Author

Topic: Possible Romanian Phishing attempt using "metatrading" domain. (Read 906 times)

hero member
Activity: 616
Merit: 500
I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalksearch.org/topic/--1237344
https://bitcointalksearch.org/topic/--1237363

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalksearch.org/user/mari88-398526

Thanks  Cyrus, cause I am also from Romania!!!
hero member
Activity: 511
Merit: 500
Hempire Loading...
I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalksearch.org/topic/--1237344
https://bitcointalksearch.org/topic/--1237363

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalksearch.org/user/mari88-398526

Updated thread and title to more accurately represent Romanian delegates. 
administrator
Activity: 3962
Merit: 3184
I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalksearch.org/topic/--1237344
https://bitcointalksearch.org/topic/--1237363

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalksearch.org/user/mari88-398526
copper member
Activity: 924
Merit: 1007
hee-ho.
bump.

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalksearch.org/topic/--1237344
https://bitcointalksearch.org/topic/--1237363

don't know enough to report it. if someone is sure then they should report those topics.


update:
that site leads me to a download page with a malware download.
https://www.virustotal.com/en/file/32829d353a9bd9b208d848c4af6a819e3ed72aca64882498473ca82d8e8243f2/analysis/1446649120/

going to report those topics now.
sr. member
Activity: 336
Merit: 251
Metatrader was created by MetaQuotes http://www.metaquotes.net/

Guess you know that already but just posting it here for reference should somebody else might pickup on the 'metatrader' part.

There is only two places from where you should download Metatrader and that is from MetaQuotes and or your broker's website. Also be very careful with downloading indicator and or expert advisor files for this platform especially if from unknown sites. If you do check them with a virus scanner first. These indicators and or expert advisors (EA's) can be coded to call dll files and many other things so will not be surprised either if this route is followed to slip something onto pc's.
hero member
Activity: 511
Merit: 500
Hempire Loading...
you mean this domain -> www [dot] metatrading4 [dot] com ?

I saw someone posted this awhile ago (might be your account). can't find it now though.

Yes.
copper member
Activity: 924
Merit: 1007
hee-ho.
you mean this domain -> www [dot] metatrading4 [dot] com ?

I saw someone posted this awhile ago (might be your account). can't find it now though.
hero member
Activity: 511
Merit: 500
Hempire Loading...
If you google the company, it is called Metatrader...the metatradING website is a phishing duplicate that will install a trojan.

I know because I got hit.  Then the guy used my BTCtalk account to advertise his scam.

If you clicked on a program and it looked like nothing happened...you are infected, get malwarebytes and run safe mode (assuming you're on windows).

They got in my cryptsy and withdrew all my funds rapidly (after converting everything to BTC), then deleted the confirmation emails.  I saw one of them before deletion and got notices that many of my other (coinbase, gemini, circle) accounts were being attempted (via my Authy two-factor app...get it, use it always).  

Two-Factor Authentication stopped them...use it with every account you put money in.

Be careful out there and change passwords regularly.

EDIT:  One of my accounts reports their IP as belonging to Romania. 

I don't know if they were using a VPN so they could have been from anywhere but this is the IP I had if anyone thinks they can help in any way:

149.3.142.244

Jump to: