Bitcoin Forum

A few minutes ago I got sent the following message from AlexUAE777 (https://bitcointalk.org/index.php?action=profile;u=1064480)

https://i.imgur.com/FRbJjKj.png

Without thinking, I clicked on the link and it turns out the link is (check bottom left corner):

https://i.imgur.com/7KFmq7x.png

Clearly it is fake, and has been altered to look legitimate. I have since then changed my password, however can someone tell me if I am at risk of other data beeches or should I update passwords on everything or maybe even reset windows.

When I clicked on the link it brought me to a Bitcointalk.org login page and asked for my login, however I didnt put anything into it just pressed the backspace to go back to the normal forum. Would this save my info or could it still have been stolen?

(I've talked to the account owner on Telegram and apparently the account was compromised for this message to be sent.)
-Av.

I tried to shutdown my computer and a weird program was still running that would stop it the shutdown process. Possible malware? If yes, can they still access files after a PC format?

If you didn't enter your password there then you should be fine.

It's not very likely anything got installed just from opening the page. Did you download anything? Did you do anything else at all?
But that does look like malware if it stops the shutdown process. If you format the PC you will get rid of everything, but when you restore your files you may re-install whatever you have now.
Make sure to have a proper antivirus.

---

Please report his PM and in the comment ask the moderator to post here confirming the veracity of the PM. Then I'll tag AlexUAE777 to try and stop him.
Or you can temporarily allow me or another trusted user to access your account to verify the PM is real

Since you didn't enter any details, your account is not in risk. Had you entered your credentials and logged in, things would have scaled across in a different way. But luckily that did not happen. This link in the image has the website myrippleaddress.com and here's what virustotal.com had to say on it.
myrippleaddress.com : https://www.virustotal.com/#/domain/myrippleaddress.com
bitcointalk.org-index.php: https://www.virustotal.com/#/url/91fbdb8a19b736f71be20933629937b4ef2f15ac60702ceea277dd71d21872f0/detection

---

I'd suggest you to install malwarebytes.

First of all. I didn't send any link to the topic starter.
He contacted me in Telegram and asked why do I have to send him phishing link.
I was out of the city and couldn't react immediately, since I hadn't laptop with me.
With 15-20 minutes I was able to log into my account and check Outbox for mentioned message & link there was no such message.
Aventhe reported that my account was online, while I wasn't logged in and when I logged in I saw that account total logged in time is 16 hours 30 minutes.
I suppose that if the message was really sent, it could be my account was hacked, so I changed my pw.
Didn't find where to look for access IP list, so perhaps we need someone with admin rights to check it further.

https://i.imgur.com/aaGWL5p.jpg

May I ask why user with nickname Vod (https://bitcointalk.org/index.php?action=profile;u=30747) put a distrust on me with reference to this topic?
I didn't send any link!!!

If the PM was sent from your account then your account does deserve negative trust, regardless of the IP. It's trivial to use another IP so you can't prove it wasn't really you. And even if you account was really compromised then it deserves negative trust because it can be compromised again.

I've asked OP to prove the PM is real. If it is then I'll tag you too. If he doesn't prove it after some days you could ask vod to remove the feedback he's left on your profile

I've also asked the OP to prove the PM was real, and will remove my negative trust if proof is not provided.

Fuck, I've already deleted the PM in case I accidentally click on it from another device, bad choice right there as I should have waited. If someone does have the balls to enter that url, you will know it is legitimate.

+ I also took a screenshot of the PM on my phone before I deleted it, idk if that helps. I hope it's understandable I don't like malware laying around in my messages.

https://i.imgur.com/c7hMy8P.png

However I do have the Bitcointalk PM notification via e-mail setup, and here is the message: https://i.imgur.com/XdMOS3X.png

Notice the timing matches up. Also, I am more than willing to give someone my email login to verify the message and check the sender's address (if it is actually Bitcointalk).

Even if the message content can't be verified, a message was sent and that for sure can be verified.

EcuaMobi, no I didn't input anything into the webpage, but I still believe it was malware. Lauda via Telegram in brief explained that with JS it can be anything.

Edit: if I am not incorrect, emails don't show what the user has written the url to look like, but rather what it redirects to.

Could theymos verify that such email has been sent to me, or is that out of the boundaries?

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia :)). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe :)

Aventhe has granted me temporary access to his email account and I've verified this email (https://i.imgur.com/XdMOS3X.png).
I've checked the headers and compared it with notifications from PMs I sent to him and, to my knowledge, the email seems real.

I'm tagging AlexUAE777 (https://bitcointalk.org/index.php?action=profile;u=1064480).

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

Maybe he felt to hard to get enough 100 Merits to get to Full Member rank so he tried to hack Full member account in this forum and your account look really good cause you have managed few bounty campaigns before :)). Or maybe this one is not only sent for you, he sent it for hundreds other member one by one then he could easily clean his Outbox by deleting all his sent PM :).

I guess so, however the code was specifically made for me. My Account name & the numbers in the end of the url is the thread number to my Datecoin signature campaign.

Finally you can ensure that your account still safe and nobody will fall into this phishing trap anymore cause this amateur hackers have been exposed. ;D. I think this is the last time you click on any link without checking the bottom left corner ;D. 

I experienced it too, but with the difference I was not redirected to the login page, but strangely when I got a link like that, I was redirected to a thread and I logout by itself. But after I felt something strange, I immediately retyped bitcointalk.org in the address bar, and I went back to my account and without the need to login. I think that's very strange.

Just curious. What exactly do these phishers aim to achieve by penetrating the accounts? It's not like they can steal coins within the short time span when the genuine owners realize what happened and the accounts are then tagged for being hacked into.

Or is it a quick sale? Which seems unlikely, given they first need to put up ads which would be open for all to see, including DT members.

Neither will taking out loans work. This is a painstakingly time consuming process involving signing of staked addresses etc. And lenders do a systematic check of the forum for any record of the account having any open and unresolved issues.

Well, that's kinda what happened to me.

Not new at all. I encountered the same problem here last year in November: https://bitcointalk.org/index.php?topic=2385827.

I clicked on the link, realised that it was a phishing link, and then went back straightaway without submitting any data. I use a Mac OS. After 4 months, nothing bad has happened yet. I think it's unlikely that any malware has been installed onto your computer, but if you're having some weird stuff happening to you in the shut down process, you better get your computer checked out with antivirus, or reset windows if it's something serious.


I'm guessing that they'll either attempt to scam in trades where signing messages is not as common, or try to launch an attack on the forum with the data they get. But your account details are compromised for sure if you submit any data and that's all you'll need to worry about.

Perhaps my account was compromised before and used for phishing.
Nevertheless, really sorry for that. Hope nobody get hurt by this/these mails.

Check this out > https://bitcointalk.org/index.php?topic=3196724.0

A similar case posted over an hour ago in scam accusation board.

::) They might be a gang who's sending phishing links to other users. Both the accused users have similarities between them.

Instead of an organized gang, they might just be all victims of clicking on the same phishing link. And when they do get hacked, they are able to take over the hacked accounts and basically send more PMs from their accounts. Think of it as an ever expanding network of infected accounts, also trying to infect other accounts.

That should be the case, leading to more and more people being victims and sending out these phishing links without their consent.

I've seen 2 similar cases in scam accusations today, I don't think it's a coincidence. I doubt that anything bad will happen to you just by clicking on the link and checking it out before exiting it, but it's best to run some antiviral scans still just to be sure.