
hennessyhemp
hero member
Activity: 511
Merit: 500
Hempire Loading...
Re: Possible Romanian Phishing attempt using "metatrading" domain.
October 17, 2015, 02:10:19 PM
#1
If you google the company, it is called Metatrader...the metatradING website is a phishing duplicate that will install a trojan.

I know because I got hit.  Then the guy used my BTCtalk account to advertise his scam.

If you clicked on a program and it looked like nothing happened...you are infected, get malwarebytes and run safe mode (assuming you're on windows).

They got in my cryptsy and withdrew all my funds rapidly (after converting everything to BTC), then deleted the confirmation emails.  I saw one of them before deletion and got notices that many of my other (coinbase, gemini, circle) accounts were being attempted (via my Authy two-factor app...get it, use it always).  

Two-Factor Authentication stopped them...use it with every account you put money in.

Be careful out there and change passwords regularly.

EDIT:  One of my accounts reports their IP as belonging to Romania. 

I don't know if they were using a VPN so they could have been from anywhere but this is the IP I had if anyone thinks they can help in any way:

149.3.142.244

Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Jump to: