Topic: update: casascius.COM is GOOD but casascius.NET is EVIL / FRAUD / SCAM / 1% (Read 5428 times)

I just received a ransom "request" from the would-be attackers...

https://bitcointalksearch.org/topic/casascius-phishers-demanding-a-ransom-49947

I have received the e-mail from Casascius, but not any of the phishing e-mails, which seems to indicate that the scammers haven't used the Mt. Gox leaked list of e-mail addresses. Anyway, I don't think there's anything wrong with what he has done, and the wording of his e-mail, where he repeatedly apologises for sending these e-mails indiscriminately to the whole Mt. Gox list, seems reasonable enough to me.

One of the sad consequences of all the scams that have plagued Bitcoin services is the level of paranoia that pervades the Bitcoin community now. Even people like Casascius who have done such great work for Bitcoin and shared such great ideas with the community now have to put up with being called spammers and worse just because of an (arguably misguided) attempt at preventing fraud using his name.

If you have kids, I really hope they are never kidnapped, with you holed up in a bunker screaming about unsolicited email and phone calls from their school and the police and your kids getting sold in thailand in the meantime. Your assumption about amber alert is also fucking retarded. There was just a guy who ran a kidnapper down this year in california...like, ran him down, yanked him from his car, kicked the shit out of him and saved some girl. He was fucking awesome. You are just a little bitch.

I really can't believe anyone is this stupid...seriously...like, full-on retarded...

...Hey Casacius, it's not your responsibility to protect the stupid, even though it's severely infringing upon your branding and hard work.

Inaba, maybe you should release a product call Mikerosoft Windows and tell the lawyers that call you, "it's cool, I am only scamming those too stupid to take care of themselves".

+1 Inaba



Well isn't that awfully nice of a "scam" site to now redirect to the "real" site 

It is wrong because you sent UBE (Spam), regardless of your reasoning.  If the email was not requested, you do not send it.  Plain and simple.  I would not accept UBE from my kids school and I sure as hell would not want any Amber Alerts (They are ridiculous and completely useless - the number of children found due to an Amber Alert (email or otherwise) can be counted on one hand and has cost tax payers millions and millions of dollars).  There are NO circumstances that warrant UBE.  None.  Ever.  So your decision to send some was wrong.

You seem to be under the impression that you somehow have/had a responsibility to protect people from their own stupidity.  That is an impossible task that has been proven time and again over the centuries.  This is the fundamental flaw in your logic/justification of sending out the UBE you sent - it's NOT your responsibility to police the internet.  If people click on a spam email to buy something, they deserve to be ripped off.  If they are too stupid to realize that it's a fake site, so be it.  They should not have been buying from a spammer in the first place.  If they did not do their due diligence to be sure the site was real, they deserve whatever they get.  That is the problem and that is why you sending out your email was wrong on every single level.

It could be argued that this statement is incorrect in the sense that had casascius not massly propagated this issue throughout all intertubes connecting all bitcoiners (in this case via emails only), then this would not have been as noticed as it has been and the following may have had continued:

- http://casascius.net/ still existing as phishing site and NOT redirecting to https://casascius.com/ and  providing opportunity for additional fraudulent revenue  (note that the .net domain is still managed by the phisher and at any time could cease redirecting to .com domain)

Perhaps the concern is more about the content of the mass email than the intent of the mass email.  This may be more accurately recognized in consideration of my similar efforts in which I emailed ALL THE HACKERSPACES and messaged ALL THEIR IRC CHANS asking a simple/short question or providing a simple short statement suggestive/asking if they've heard about the european bitcoin conference next month.  Most of the hackerspaces were appreciative of my spreading awareness and even offered to relay to mailing lists, etc. and were not defensive or expressing of dissatisfaction for such unsolicited technology-related informations/news.  Also, similarly my effort towards Bitcoin Around the World in which I unsolicitedly messaged all non-usian IRCers with short message similar to "hiya.  have you noticed #bitcoin-xx?  that is all ^_^ *waves*" were mostly accepted/appreciated since many of the individuals didn't realize there were others from their country or even forums, mining pools, exchanges, etc for their country.  (note: there were a few that backlashed/raged* similarly as to this experience here, but they were obnoxious minority)

---

Let's evaluate what casascius's mistakes were:

Sorry to be sending e-mail to the Mt.Gox leak list. (unnecessary/obnoxious)

Please be advised that a recent e-mail purporting to be from me regarding Casascius Physical
Bitcoins is fake and leads to a phishing site.  Don't give out your info unless you're sure you're
at the right place. (maybe okay, but perhaps could be stated more simply)

The real Casascius Physical Bitcoins website is at https://www.casascius.com. (This is the controversial part*)

If you do not know how to verify my PGP signature, consider looking me up on the forums to make
sure you have the right address and are not being phished. (unsure if this is acceptable or not)

Sorry for the hassle and the inconvenience, but I suppose this was going to happen sooner or later. (also unsure)

*controversial part: Is it better to link to the phishing site only?  the phishing site and the original/real site?  no links at all?  any reference to which site is the phishing site?  any reference to which is the real site?  is it acceptable to indicate which operation/site is being phished?

---

Also, the smallest of concerns/issues liek these...

small/family business: FUUUUUUUUUU, my business's reputation is declining...
corporation: *ignore until it costs more to ignore than to not ignore*

It shouldn't be so surprising.  Consider the idea that the person behind the domain is aware of this thread, realizes that they are only half-evil (e.g. greyhat/grayhat) and decided their evil ploy was foiled/discovered immediately and decided to abandon it and work on other evil ploys....and in addition to abandoning it, they also courteously prepared a quick fix to redirect to the original domain.

Also...


loosing?   seriously?  wtf is happening..  It's been liek a month since I have seen someone correctly spell "losing."

---

Upon initialization of this thread, I was under the assumption/presumption/idea that there was no spam.  This was based on my personalized reality that I had not received any phishing spam and in anticipation of perhaps later realizing that there was or wasn't such spam as to be reported or not by others.  And less than five minutes later after initiating the thread, I learned that that was a case of phishing in relation to casasacius and without censoring or modifying (too much) my initial post (I did change the topic a bit), I shifted the focus/message to be more accurately depicting.  Of course, there were a few others that also took similar approach as mine in which they jumped to conclusions, in which their jumpages may not have provided additional considerations of their conclusions being inaccurate or obnoxious.

Things are right or wrong.  The shade of grey is the fact that you took action that you felt was right, good intentions, makes for a good grey area that scammers seem to like to have sex with.  Do not think I am accusing you of anything with my post, I honestly believe you were left with that choice to cover up your own name with information readily available on how to contact all the people that were just contacted with false info.   I assure you I could care less about one piece of email that I wouldn't have opened anyways.  Which I checked, it seems the initial email I got was sent to junk, along with your follow up email, so seeing them is a non-issue.  

It is one of those in the overall scheme of things, this was not the right thing to do, overall.  This specific case, seems like everything is working out well enough.

"If there is anything I should have done differently, I should have avoided putting a link to my website in my message, so there was no possibility of it being construed as a veiled ad."  I agree with this.  This alone would have made this thread possibly non existent.


I disagree, I think you misunderstand my post or you are in denial of the possible implications of seeing this apology email going off so successfully in the public.  

Anyways, cover up to what?  I am not sure what your reply is trying to state.  Tell me a tale.

How was someone supposed to know the site was fake just by the URL?

You seem to fundamentally misunderstand what happened here, at least by the account in this thread.

Cover up?

The wrong one for any particular reason?  Or just because you state it is so, despite what appears to be the majority here disagreeing.  I am not sure I buy the slippery slope argument - as though somehow my warning leads to legitimizing Viagra and fake diploma spam.  The vast majority of responses to my message were appreciative.  You'd accept an unsolicited e-mail from your kid's school if it burned down, I assume, right?  How about if it was an Amber alert, where the odds of you encountering the missing kid are about 1000000:1.  There are circumstances that warrant it, and I am appreciative that most here seem to agree with the judgment call I made.  I hate spam too.

If there is anything I should have done differently, I should have avoided putting a link to my website in my message, so there was no possibility of it being construed as a veiled ad.  I could say I'll remember that for next time, but I'm not a habitual spammer and am not anticipating there ever being a next time.

Real or not, casascius should not have sent that email to cover up things with the corrected address.  I'm sure not an easy decision, but still the wrong one.

I can't wait to see what new scams will be birthed from the idea that the general public are okay with this apology, we all have casascius in our mind, and if we were thinking about getting a coin before, we now are faced with the decision to not get one anymore, I am in that camp.  Or we buy one and think casascius is such a great guy for doing the right thing.       Still, can't wait to see this system being abused since people here seem to not mind the make up apology email, and from a marketing stand point, it now seems there is no better email to send.

I wonder if there will ever be a moment in time when most people will pay attention to HTTPS and related warnings in their browsers...

If you check http://blockexplorer.com/address/1GHRsryckBsSfKgv6zbun5egbxq8GCT8f1 you can see that the scammers have now made 53.84 BTC (as of the time of this post).  I suspect they would have made even more if it were not for the quick action on Mike's part.  I know it was a difficult and painful decision for him to send out the warning email but I am glad he did.

Now how can this darn site be taken down?  Surely there are forum members here that know how to kill a phishing web site.  Just checked and it is still there and still taking orders.  How about my favorite alt chain killer BCX?  Can you apply some of your skills to kicking some phishing site's ass?

Can you read?


Or it could have been a bunch of people taking steps to report it...


Fucking A, it upsets me to see people bitching about getting an apologetic piece of spam to prevent them from being scammed. You are a bunch of douches.

I got one of your emails, and so far one scam spam that matches the description you gave in your emails. Technically what you did (really did, not the scam emails) was spam.  It was unsolicited bulk email.  While there might have been a better way to deal with this than send out that big email blast, however, I'd be hard put to consider somebody who just wanted to warn people about a scam or phish a bad guy.  (And I'm a hardcore antispam activist with a LONG track record in antispam.)  Announcing the scam here would notify some people, but a lot of the Mt. Gox client base doesn't participate in this forum much.  (Some of those who did got disillusioned after loosing a bunch of bitcoins in earlier frauds and wandered off.)  It's hard to imagine how to contact them all in any other way.

My condolences.  This isn't fun, I know. :/

If I was going to spam, why wouldn't I just put my YouTube videos back up or make more of them?  They were receiving plenty of hits as it is, before I took them down.  Far more than the number of email addresses in the MtGox database.  How about Google Adwords?  (if I have 50 BTC at $5/ea for purple paint VIP in the forum, surely I can afford it?).  If I really want to get serious, I could start accepting Visa/MC (no reason why I couldn't - I'm able to get one for my SwipeClock software business - just haven't bothered, haven't focused on it).  I hadn't even bothered to put up a "like" button (thanks scammer for the idea).

Your left brain is right in that if I wanted to go to elaborate lengths, from an information-theoretical perspective I could have orchestrated all of this, gone all the way to Russia for a VPN, all for a plausible excuse to turn around and send you a spam e-mail from my own IP.  But if your right brain is smart too, you probably realize it's not very likely given a little common sense.  These coins are a hobby project to promote Bitcoin and do not pay my bills.  I have much better things to do with my time than spam marketing.

Perhaps you seriously think other things too, such as that this is not nothing more than just a marketing plan (lowercased because it seems strange to uppercase this phrase) to do exactly what has happened.  In the case that you do think about this and/or other things, you should consider letting this forum know of those such thoughts as well so as to not withhold such informations derived from yuor thoughts. ^_^

It has not disappeared.

I find the explanation that the scammer is someone else much more plausible.

He's putting it all on one address? Wouldn't have done that.

I did the same thing and can confirm it's really displaying the same address: 1GHRsryckBsSfKgv6zbun5egbxq8GCT8f1

Only one transaction on that address for 33.64 BTC, poor guy that fell for it