|
Title: Phishing? Post by: ThorbenS on February 06, 2018, 12:54:14 PM Hi,
i just received a mail with topic "Reset password for Bitcoin Forum" claiming to be sent from noreply@bitcointalk.org Inside there are two links to the domain http://bitcointclk.org .. i think -> nice try Feel free to open an abuse-ticket and don't get fooled... ---- # Domain Name: BITCOINTCLK.ORG Registry Domain ID: D402200000004566323-LROR Registrar WHOIS Server: whois.ilovewww.com Registrar URL: ilovewww.com Updated Date: 2017-12-17T01:19:54Z Creation Date: 2017-12-16T22:28:27Z Registry Expiry Date: 2018-12-16T22:28:27Z Registrar Registration Expiration Date: Registrar: Shinjiru MSC Sdn Bhd Registrar IANA ID: 1741 Registrar Abuse Contact Email: tildadmin@ilovewww.com Registrar Abuse Contact Phone: +603.79871191 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Registry Registrant ID: C23711765-LROR Registrant Name: Domain Admin Registrant Organization: Privacy Protect, LLC (PrivacyProtect.org) Registrant Street: 10 Corporate Drive Registrant City: Burlington Registrant State/Province: MA Registrant Postal Code: 01803 Registrant Country: US Registrant Phone: +1.8022274003 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: contact@privacyprotect.org Registry Admin ID: C23711765-LROR Admin Name: Domain Admin # ---- Title: Re: Phishing? Post by: Welsh on February 06, 2018, 12:56:46 PM Nice spotting. Unfortunately, this fools a lot of people and it's very difficult to prevent it. Probably sent by one of the many account sellers over in the marketplace looking to hack the account and get rid of it at soon as possible.
Title: Re: Phishing? Post by: Jet Cash on February 06, 2018, 01:19:46 PM Thanks for the heads up, and well worth a point for pointing it out.
I think it should be on the scms board though, but it will probably get more exposure here. :) Title: Re: Phishing? Post by: aoluain on February 06, 2018, 03:24:14 PM Thanks for the heads up.
This is strange that you got this and happen to be a member of the forum. I wonder how many other members go this Phishing mail? To date I have never clicked on suspicious mail, even though I suspect today suspicious mail can be made to look genuine. at a glance BITCOINTCLK.ORG can look the real deal, just goes to prove how something simple can catch people out. Check and re-check before clicking!! Title: Re: Phishing? Post by: guschin on February 06, 2018, 03:38:53 PM It is sad to see people trying to fool other just to make money. I mean how hard is it to make a real profile here and rank up to earn with own profile. I just hope that these people get caught and are punished for these illegal things. You should report them to cyber police in your country.
Title: Re: Phishing? Post by: treatWy on February 06, 2018, 03:40:23 PM I wonder how many other members go this Phishing mail? suspicious mail can be made to look genuine. at a glance BITCOINTCLK.ORG can look the real deal, just goes to prove how something simple can catch people out. Check and re-check before clicking!! In the first look it seems real but look intimately the letter A in bitcointalk.org became C. Wow looks like legit but counterfeit. I learned to you. Thank you very much Title: Re: Phishing? Post by: malikusama on February 06, 2018, 04:48:49 PM Not a new thing to be discussed, i have already seen many replica sites with some changing in the URL.
A wise person will always check the URL sent through emails and PMs. Mostly low ranked users gets into this trap. Title: Re: Phishing? Post by: amouretpaix on February 07, 2018, 02:21:26 PM Hello, I received the same
Quote Dear, This mail was sent because the 'forgot password' function has been applied to your account. IP: 102.16.21.142 If you tried it really, please AUTHORIZE and apply your password reset. Authorize If you did NOT, DEAUTHORIZE and confirm your credential. (Then, you don't need to change your password since it is still safe and secure.) Deauthorize Regards, The Bitcoin Forum Team. L'IP est : Quote NetRange: 102.0.0.0 - 102.255.255.255 CIDR: 102.0.0.0/8 NetName: AFRINIC-102 NetHandle: NET-102-0-0-0-1 Parent: () NetType: Allocated to AfriNIC OriginAS: Organization: African Network Information Center (AFRINIC) RegDate: 2011-02-10 Updated: 2011-02-10 Comment: This IP address range is under AFRINIC responsibility. Comment: Please see http://www.afrinic.net/ for further details, Comment: or check the WHOIS server located at whois.afrinic.net. Ref: https://whois.arin.net/rest/net/NET-102-0-0-0-1 ResourceLink: http://afrinic.net/en/services/whois-query ResourceLink: whois.afrinic.net OrgName: African Network Information Center OrgId: AFRINIC Address: Level 11ABC Address: Raffles Tower Address: Lot 19, Cybercity City: Ebene StateProv: PostalCode: Country: MU RegDate: 2004-05-17 Updated: 2015-05-04 Comment: AfriNIC - http://www.afrinic.net Comment: The African & Indian Ocean Internet Registry Ref: https://whois.arin.net/rest/org/AFRINIC ReferralServer: whois://whois.afrinic.net ResourceLink: http://afrinic.net/en/services/whois-query OrgAbuseHandle: GENER11-ARIN OrgAbuseName: Generic POC OrgAbusePhone: +230 4666616 OrgAbuseEmail: abusepoc@afrinic.net OrgAbuseRef: https://whois.arin.net/rest/poc/GENER11-ARIN OrgTechHandle: GENER11-ARIN OrgTechName: Generic POC OrgTechPhone: +230 4666616 OrgTechEmail: abusepoc@afrinic.net OrgTechRef: https://whois.arin.net/rest/poc/GENER11-ARIN Unfortunately I clicked the Deauthorize link ::) ::) ::).... but nothing happen... Does the link is dangerous (virus, malware, password scanning application ???) I never give my password or anything. Thank you Best regards |