Author

Topic: Question for forum experts: Possible Phishing? (Read 1121 times)

newbie
Activity: 24
Merit: 0
Giving away your user ID is fine, but you should not give people random URLs that they ask for. Some URLs contain session IDs that can (I think) be used for evil purposes.

The request for account information, before even telling me what they are doing, is what triggered my scam radar.  Just a bit more info, I replied to Mr. Chun by email, asking for more info about what they are doing, and saying my identity on bitcointalk.org is private (I don't use the same account name everywhere).  I got back the exact same email as in the first post, so it's an automated reply.  

Checking their website, it appears to be third party ad referrals.  Given that I use adblock on my web browser, I have a poor opinion of ads in general.  I don't mind targeted ones on topics I care about, or when I am actively searching for a product, but the rest of the time it's just taking up useful screen space, or even delivering exploits.  So I will not only stay away from this guy, but run away and recommend others stay away.

Thanks for everyone's helpful information, I very much appreciate the community here.
administrator
Activity: 5222
Merit: 13032
Giving away your user ID is fine, but you should not give people random URLs that they ask for. Some URLs contain session IDs that can (I think) be used for evil purposes.
legendary
Activity: 1246
Merit: 1077
They are using the accounts to get free ripples.

This is their reply:
Quote
congratulations! you are elligible to participate in our offer, you have 2 options to choose from:


Option A: You will lend the account to us for at most 48 hours. Your account will be returned afterwards, and you get the coins when you grant us access to the account.


Option B: Help us to create a post at specific location, you will be rewarded after 48 hours (You need to be out of newbies in order to do so, we will handle if you chosse option A);


Both options are offering 0.1BTC as reward. Please send email to [email protected] , tell us your option, Bitcoin Addreess, and account ID. My AFK time is quite long sometimes, if you pop your full account information i may not be able to send the coins to you immediately, please leave every questions down in 1 mail. Futher instruction on where to send will be replied after tellingus your option.
newbie
Activity: 24
Merit: 0

No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide.

Good point, and therefore a phishing attempt.  If he wants help posting here, he doesn't need to know the same user names and IDs on
both systems, just a post and then a link to the post itself to prove it was made.  Bitcoin inherently doesn't need a separate account on
his system, he could just pay direct to a bitcoin address provided by the person doing the post.

Right, now to inform dailybitcoins.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

Would having my user ID number (or direct link to my user page which includes the ID number as part of the path)
enable him to have access to my account?  That is what seemed questionable to me that he would need it for any
legitimate purpose.

I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy
regardless.  Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator
to remove the ad and not have other people suckered in.

No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide.
There is a good point here.
donator
Activity: 1218
Merit: 1079
Gerald Davis
He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

Would having my user ID number (or direct link to my user page which includes the ID number as part of the path)
enable him to have access to my account?  That is what seemed questionable to me that he would need it for any
legitimate purpose.

I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy
regardless.  Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator
to remove the ad and not have other people suckered in.

No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

Would having my user ID number (or direct link to my user page which includes the ID number as part of the path)
enable him to have access to my account?  That is what seemed questionable to me that he would need it for any
legitimate purpose.
No, of course. Anyone could look that up easily. (for example theymos, the admin, is 35).
newbie
Activity: 24
Merit: 0
He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

Would having my user ID number (or direct link to my user page which includes the ID number as part of the path)
enable him to have access to my account?  That is what seemed questionable to me that he would need it for any
legitimate purpose.

I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy
regardless.  Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator
to remove the ad and not have other people suckered in.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.
member
Activity: 112
Merit: 16
There's been a few topics going around about the guy. I think John The Dog confirmed that he's been banned for it.
newbie
Activity: 24
Merit: 0
An advertiser on DailyBitcoins.org is offering "Earn 0.1 BTC for making forum post", and contact [email protected]

When I contacted them, I got the following email:
--------------------------------------
From: Casper Cehng Tsz Chun <[email protected]>

Greetings!

Thanks for showing your interest to our offer. This offer is for whoever owns a BitcoinTalk account. As we need to check if you are qualified for this event, you need to provide us a user ID of BitcoinTalk.
You can know your user ID by logging in to your account>profile>Additional information>Show General statistics for this member>Copy the URL. The user ID will be http://bitcointalk.org/.......u=;...... .

Please copy your user id and go to http://chromaticcreative.net/bitcoin/mega/uid.php?u=

Wish us a good partnership.

Casper

--------------------------------------

It seems my forum user ID number is not something they need for legitimate purposes, and this might be a type of phishing (obtaining private information by social engineering).  I would like to hear from forum experts what you think.
Jump to: