Bitcoin Forum

It looks like someone is using the forums hacked database again for nefarious purposes. Several individuals have mentioned receiving these emails, and at least some have already fallen victim to them.

https://i.imgur.com/hGW2ASC.png

---

Do not download.

https://i.imgur.com/vSKTZqV.png

Email came from brianbooker@uk2.net

As Lauda says, do not open any attachments. This is ransomware or malware.

Anyone have an idea how it is possible to acquired information to us? Kinda want some technical knowledge about this kind of phishing attempt*.

As I mentioned in related thread to this, I used my unused extra old laptop (the stock one) to find out what will happened out of my curiousity. Connect it to internet, download, remove internet and open it. My security there are not triggered. Im wondering how it can access those inside stuffs?

The forum was hacked in 2015. I assume the database used for this phishing attempt is from that hack.

Use Google then?

You won't really figure out what it is doing or attempting to do without adequate technical knowledge, unless it is plainly obvious (e.g. ransomware screen).

The btc-e DB has been hacked multiple times. I suspect the emails came from one of these hacks.

I have not registered on BTC-e with this username, nor this email. Therefore, it had to be from Bitcointalk considering that other BTCT users have been getting them as well.

Got it as well and as Lauda the email used the username that i use only here. So it comes from the previous hack
the domain used to send the email is globo.com

I can confirm i also got this email today as well and theres no other places ive used that email so its definitely from the hacked database.

There is a new wave of phishing scams in the past 24 hours - a few users have already been burnt over .3 btc -

https://i.imgur.com/Aj2rJwI.png

Then the url looks just like bitcointalk and wants you to login... so this is new, ongoing - not good!!! I reported one yesterday as well and gave it red trust -

https://bitcointalk.org/index.php?action=profile;u=986625

Thanks, and be careful out there - bitcointalk.org links will be green not blue!!!  :(

EDit - https://bitcointalk.org/index.php?topic=1898264.msg18840021#msg18840021

be careful, that phishing fucker scammer make me alot damage today :(

http://imgur.com/a/FhtrY

Fixed link for ya... 

I can sort of establish a connection.The attacker is probably sending mails to coin collectors who are assumed to be having more bitcoins on them ? Lauda and Zepher is merely a case but it does connect the dots.

I thought that I got this mail as a payment of one of the campaigns I have participated. I downloaded the attachment as well but since I don't have btc-e account, is it something I can do to now? I deleted the word doc file from my computer but my antivirus did not give me any alert.

This was the email I received: http://prntscr.com/f3cucm

If you used the password to unlock the attachment, consider your PC infected.

Keyloggers/coin stealers/and a bunch of other stuff could be running in the background.

Wipe your PC.

Start off with a fresh operating system.

Haven't seen one of these yet.  Stuff like this is why I use Linux virtual machines for all my workspace!  Snapshots are your friend.

It's most likely the old Bitcointalk database

I got this email too, encrypted docx that wanted editing privileges from some random email @mail.com

and stupidly, my friend clicked download on the file.
Fortunately i noticed in time before he put the password in it.

is it gonna do anything if it has been downloaded?
I deleted it instantly :/

This may be a good reminder:

Real link is green when you move your mouse over: bitcointalk forum (real link) (https://bitcointalk.org/index.php)

Fake link is not: bitcointalk forum (with different/fake link) (https://www.google.com/)

p.s. i am referring to the attempt that owlcatz mentioned not the email (obviously :))

I got the mail too.
I dont have an BTC-e account or use this e-mail in other places so it must come from here

You should be alright if all youve done is downloaded it. It looks like you would need to download it , open it with the password an dalso give it editing privileges to enable it to work. I havent even heard of anyone thats had an issue with it yet but its not to say they wont in the future.

It's probably the same as this: https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/

That is something different
This is a document file not Google docs

Not sure if i got this one but any email account i use in crypto gets pounded hard 24/7.
I just checked and have misc 85 attempts.

They never get looked at and go to junk then get auto deleted.
I check the account i use here on the forum no more than 1 time per year.  :D
Idiots can send all the shit they want i couldn't care less.

I also have gotten some far less frequently from the account i used on Cryptsy.
I like to use a specific account for certain sites.. so you can see where the bullshit originates from.
Like the name i registered at Cryptsy in 2013..
It was funny how a guy showed up on the Cryptsy lawsuit topic trolling me with it.
Then how Mullick figured it was a coincidence then vanished into hiding permanently.

Pools are bad for this shit too.

Use a bugmenot account guys LOL