Author

Topic: Sent me a Suspicious Link (Read 211 times)

legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
January 07, 2022, 12:54:57 PM
#15
I did add it (I've added all 3 entries), but I don't know how smart Windoze is, I know that at least wildcards are not accepted.
The hosts file isn't smart, it just does what you tell it to do. And you are right, it doesn't accept wildcards. If you add a domain name to block it, it will block only the main domain. To block subdomains, you will have to add each one of them individually.
If you want a better way to block a domain with all its subdomain then better use a DNS service such as OpenDNS.

Quote
Also spinbot is most probably a multi-purpose website and not all its users are malicious.
So, depending on each and everyone's interests, it may or may not be a good idea. So I preferred to not suggest that.
The question here is how did the scammer manage to create a subdomain on spinbot.org and host the phishing page on it? Is the domain owner also involved into this or did the scammer exploit some kind of vulnerability because I don't think the website offers hosting services.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 07, 2022, 03:11:45 AM
#14
Just add the entire spinbot.org domain to your hosts file so all future phishing attempts from this domain get black holed.

I believe entries apply for all subdomain IIRC.

I did add it (I've added all 3 entries), but I don't know how smart Windoze is, I know that at least wildcards are not accepted. Also spinbot is most probably a multi-purpose website and not all its users are malicious.
So, depending on each and everyone's interests, it may or may not be a good idea. So I preferred to not suggest that.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 06, 2022, 01:05:39 PM
#13
I believe the scammer behind this is preparing for a bigger and more sophisticated scam

It may be. However, people should be aware and start blacklisting this kind of domains.
My hosts file already has 2 a new lines:
Code:
0.0.0.0	www.bitcointalk.login-index.php-topic.574591.0.spinbot.org
0.0.0.0 bitcointalk.login-index.php-topic.574591.0.spinbot.org

Just add the entire spinbot.org domain to your hosts file so all future phishing attempts from this domain get black holed.

I believe entries apply for all subdomain IIRC.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
January 06, 2022, 09:57:01 AM
#12
At first glance it can be seen that something is wrong with the link, it is clear that it does not lead to a thread but that it tries to trick users to fall into the trap. A public warning is always welcome, but as soon as you receive such a message, use the report to admin option - such users should be removed from the forum as soon as possible without any mercy.

The only problem may be that some accounts used for such things are actually hacked, but this is the problem of the real owners - use unique and complicated passwords and keep them safe (not online or plain text file on your computer) and of course do not click on suspicious links.
legendary
Activity: 2212
Merit: 7064
January 06, 2022, 05:40:08 AM
#11
It is a great news that pinoyiloco has been auto-banned. So, pinoyiloco wont be able to post/send pmto anyone.
I also noticed this when I checked his profile few days ago, but I am sure he is not worried so much because this is not his only account in forum.

I believe the scammer behind this is preparing for a bigger and more sophisticated scam and is targeting mainly users who are active in the Collectibles board.
This phishing scams exist for years in forum, maybe they are using some farmed accounts and bots to send personal messages, but they can send them to anyone.
Collectibles board is just a small part of the forum and not everyone is active there, so best protection is not clicking on any link you receive from other members.
I did a little search for term spinbot and it's some kind of text rewriting, article spinning tool.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 06, 2022, 04:26:13 AM
#10
I believe the scammer behind this is preparing for a bigger and more sophisticated scam

It may be. However, people should be aware and start blacklisting this kind of domains.
My hosts file already has 2 a new lines:
Code:
0.0.0.0	www.bitcointalk.login-index.php-topic.574591.0.spinbot.org
0.0.0.0 bitcointalk.login-index.php-topic.574591.0.spinbot.org
copper member
Activity: 2380
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
January 05, 2022, 10:19:37 PM
#9
mainly users who are active in the Collectibles board.
I am not agree with you, the scammer can target anyone who is reputed on the forum, provide escrow service, doing currency exchange, providing loan service, buy/see Collectibles or something like that.

when clicking on Yabes and hillman321' usernames I get redirected to these user's profiles: nasituygun and izumaki.
Link you have added on nasituygun is redirecting to a page which now is not working but I guess that was hacking link. I think you forgot to add the correct profile link.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
January 05, 2022, 02:21:04 PM
#8
I believe the scammer behind this is preparing for a bigger and more sophisticated scam and is targeting mainly users who are active in the Collectibles board.

After visiting the phishing link at different times, here's what I noticed:
the first time it appeared as if am logged in as user hotdog7 (active in Colectibles)
now it shows am logged in as user Yabes (active in Colectibles) and it shows as if I have a new unread message.

here is a screenshot of the message:


My interpretation: the scammer is impersonating minerjones (a well known escrow) in order to scam Yabes (and most likely some other collectors)

Interesting part: when clicking on Yabes and hillman321' usernames I get redirected to these user's profiles: nasituygun and izumaki. I don't want to jump to conclusions, but it appears they (or at least one of them) are involved into this. Both just woke up after a long period of inactivity and nasituygun's been already tagged for sending phishing links.
copper member
Activity: 2380
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
January 04, 2022, 10:13:13 PM
#7
You shouldn't made the link clickable especially if as you've said, it's a phishing link. You never know when someone accidentally clicks on it, it may be low but I wouldn't take chances. Good thing that you're the one that this person has targeted, we might not know what could've happened if it was a different person.
The link is not working now, yet I am editing the link so that it cant work by a click. Thank you  for your suggestion. As the post created for make awareness of the community, we should avoid any reason which can harm the community.

Checking account pinoyiloco and I see that he was inactive and just woke up, and previously tagged for some ponzi scheme.
He is probably going to banned soon.
It is a great news that pinoyiloco has been auto-banned. So, pinoyiloco wont be able to post/send pmto anyone.
sr. member
Activity: 1274
Merit: 293
January 04, 2022, 09:52:50 PM
#6
You shouldn't made the link clickable especially if as you've said, it's a phishing link. You never know when someone accidentally clicks on it, it may be low but I wouldn't take chances. Good thing that you're the one that this person has targeted, we might not know what could've happened if it was a different person.
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
January 04, 2022, 05:03:59 PM
#5
I am not sure why you open this link, there is obviously that is phishing link.
bitcointalk.login-index.php certainly not sounds like regular forum link or even any other website.
You remember me on my young days, when I am very curious and I like to test everything what I find.  it often did not end well.
legendary
Activity: 2212
Merit: 7064
January 03, 2022, 08:12:02 AM
#4
I think my password had been stored to the hacker but fortunately I have changed my password instantly. Now the link of the message is not working that means that person inactivated the link.
It's not a bad idea to change account password periodically and it's very important to use unique random password only one purpose, that is bitcointalk account in this case.
I also did a password reset and I am thinking of using new email address (with 2fa) dedicated only for bitcointalk forum.

Checking account pinoyiloco and I see that he was inactive and just woke up, and previously tagged for some ponzi scheme.
He is probably going to banned soon.
copper member
Activity: 2380
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
January 03, 2022, 08:05:56 AM
#3
Just report message you received from him to moderators and they will ban him probably.

Few years ago I received similar message from other member scammer who tried to Hack my bitcointalk account, and I wrote how protect yourself from attacks like this:
https://bitcointalksearch.org/topic/how-scammer-tried-to-hack-my-bitcointalk-and-how-to-protect-yourself-5173531
I have already reported and I have posted here to make aware others so that other forum members may stay away from this user as well as others who will send this type of link.

I think my password had been stored to the hacker but fortunately I have changed my password instantly. Now the link of the message is not working that means that person inactivated the link.
legendary
Activity: 2212
Merit: 7064
January 03, 2022, 07:54:07 AM
#2
Just report message you received from him to moderators and they will ban him probably.

Few years ago I received similar message from other member scammer who tried to Hack my bitcointalk account, and I wrote how protect yourself from attacks like this:
https://bitcointalksearch.org/topic/how-scammer-tried-to-hack-my-bitcointalk-and-how-to-protect-yourself-5173531
copper member
Activity: 2380
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
January 03, 2022, 07:42:32 AM
#1
What happened:: Sent me a Suspicious Link

Scammers Profile Link: https://bitcointalksearch.org/user/pinoyiloco-854267

PM/Chat Logs:
Additional Notes: This user has just sent me a message while mentioned
Quote
Hi shasan, please reply to my loan request:
https://www.bitcointalk. login-index.php-topic.574591.0.spinbot.org/index
It seems something which may take login credentials or something else. Note: the person has not posted any lending request. I have opened this link and changed my password instantly. And I opened the link on another browser then noticed it takes to a result which is not accurate.[/color][/b]
Jump to: