Pages:
Author

Topic: [UPDATES] Blockchain.com Clone - PHISHING (New: Google Docs Malware) (Read 512 times)

legendary
Activity: 2660
Merit: 1141
@Falconer, it can be a option if someone still wants to join in campaign that ask email. Or, the other option to asked campaign manager to hide the email column from public spreadsheet. Because we never know what happen with that email in the future. When member relogin to that email, and receive an email contains phishing/malware, it still have possibility to clicked unwanted link if he/she not aware with that email.
The target of scammers is to collect as many emails as possible from spreadsheets because the victims are targeted members of the world of cryptocurrency, I am also worried that the manager (bad reputation) is also part of the scammer and manages the bounty scam to collect data from campaign participants, then use the backup email option to not trapped in the black world.
legendary
Activity: 2324
Merit: 1604
hmph..
@Falconer, it can be a option if someone still wants to join in campaign that ask email. Or, the other option to asked campaign manager to hide the email column from public spreadsheet. Because we never know what happen with that email in the future. When member relogin to that email, and receive an email contains phishing/malware, it still have possibility to clicked unwanted link if he/she not aware with that email.
legendary
Activity: 2660
Merit: 1141

And for you as hunters, maybe you can skip any campaign who asking your email to join, to prevent something bad come to you.
You have to prepare a backup email for that, no need to pass it because we don't know if the campaign has good potential and protects our identity. Several campaigns previously requested email and KYC verification, most participants avoided it and in the end, they had passed potential tokens that have been listed on the top exchange.
hero member
Activity: 2870
Merit: 594
There is also another attempts recently, using puny code attack.

It was open by @Slow death, beware of https://login.xn--blockchan-2pba.com/#/login.
legendary
Activity: 2324
Merit: 1604
hmph..
Actually, my email not registered on any bounty, I think they get my email from another case. Since I know if my email registered on the marketplace before and one of the biggest data breaches in Indonesia. Else, I agree with you @Maestro75 if BM not asking email for bounty participants anymore, because BM doesn't need it. And for you as hunters, maybe you can skip any campaign who asking your email to join, to prevent something bad come to you.
legendary
Activity: 2324
Merit: 1604
hmph..
today I received an email in the name of blockchain.com. However, fortunately, I did not register my email to open an account at the service. So I know that this is a phishing/malware email. However, I have something to say here that the e-mail link on the e-mail I received does not use its own domain name. However, they chose to use public cloud storage, in this case, scammers use Google Docs services.

Here are the links and e-mail screenshots:


Code:
The link under view in wallet button: https://docs.google.com/document/pub?id=10zgWhYSe24D411WsXu9As1LdFhXG8d4-2r54M3DtKqM <-- DON'T OPEN THIS PAGE
VirusTotal status: https://www.virustotal.com/gui/url/11143bdb9b6f04a6d855f7d500df4921baba72642bf1600d68de8b6f3c57e2dd/detection

From this case, I want to remind all of the newbie or old members to re-check the link before clicking,

  • check email sender,
  • use capitalized text to make sure they are not using similar text.,
  • don't trust documents from any strange person who shared a link from cloud storage,
  • please use virus scanner before opening the link or ignore it.
-
hero member
Activity: 2212
Merit: 805
Top Crypto Casino
Thanks for the heads up @masulum. These phishing attacks are becoming too rampant nowadays. They've gone from spamming phishing links in chat channels like Telegram and whatsapp groups, discord servers and now It's email. I'm not forget the constant phishing attacks in the replies of popular crypto users. Since there's no permanent solution, It's best to always apply caution when visiting external links. If there's one thing that I know, It's that ; if an opportunity or offer is too good to be true, that's because it probably is.
legendary
Activity: 2324
Merit: 1604
hmph..
Another fake blockchain.com website. This website offers free Ethereum to users. The "LOL" thing on this website is, offer ETH but using Stellar Logo  Grin



Website information:
Domain Name: ETHEREUM-BLOCKHAINE.COM
Registry Domain ID: 2454895476_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2019-11-13T20:00:15
Creation Date: 2019-11-13T19:55:26
Registrar Registration Expiration Date: 2020-11-13T19:55:26
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Code:
ethereum-blockhaine.com/

Be careful, re-check your domain address before login.
legendary
Activity: 2324
Merit: 1604
hmph..
Its not enough to just check sender e-mail, there is software that can fake a real blockchain from sender name, but when you click on link it will reroute you to the fake site.

Best practice would be if you did not expect any mail, just remove it without opening. By just click open the spammer will know you took action and opened it, its called 1-pixel tracker and is used as a marketing technique. The sender will know your ip and date/tine of touching the mail.

/KX

I know about domain spoofing to make phishing email sender address same as original sender. That can be very dangerous to member who not double checking content inside email.

Just removed without opening email, it's easy if (phishing target) email not registered to blockchain.com. But how about someone who get this email and also registered on blockchain.com, i think they will open that phishing email, and very possible to click anything inside content.

edit: typo
hero member
Activity: 1750
Merit: 589
Please double check sender of the email you received.

This is indeed the first that must be done once we recieve an email. If the sender isn't someone we know, don't shut guard down. As much as possible if the email was from a stranger, ignore it or if you consider reading it, never click any links that are attached to it. People are getting to greedy and greedy as time goes by and tgey are willing to do anythung just to phish something from you. The site seems legit but is actually a fake, never trust the looks and make sure to get to know legitimate sites so you can distinguish which is fake and whixh is not.p"0"
member
Activity: 378
Merit: 53
Telegram @keychainX
Quote
Its not enough to just check sender e-mail, there is software that can fake a real blockchain from sender name, but when you click on link it will reroute you to the fake site.

Best practice would be if you did not expect any mail, just remove it without opening. By just click open the spammer will know you took action and opened it, its called 1-pixel tracker and is used as a marketing technique. The sender will know your ip and date/tine of touching the mail.

/KX
legendary
Activity: 2324
Merit: 1604
hmph..

I recently received similar thing directing me to fake Chainlink website...
but phishing website was chianlink.io not chainlink.io


I already mention your thread on another thread about phishing behind HTTPS address. You can read here Phishing attempts increase 400%, many malicious URLs found on trusted domains. That's good, Bitcointalk member very active to create a warning thread about phishing, malware and virus sites.

Thank you for your contribution to add info about Chainlink here Smiley
legendary
Activity: 2212
Merit: 7064
Thanks for reporting one more scammer phishing link attempt...
people need to always double check browsers url address and email sender address.

I recently received similar thing directing me to fake Chainlink website...
but phishing website was chianlink.io not chainlink.io

more info:
https://bitcointalksearch.org/topic/chainlink-phishing-scam-chianlinkio-5195454

legendary
Activity: 2324
Merit: 1604
hmph..
That makes sense, but GMail also scan email content before determine whether it's spam or not. AFAIK detecting email impersonation should be easy for google.

You might want to report the mail as spam/spam if you haven't, so GMail filtering will be better

Thank you, Email has been reported to my email provider, in this case, I am using Yandex email service for custom domain. With few emails I have with the same domain, just that email received phishing mail. Maybe because I use this email to register on airdrop few years ago.

I dont know if Blockchain.com has and App for smartphones or mobiles too on the Googleplay platform.
But if they have one too maybe watch out if you use or install that too there are the same phishing apps as Webpages sometimes .
I look for it when i have the time maybe there is something i can find about that.

Yes, blockchain.com has Android & iOS app: https://www.blockchain.com/wallet
legendary
Activity: 3164
Merit: 3290
I dont know if Blockchain.com has and App for smartphones or mobiles too on the Googleplay platform.
But if they have one too maybe watch out if you use or install that too there are the same phishing apps as Webpages sometimes .
I look for it when i have the time maybe there is something i can find about that.
sr. member
Activity: 1078
Merit: 310
It seems these people who are into phishing modus operandi will stop at nothing, even if they have to clone all the crypto related sites just to get what they want! Smiley

Thankfully people nowadays are very well aware of this kinds of phishing emails because the crypto-community are helping each other give mass awareness about this kinds of evil and shameless acts. Great job OP. Smiley
they will never stop because their brains are only filled with greed and laziness. the movements of people like them must be minimized. some time ago a scammer was arrested by my country's police, the mode is the same that is spreading malware in fake e-mail messages.

phenomena like this must continue to be broadcast because the memory of humans is limited.

I was wondering why do they still continue these kinds of illicit acts? Actually these email sources maybe be traced to its source through digital forensics but I think nobody will come after them and let them be indicted.

There should be some kind of international police like the Interpol to tackle this job and enforce the teeth of the law. After all, cyberlaws are already in effect to most parts of the world and all we need is an international cooperation among Governments to enforce it.
full member
Activity: 1890
Merit: 101
It seems these people who are into phishing modus operandi will stop at nothing, even if they have to clone all the crypto related sites just to get what they want! Smiley

Thankfully people nowadays are very well aware of this kinds of phishing emails because the crypto-community are helping each other give mass awareness about this kinds of evil and shameless acts. Great job OP. Smiley
they will never stop because their brains are only filled with greed and laziness. the movements of people like them must be minimized. some time ago a scammer was arrested by my country's police, the mode is the same that is spreading malware in fake e-mail messages.

phenomena like this must continue to be broadcast because the memory of humans is limited.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
This kind of email usually go straight to your spam folder, especially if you use GMail which have great spam detection.

Gmx is white listed email addrss i think. Because gmx is email hosting provider too. Maybe this is the reason why their email not marked as spam.

That makes sense, but GMail also scan email content before determine whether it's spam or not. AFAIK detecting email impersonation should be easy for google.

You might want to report the mail as spam/spam if you haven't, so GMail filtering will be better
sr. member
Activity: 1078
Merit: 310
It seems these people who are into phishing modus operandi will stop at nothing, even if they have to clone all the crypto related sites just to get what they want! Smiley

Thankfully people nowadays are very well aware of this kinds of phishing emails because the crypto-community are helping each other give mass awareness about this kinds of evil and shameless acts. Great job OP. Smiley
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Do we need a new thread if there's a new phishing email sent to our inbox?

I know the purpose is good, but if anyone has at least a little security awareness, then they won't even bother to check the suspicious link in the first place.

Yes, it is always a good idea to remind people about this type of attack and to highlight the most recent ones that are doing the rounds.  Wink  People have a very short memory and they are bombarded with many different attacks, so a reminder will not hurt anyone.

A good habit will always be not to "click" on any links that are provided in any email and to rather type the address of the websites and services you use on the Internet.

Thank you OP for reminding us.  Wink
Pages:
Jump to: