Title: campbx phishing attack? Post by: inBitweTrust on December 19, 2013, 02:36:19 PM One of my friends just got an email which looks like a phishing attack. Please don't follow its instructions or go to the domain in the email unless you know how to do this securely. Did anybody else just get this?
Support <amacknnia@job4u.com> Hello, Following a hack our domain name (campbx. Com) we ask you no more on this url you connect Now please you connect you only on http://campbx.eu Thank you to immediatly checked the balance of your account, contact us if you suspect withdrawal was made last last 6 hours Support CampBX here is the domain whois... Registrant: NOT DISCLOSED! Visit www.eurid.eu for webbased whois. Reseller: Technical: Name: Klaba Octave Organisation: OVH Language: fr Phone: +33.899701761 Fax: +33.320200958 Email: support@ovh.com Registrar: Name: OVH SAS Website: www.ovh.com/ Name servers: dns200.anycast.me ns200.anycast.me Title: Re: campbx phishing attack? Post by: Keefe on December 19, 2013, 03:34:09 PM Someone I know got this also. Did CampBX's email list get leaked?
Title: Re: campbx phishing attack? Post by: David Rabahy on December 19, 2013, 03:54:46 PM I just got the following; from a suspect domain, not address to me appropriately, terrible syntax and grammar -> phishing.
-----Original Message----- From: Dzach [mailto:amacodisuf@contractor.com] Sent: Thursday, December 19, 2013 10:42 AM To: Administrator Cc: AOL Users; Webmaster Subject: CampBX security update Hello, Following a hack our domain name (campbx. Com) we ask you no more on this url you connect Now please you connect you only on http://campbx.eu Thank you to immediatly checked the balance of your account, contact us if you suspect withdrawal was made last last 6 hours Support CampBX Title: Re: campbx phishing attack? Post by: sharted on December 19, 2013, 03:59:43 PM Yeah just got the same one:
Mrsjunegordon <amacsuju@london.com> 3:55 PM (1 minute ago) to Postmaster Why is this message in Spam? It's similar to messages that were detected by our spam filters. Learn more Hello, Following a hack our domain name (campbx. Com) we ask you no more on this url you connect Now please you connect you only on http://campbx.eu Thank you to immediatly checked the balance of your account, contact us if you suspect withdrawal was made last last 6 hours Support CampBX notice the cambc. Com, obviously a complete retard with the intellect of a goldfish. Edit: I used the "report phishing" option in Gmail and I suggest others do the same so the user gets shut down quicker Title: Re: campbx phishing attack? Post by: TransAtlantic on December 19, 2013, 04:03:14 PM I also have received that email.
It was coming from "amacojxy@contractor.com", which looks very suspicious to me. (It all looks like a phishing attack.) From the email header: Return-path: <amacojxy@contractor.com> Received: from [37.218.165.55] (port=10935 helo=contractor.com) contractor.com is a domain name registered through GoDaddy in 1999, and hosted at GoDaddy - it doesn't look to be related to CampBX The IP address the email came from (37.218.165.55) is from Kyrgyzstan. So that's clearly a phishing attempt. However, there is an important twist to this plot: I have received that email to an email address which I used _only_ for CampBX. (I use distinct email addresses for distinct services/companies, e.g. "campbx-myusername@mydomain.com" I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.) Only me and CampBX knew that this email address existed. So CampBX customer's email list _was_ compromised. It would be great to have a reply or a statement from CampBX regarding that. Anyone? Title: Re: campbx phishing attack? Post by: Jcw188 on December 19, 2013, 05:22:32 PM I also have received that email. It was coming from "amacojxy@contractor.com", which looks very suspicious to me. (It all looks like a phishing attack.) From the email header: Return-path: <amacojxy@contractor.com> Received: from [37.218.165.55] (port=10935 helo=contractor.com) contractor.com is a domain name registered through GoDaddy in 1999, and hosted at GoDaddy - it doesn't look to be related to CampBX The IP address the email came from (37.218.165.55) is from Kyrgyzstan. So that's clearly a phishing attempt. However, there is an important twist to this plot: I have received that email to an email address which I used _only_ for CampBX. (I use distinct email addresses for distinct services/companies, e.g. "campbx-myusername@mydomain.com" I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.) Only me and CampBX knew that this email address existed. So CampBX customer's email list _was_ compromised. It would be great to have a reply or a statement from CampBX regarding that. Anyone? Wow. I recently stopped using campbx because SOMETHING is going on there, with all the delays in funding and withdrawals. Now this. And frankly, I wouldn't expect CampBX to address this until they feel like it, maybe in a few days after dumb people start complaining that their accts were drained. Title: Re: campbx phishing attack? Post by: mollison on December 19, 2013, 05:43:16 PM I got it too.
I am really glad that CampBX never had any bank account info, unlike Coinbase. Looking forward to hearing more info about this as it is revealed, particularly a response from CampBX. Title: Re: campbx phishing attack? Post by: mollison on December 19, 2013, 05:49:15 PM I submitted a high-priority ticket to their Helpdesk system and linked them to this thread.
I, for one, will not be logging in to CampBX until/unless they provide more information. Don't get me wrong, they have been a great service in the past for me, no problems ever. Title: Re: campbx phishing attack? Post by: not.you on December 19, 2013, 06:25:18 PM However, there is an important twist to this plot: I have received that email to an email address which I used _only_ for CampBX. (I use distinct email addresses for distinct services/companies, e.g. "campbx-myusername@mydomain.com" I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.) Only me and CampBX knew that this email address existed. So CampBX customer's email list _was_ compromised. It would be great to have a reply or a statement from CampBX regarding that. Anyone? The thick plottens! I hope this doesn't mean I won't get my BTC back from that black hole. Edit: found the same email in my spam folder Title: Re: campbx phishing attack? Post by: toastedPotRoast on December 19, 2013, 07:07:58 PM Got one too! Except from a different email address.
Sent from Daniel ayoder <amacomvexyx@europe.com> Quote Hello, Following a hack our domain name (campbx. Com) we ask you no more on this url you connect Now please you connect you only on http://campbx.eu Thank you to immediatly checked the balance of your account, contact us if you suspect withdrawal was made last last 6 hours Support CampBX Title: Re: campbx phishing attack? Post by: Jcw188 on December 19, 2013, 07:24:53 PM Thank God I got my funds out of there recently. I can just see those jerks saying "oh you were hacked, sorry your funds are gone." I mean, why no response yet from CampBX? I'm sure they've received hundreds of complaints.
Title: Re: campbx phishing attack? Post by: bittulip on December 20, 2013, 01:23:21 AM However, there is an important twist to this plot: I have received that email to an email address which I used _only_ for CampBX. (I use distinct email addresses for distinct services/companies, e.g. "campbx-myusername@mydomain.com" I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.) Only me and CampBX knew that this email address existed. So CampBX customer's email list _was_ compromised. I can confirm this. I also use a unique email with CampBX, and I got the phishing email too. Customer data is compromised. Title: Re: campbx phishing attack? Post by: Ridicuss on December 20, 2013, 01:43:06 AM I did not get anything like this today. Maybe they just haven't worked their way to my e-mail addy yet.
Title: Re: campbx phishing attack? Post by: quone17 on December 20, 2013, 04:51:35 AM However, there is an important twist to this plot: I have received that email to an email address which I used _only_ for CampBX. (I use distinct email addresses for distinct services/companies, e.g. "campbx-myusername@mydomain.com" I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.) Only me and CampBX knew that this email address existed. So CampBX customer's email list _was_ compromised. I can confirm this. I also use a unique email with CampBX, and I got the phishing email too. Customer data is compromised. This is unbelievable. Customer data compromised and campbx doesn't say anything? Wtf. Anyone have a response from campbx yet? Title: Re: campbx phishing attack? Post by: mollison on December 20, 2013, 07:39:51 AM This is unbelievable. Customer data compromised and campbx doesn't say anything? Wtf. Anyone have a response from campbx yet? Yes. Got one about 2 hours ago. See text below. Quote Please do not reply or share your login details to any other trading platforms other than https://campbx.com (and https://testnet.campbx.com) to protect your funds. You may see emails generated from phishing websites like campbx.be and cambx.eu. We are trying to investigate for the same. So no specifics but we can infer that they're aware of and acknowledge that phishing is going on. Title: Re: campbx phishing attack? Post by: mufa23 on December 20, 2013, 07:45:34 AM Have any of you guys that got the phising email (which I assume is pretty much everyone?) ever used their helpdesk/ticket system? I'm curious if emails were leaked from the campbx.kayako.com
Title: Re: campbx phishing attack? Post by: not.you on December 20, 2013, 01:10:29 PM Have any of you guys that got the phising email (which I assume is pretty much everyone?) ever used their helpdesk/ticket system? I'm curious if emails were leaked from the campbx.kayako.com Yes on both for me. Title: Re: campbx phishing attack? Post by: sumantso on December 20, 2013, 01:42:50 PM Someone I know got this also. Did CampBX's email list get leaked? I don't think its campx list. I received the mail too and I never went to that site. Maybe they are mailing to BTCtalk list? Title: Re: campbx phishing attack? Post by: TransAtlantic on December 20, 2013, 04:42:12 PM After informing CampBX that their customer's data has been compromised, I received that useless reply from CampBX's support:
Quote Dear XXXX, Please do not reply or share your login details to any other trading platforms other than https://campbx.com (and https://testnet.campbx.com) to protect your funds. You may see emails generated from phishing websites like campbx.be and cambx.eu. We are trying to investigate for the same. Thank you, CampBX Support *** Please check the correct domain of CampBX Bitcoin Trading Platform(https://campbx.com) before login into the CampBX to protect your funds from various phishing websites. It is unfortunate that, instead of acknowledging that they might have had an issue, and be plainly transparent about it, their support simply answers ready-made replies that fail to address the critical issue at hand, and seem to deny that there is any serious issue. As if telling me to be careful where I login would be a solution to the fact that they have leaked my data to fraudsters/scammers!! Title: Re: campbx phishing attack? Post by: bittulip on December 20, 2013, 05:00:07 PM Have any of you guys that got the phising email (which I assume is pretty much everyone?) ever used their helpdesk/ticket system? I'm curious if emails were leaked from the campbx.kayako.com I received the phishing email and I never used the help desk system. And I never used that particular email address on any site but campbx.com. edit: Now that I think of it, Dwolla would know what email address I used with campbx, since I used them to transfer money there. But I haven't heard anything about Dwolla being compromised. Title: Re: campbx phishing attack? Post by: quone17 on December 20, 2013, 06:33:25 PM After informing CampBX that their customer's data has been compromised, I received that useless reply from CampBX's support: Quote Dear XXXX, Please do not reply or share your login details to any other trading platforms other than https://campbx.com (and https://testnet.campbx.com) to protect your funds. You may see emails generated from phishing websites like campbx.be and cambx.eu. We are trying to investigate for the same. Thank you, CampBX Support *** Please check the correct domain of CampBX Bitcoin Trading Platform(https://campbx.com) before login into the CampBX to protect your funds from various phishing websites. It is unfortunate that, instead of acknowledging that they might have had an issue, and be plainly transparent about it, their support simply answers ready-made replies that fail to address the critical issue at hand, and seem to deny that there is any serious issue. As if telling me to be careful where I login would be a solution to the fact that they have leaked my data to fraudsters/scammers!! I agree. It's exactly like with the withdrawal/deposit delays. They don't want to say anything publicly to make anyone nervous. Sure they will e-mail you with a vague comment but they won't admit anything is going on. Most likely until something goes horribly wrong and they have no choice or get sued. Title: Re: campbx phishing attack? Post by: kseistrup on December 21, 2013, 01:00:08 PM I have received that email to an email address which I used _only_ for CampBX. Same here. Title: Re: campbx phishing attack? Post by: bqxpd on December 23, 2013, 05:38:20 AM I have received that email to an email address which I used _only_ for CampBX. Same here. Same here as well. Never having used the email in question elsewhere, I've gotten zero spam of any kind there prior to this. Breach pretty much confirmed. Title: Re: campbx phishing attack? Post by: NTICompass on January 24, 2014, 02:36:40 PM I just got an email from "CampBX" today.
Quote Hello, We are making a maintenance on our servers due to a technical problem for the next 24 hours. So, as you can see CampBX.com is already offline, you will have to logging in on the following link: http://www.campbx.com.co/ It is recommended that you activate your double authenticator before logging in. We are sorry for the inconvenience and doing our best to resolve this problem. If you have any questions, please contact us at https://CampBX.com/contact.php or refer to the FAQ page at https://CampBX.com/faq.php for more information. Thank you, CampBX Team Obviouisly, campbx.com.co, is a phishing URL. Going to http://whois.co gives me this info: Quote Domain Name CAMPBX.COM.CO Domain ID D53300344-CO Registrar-Reseller Name GANDI SAS Sponsoring Registrar CCI REG S.A. Sponsoring Registrar IANA ID 1607 Registrar URL (registration services) http://my.co Domain Status clientTransferProhibited Registrant ID FL5396-GANDI Registrant Name FREDERIC LEBOIS Registrant Organization FREDERIC LEBOIS Registrant Address1 296 RUE DE VAUGIRARD Registrant City PARIS Registrant State/Province 11 Registrant Postal Code 75015 Registrant Country France Registrant Country Code FR Registrant Phone Number +33.641450089 Registrant Email 5e756c0bf3b4f8f4d13eb83a4438375d-1844370@contact.gandi.net Administrative Contact ID FL5396-GANDI Administrative Contact Name FREDERIC LEBOIS Administrative Contact Organization FREDERIC LEBOIS Administrative Contact Address1 296 RUE DE VAUGIRARD Administrative Contact City PARIS Administrative Contact State/Province 11 Administrative Contact Postal Code 75015 Administrative Contact Country France Administrative Contact Country Code FR Administrative Contact Phone Number +33.641450089 Administrative Contact Email 5e756c0bf3b4f8f4d13eb83a4438375d-1844370@contact.gandi.net Name Server A.DNS.GANDI.NET Name Server B.DNS.GANDI.NET Name Server C.DNS.GANDI.NET Created by Registrar CCI REG S.A. Last Updated by Registrar CCI REG S.A. Domain Registration Date Thu Jan 23 16:46:33 GMT 2014 Domain Expiration Date Thu Jan 22 23:59:59 GMT 2015 Domain Last Updated Date Thu Jan 23 16:46:35 GMT 2014 So, is it safe to still use CampBX? I am a CampBX member. I don't think I had any money in there, but is it safe to go check? EDIT: The headers of the email were a bit odd, too: Quote Delivered-To: nticompass@gmail.com Received: by 10.112.221.131 with SMTP id qe3csp98957lbc; Fri, 24 Jan 2014 05:13:34 -0800 (PST) X-Received: by 10.43.60.139 with SMTP id ws11mr10778447icb.12.1390569213105; Fri, 24 Jan 2014 05:13:33 -0800 (PST) Return-Path: <Support@campbx.com> Received: from campbx.com (189-83-59-45.user.veloxzone.com.br. [189.83.59.45]) by mx.google.com with SMTP id 9si3840834igo.72.2014.01.24.05.13.26 for <multiple recipients>; Fri, 24 Jan 2014 05:13:33 -0800 (PST) Received-SPF: fail (google.com: domain of Support@campbx.com does not designate 189.83.59.45 as permitted sender) client-ip=189.83.59.45; Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of Support@campbx.com does not designate 189.83.59.45 as permitted sender) smtp.mail=Support@campbx.com Message-ID: <F0202FBB.BF59CD24@campbx.com> Date: Fri, 24 Jan 2014 14:13:32 +0100 From: "Nticompass" <Support@campbx.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24 X-Accept-Language: en-us MIME-Version: 1.0 To: "Webmaster" <nticompass@gmail.com> Subject: CampBx Offline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Title: Re: campbx phishing attack? Post by: not.you on January 24, 2014, 04:01:47 PM I got the same email this morning. CampBX is in major decline anyway. After my last fiasco with their insanely non-responsive customer service I resolved never to go near the place again.
Title: Re: campbx phishing attack? Post by: mufa23 on January 24, 2014, 05:32:36 PM Yeah, i got the same email. Live detected it as spam. Looks like it's a spoofed email. The campbx.com.co was a dead giveaway
Title: Re: campbx phishing attack? Post by: epetroel on January 24, 2014, 05:40:51 PM I got that one too, gmail didn't mark it as Spam though. The terrible english is of course a dead giveaway.
You'd think for all the effort people put into these kinds of hack attempts, they'd at least find somebody who can write proper english. |