Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Author

Topic: Sent me a Suspicious Link (Read 208 times)

khaled0111
legendary
Activity: 2506
Merit: 2832
Top Crypto Casino
Sent me a Suspicious Link
January 07, 2022, 01:54:57 PM
#15
Quote from: NeuroticFish on January 07, 2022, 04:11:45 AM
I did add it (I've added all 3 entries), but I don't know how smart Windoze is, I know that at least wildcards are not accepted.
The hosts file isn't smart, it just does what you tell it to do. And you are right, it doesn't accept wildcards. If you add a domain name to block it, it will block only the main domain. To block subdomains, you will have to add each one of them individually.
If you want a better way to block a domain with all its subdomain then better use a DNS service such as OpenDNS.

Quote
Also spinbot is most probably a multi-purpose website and not all its users are malicious.
So, depending on each and everyone's interests, it may or may not be a good idea. So I preferred to not suggest that.
The question here is how did the scammer manage to create a subdomain on spinbot.org and host the phishing page on it? Is the domain owner also involved into this or did the scammer exploit some kind of vulnerability because I don't think the website offers hosting services.
NeuroticFish
legendary
Activity: 3500
Merit: 6205
Looking for campaign manager? Contact icopress!
Re: Sent me a Suspicious Link
January 07, 2022, 04:11:45 AM
#14
Quote from: NotATether on January 06, 2022, 02:05:39 PM
Just add the entire spinbot.org domain to your hosts file so all future phishing attempts from this domain get black holed.

I believe entries apply for all subdomain IIRC.

I did add it (I've added all 3 entries), but I don't know how smart Windoze is, I know that at least wildcards are not accepted. Also spinbot is most probably a multi-purpose website and not all its users are malicious.
So, depending on each and everyone's interests, it may or may not be a good idea. So I preferred to not suggest that.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: Sent me a Suspicious Link
January 06, 2022, 02:05:39 PM
#13
Quote from: NeuroticFish on January 06, 2022, 05:26:13 AM
Quote from: khaled0111 on January 05, 2022, 03:21:04 PM
I believe the scammer behind this is preparing for a bigger and more sophisticated scam

It may be. However, people should be aware and start blacklisting this kind of domains.
My hosts file already has 2 a new lines:
Code:
0.0.0.0 www.bitcointalk.login-index.php-topic.574591.0.spinbot.org
0.0.0.0 bitcointalk.login-index.php-topic.574591.0.spinbot.org

Just add the entire spinbot.org domain to your hosts file so all future phishing attempts from this domain get black holed.

I believe entries apply for all subdomain IIRC.
Lucius
legendary
Activity: 3220
Merit: 5634
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: Sent me a Suspicious Link
January 06, 2022, 10:57:01 AM
#12
At first glance it can be seen that something is wrong with the link, it is clear that it does not lead to a thread but that it tries to trick users to fall into the trap. A public warning is always welcome, but as soon as you receive such a message, use the report to admin option - such users should be removed from the forum as soon as possible without any mercy.

The only problem may be that some accounts used for such things are actually hacked, but this is the problem of the real owners - use unique and complicated passwords and keep them safe (not online or plain text file on your computer) and of course do not click on suspicious links.
dkbit98
legendary
Activity: 2212
Merit: 7064
Cashback 15%
Re: Sent me a Suspicious Link
January 06, 2022, 06:40:08 AM
#11
Quote from: shasan on January 04, 2022, 11:13:13 PM
It is a great news that pinoyiloco has been auto-banned. So, pinoyiloco wont be able to post/send pmto anyone.
I also noticed this when I checked his profile few days ago, but I am sure he is not worried so much because this is not his only account in forum.

Quote from: khaled0111 on January 05, 2022, 03:21:04 PM
I believe the scammer behind this is preparing for a bigger and more sophisticated scam and is targeting mainly users who are active in the Collectibles board.
This phishing scams exist for years in forum, maybe they are using some farmed accounts and bots to send personal messages, but they can send them to anyone.
Collectibles board is just a small part of the forum and not everyone is active there, so best protection is not clicking on any link you receive from other members.
I did a little search for term spinbot and it's some kind of text rewriting, article spinning tool.
NeuroticFish
legendary
Activity: 3500
Merit: 6205
Looking for campaign manager? Contact icopress!
Re: Sent me a Suspicious Link
January 06, 2022, 05:26:13 AM
#10
Quote from: khaled0111 on January 05, 2022, 03:21:04 PM
I believe the scammer behind this is preparing for a bigger and more sophisticated scam

It may be. However, people should be aware and start blacklisting this kind of domains.
My hosts file already has 2 a new lines:
Code:
0.0.0.0 www.bitcointalk.login-index.php-topic.574591.0.spinbot.org
0.0.0.0 bitcointalk.login-index.php-topic.574591.0.spinbot.org
shasan
copper member
Activity: 2128
Merit: 1241
Need a Bounty Manager? t.me/shasan32
Re: Sent me a Suspicious Link
January 05, 2022, 11:19:37 PM
#9
Quote from: khaled0111 on January 05, 2022, 03:21:04 PM
mainly users who are active in the Collectibles board.
I am not agree with you, the scammer can target anyone who is reputed on the forum, provide escrow service, doing currency exchange, providing loan service, buy/see Collectibles or something like that.

Quote from: khaled0111 on January 05, 2022, 03:21:04 PM
when clicking on Yabes and hillman321' usernames I get redirected to these user's profiles: nasituygun and izumaki.
Link you have added on nasituygun is redirecting to a page which now is not working but I guess that was hacking link. I think you forgot to add the correct profile link.
khaled0111
legendary
Activity: 2506
Merit: 2832
Top Crypto Casino
Re: Sent me a Suspicious Link
January 05, 2022, 03:21:04 PM
#8
I believe the scammer behind this is preparing for a bigger and more sophisticated scam and is targeting mainly users who are active in the Collectibles board.

After visiting the phishing link at different times, here's what I noticed:
the first time it appeared as if am logged in as user hotdog7 (active in Colectibles)
now it shows am logged in as user Yabes (active in Colectibles) and it shows as if I have a new unread message.

here is a screenshot of the message:


My interpretation: the scammer is impersonating minerjones (a well known escrow) in order to scam Yabes (and most likely some other collectors)

Interesting part: when clicking on Yabes and hillman321' usernames I get redirected to these user's profiles: nasituygun and izumaki. I don't want to jump to conclusions, but it appears they (or at least one of them) are involved into this. Both just woke up after a long period of inactivity and nasituygun's been already tagged for sending phishing links.
shasan
copper member
Activity: 2128
Merit: 1241
Need a Bounty Manager? t.me/shasan32
Re: Sent me a Suspicious Link
January 04, 2022, 11:13:13 PM
#7
Quote from: Obito on January 04, 2022, 10:52:50 PM
You shouldn't made the link clickable especially if as you've said, it's a phishing link. You never know when someone accidentally clicks on it, it may be low but I wouldn't take chances. Good thing that you're the one that this person has targeted, we might not know what could've happened if it was a different person.
The link is not working now, yet I am editing the link so that it cant work by a click. Thank you  for your suggestion. As the post created for make awareness of the community, we should avoid any reason which can harm the community.

Quote from: dkbit98 on January 03, 2022, 09:12:02 AM
Checking account pinoyiloco and I see that he was inactive and just woke up, and previously tagged for some ponzi scheme.
He is probably going to banned soon.
It is a great news that pinoyiloco has been auto-banned. So, pinoyiloco wont be able to post/send pmto anyone.
Obito
sr. member
Activity: 1274
Merit: 293
Re: Sent me a Suspicious Link
January 04, 2022, 10:52:50 PM
#6
You shouldn't made the link clickable especially if as you've said, it's a phishing link. You never know when someone accidentally clicks on it, it may be low but I wouldn't take chances. Good thing that you're the one that this person has targeted, we might not know what could've happened if it was a different person.
examplens
legendary
Activity: 3248
Merit: 3098
Re: Sent me a Suspicious Link
January 04, 2022, 06:03:59 PM
#5
I am not sure why you open this link, there is obviously that is phishing link.
bitcointalk.login-index.php certainly not sounds like regular forum link or even any other website.
You remember me on my young days, when I am very curious and I like to test everything what I find.  it often did not end well.
dkbit98
legendary
Activity: 2212
Merit: 7064
Cashback 15%
Re: Sent me a Suspicious Link
January 03, 2022, 09:12:02 AM
#4
Quote from: shasan on January 03, 2022, 09:05:56 AM
I think my password had been stored to the hacker but fortunately I have changed my password instantly. Now the link of the message is not working that means that person inactivated the link.
It's not a bad idea to change account password periodically and it's very important to use unique random password only one purpose, that is bitcointalk account in this case.
I also did a password reset and I am thinking of using new email address (with 2fa) dedicated only for bitcointalk forum.

Checking account pinoyiloco and I see that he was inactive and just woke up, and previously tagged for some ponzi scheme.
He is probably going to banned soon.
shasan
copper member
Activity: 2128
Merit: 1241
Need a Bounty Manager? t.me/shasan32
Re: Sent me a Suspicious Link
January 03, 2022, 09:05:56 AM
#3
Quote from: dkbit98 on January 03, 2022, 08:54:07 AM
Just report message you received from him to moderators and they will ban him probably.

Few years ago I received similar message from other member scammer who tried to Hack my bitcointalk account, and I wrote how protect yourself from attacks like this:
https://bitcointalksearch.org/topic/how-scammer-tried-to-hack-my-bitcointalk-and-how-to-protect-yourself-5173531
I have already reported and I have posted here to make aware others so that other forum members may stay away from this user as well as others who will send this type of link.
I think my password had been stored to the hacker but fortunately I have changed my password instantly. Now the link of the message is not working that means that person inactivated the link.
dkbit98
legendary
Activity: 2212
Merit: 7064
Cashback 15%
Re: Sent me a Suspicious Link
January 03, 2022, 08:54:07 AM
#2
Just report message you received from him to moderators and they will ban him probably.

Few years ago I received similar message from other member scammer who tried to Hack my bitcointalk account, and I wrote how protect yourself from attacks like this:
https://bitcointalksearch.org/topic/how-scammer-tried-to-hack-my-bitcointalk-and-how-to-protect-yourself-5173531
shasan
copper member
Activity: 2128
Merit: 1241
Need a Bounty Manager? t.me/shasan32
Re: Sent me a Suspicious Link
January 03, 2022, 08:42:32 AM
#1
What happened:: Sent me a Suspicious Link

Scammers Profile Link: https://bitcointalksearch.org/user/pinoyiloco-854267

PM/Chat Logs:
Additional Notes: This user has just sent me a message while mentioned
Quote
Hi shasan, please reply to my loan request:
https://www.bitcointalk. login-index.php-topic.574591.0.spinbot.org/index
It seems something which may take login credentials or something else. Note: the person has not posted any lending request. I have opened this link and changed my password instantly. And I opened the link on another browser then noticed it takes to a result which is not accurate.[/color][/b]
Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Jump to: