Bitcoin Forum

Other => Meta => Topic started by: noormcs5 on April 01, 2022, 07:07:51 PM



Title: An attempt was made to steal my password
Post by: noormcs5 on April 01, 2022, 07:07:51 PM
Today i received a personal message from a user kamaljamal (https://bitcointalk.org/index.php?action=profile;u=1689249)


https://i.imgur.com/xZV9Chm.png

The message looked normal as i checked the domain name was also correct, so i clicked the link and the following page opened.


https://i.imgur.com/w0w4iJn.png

I was surprised that why i am logged out and then i thought that something fishy is happening. I checked the URL and as you can see it was a phishing URL and that user wanted to steal my password. I did not enter the password on that link.

I think this is a new way of scammers to get hold on our passwords. Also only clicking the link ( as i did) would cause no harm if we do not enter the password?


Title: Re: An attempt was made to steal my password
Post by: OmegaStarScream on April 01, 2022, 07:09:57 PM
The user has been banned already. Someone else reported this earlier: https://bitcointalk.org/index.php?topic=5392542.0;topicseen

Although it's possible to get infected by visiting a website, I don't think you were. It looks like the user's intention was to just gain access to other members accounts.


Title: Re: An attempt was made to steal my password
Post by: Cookdata on April 01, 2022, 07:12:20 PM
seems like that guy is hunting high rank accounts. A similar thread has been opened >>Here<< (https://bitcointalk.org/index.php?topic=5392542.new#new)

Kindly report the account to mod, they will take the necessary action.


Title: Re: An attempt was made to steal my password
Post by: Questat on April 01, 2022, 07:36:45 PM
Looks like this is operated by one group only, there's also a similar thread that was already locked.

Beware : This bitcointalk user is trying to steal my an account (https://bitcointalk.org/index.php?topic=5389109.msg59480680#msg59480680)

Report the user and the mod will certainly ban it, but thanks for spreading that information I hope everyone will be more aware of the new scheme of stealing passwords.



Make sure you already stake your bitcoin address so you can recover the account in case that was already compromise.


Title: Re: An attempt was made to steal my password
Post by: khaled0111 on April 01, 2022, 07:53:10 PM
The message looked normal as i checked the domain name was also correct, so i clicked the link and the following page opened.
That's because the "link" you saw is not really a link, it's anchor text. To see the real address where you will be redirected, you can hover over the link and the address will appear on the status bar (desktop browsers). Or just quote the PM/post. In your case, it will look like this:
Code:
[url=phishing-website.com]legit-website.com[/url]

Quote
I think this is a new way of scammers to get hold on our passwords. Also only clicking the link ( as i did) would cause no harm if we do not enter the password?
This is not really new. Many other members reported receiving similar phishing messages.


Title: Re: An attempt was made to steal my password
Post by: Upgrade00 on April 01, 2022, 08:59:17 PM
Today i received a personal message from a user kamaljamal (https://bitcointalk.org/index.php?action=profile;u=1689249)
First red flag. Unsolicited messages which requires you to take an action; reset password, enter seed phrase etc, should be avoided completely.

I think this is a new way of scammers to get hold on our passwords. Also only clicking the link ( as i did) would cause no harm if we do not enter the password?
This is a pretty old means of scamming and spreading malware's around.
Just clicking on the link should not create any vulnerabilities, entering your password is the action that will send a feedback to the hackers and they can take control of your account.


Title: Re: An attempt was made to steal my password
Post by: s.john on April 01, 2022, 10:46:53 PM
I wonder what kinda of person you have to be to try and hack forums accounts


Title: Re: An attempt was made to steal my password
Post by: dkbit98 on April 02, 2022, 04:41:25 PM
Today i received a personal message from a user kamaljamal (https://bitcointalk.org/index.php?action=profile;u=1689249)
Same old trick, but I see they are not giving up with this phishing attacks.
It's important to never click on this link, check source with right click, double check address bar, and never enter login details anywhere.
I received exactly the same message in 2019 and I wrote detailed post about that and gave simple instructions how to protect yourself in future.
For some time I was planning to update my topic with some changes and corrections for year 2022, and today is the day to do it:
https://bitcointalk.org/index.php?topic=5173531.0

PS
Negative feedback reward goes to mr kamaljamal (https://bitcointalk.org/index.php?action=profile;u=1689249) but I see he is banned already.


Title: Re: An attempt was made to steal my password
Post by: noormcs5 on April 02, 2022, 05:14:20 PM
The message looked normal as i checked the domain name was also correct, so i clicked the link and the following page opened.
That's because the "link" you saw is not really a link, it's anchor text. To see the real address where you will be redirected, you can hover over the link and the address will appear on the status bar (desktop browsers). Or just quote the PM/post. In your case, it will look like this:
Code:
[url=phishing-website.com]legit-website.com[/url]


I wonder how these scammers come up with the clone sites. They do spend some money on all this stuff in order to gain access to people's accounts???

As per the above post, this person has sent messages to other users also, is there anyone who got affected by sending the password?


Title: Re: An attempt was made to steal my password
Post by: BITCOIN4X on April 02, 2022, 08:55:46 PM
~Snip
As per the above post, this person has sent messages to other users also, is there anyone who got affected by sending the password?
We don't know until they tell us that their account has been hacked or that there has been an attempt at hacking in the same way. But so far your account will stay safe if you don't provide the password on the clone site, I don't think you need to worry.

Have you to sign the message?


Title: Re: An attempt was made to steal my password
Post by: BitcoinGirl.Club on April 02, 2022, 09:00:48 PM
I think this is a new way of scammers to get hold on our passwords. Also only clicking the link ( as i did) would cause no harm if we do not enter the password?
Old trick and scammers are trying it since the first hack of the forum if I am not wrong. So more or less it's a trick they are using for over 7 years. You should be fine unless you entered any credentials to the fake login page.

Good to see that no password change on the trust page or you would be asked for a signed message 😉


Title: Re: An attempt was made to steal my password
Post by: khaled0111 on April 02, 2022, 09:29:42 PM
I wonder how these scammers come up with the clone sites. They do spend some money on all this stuff in order to gain access to people's accounts???
No, not really. You can buy a .com domain name for as low as $0.99 on the black friday sales for example and you can host the phishing page locally or on a free web hosting service. So, it's not really that costly.
Scammers add sub domains that look almost like the legit domain to fool the visitor. Something like this:
Code:
https://legit-domain.xyz.phishing-domain.com

Quote
As per the above post, this person has sent messages to other users also, is there anyone who got affected by sending the password?
Not sure if anyone got phished but having a stacked address will help you recover your account if it gets hacked.


Title: Re: An attempt was made to steal my password
Post by: rat03gopoh on April 02, 2022, 09:57:20 PM
I wonder what kinda of person you have to be to try and hack forums accounts
Of course, persons who dunno how forums work.

As per the above post, this person has sent messages to other users also, is there anyone who got affected by sending the password?

That matters, and it's a bit worrying if the account owner doesn't have the staked address. Fortunately, this forum employs an unconventional account recovery method.


Title: Re: An attempt was made to steal my password
Post by: coupable on April 02, 2022, 11:18:40 PM
Quote
As per the above post, this person has sent messages to other users also, is there anyone who got affected by sending the password?
Not sure if anyone got phished but having a stacked address will help you recover your account if it gets hacked.
If I am not wrong, in addition to having a staked unedited btc address (can sign a message from it), the user has to have full control over the email address used to create the lost account. According to the recovery department activities (as reported by users who used the service to recover their accounts), accounts can only be recovered to the original email used for sign up. I lost my account few years back before the forum created a department dedicated for the recovery process and i wa one of th earlier users, the support team asked me for a staked address and the account was restored to the original email.


Title: Re: An attempt was made to steal my password
Post by: Maestro75 on April 10, 2022, 07:43:57 AM
First red flag. Unsolicited messages which requires you to take an action; reset password, enter seed phrase etc, should be avoided completely.

That is true about the red flag. But we do not know what made the op respond to such a message that acted like op was in communication with him by saying he has replied to op when op did not even send out any message.

Not sure if anyone got phished but having a stacked address will help you recover your account if it gets hacked.

And those who are yet to stake their address here do not know what they are missing by not doing that. I delayed on it myself too but when I saw what the advantage is I had to quickly stake mine. Now I have peace and am sure it safeguards my account.


Title: Re: An attempt was made to steal my password
Post by: Pmalek on April 10, 2022, 07:54:45 AM
But we do not know what made the op respond to such a message that acted like op was in communication with him by saying he has replied to op when op did not even send out any message.
Curiosity. He wanted to see what the sender replied to. Maybe he thought it's a post in one of his threads or something that concerns him personally. I get such messages From Bitcointalk users at times asking me what I think about this or that or they ask for advice. Of course, I don't click on anything I am not sure of, especially not any outside links. 


Title: Re: An attempt was made to steal my password
Post by: Zilon on April 14, 2022, 07:45:08 AM
 
The message looked normal as i checked the domain name was also correct, so i clicked the link and the following page opened.
That's because the "link" you saw is not really a link, it's anchor text. To see the real address where you will be redirected, you can hover over the link and the address will appear on the status bar (desktop browsers). Or just quote the PM/post. In your case, it will look like this:
Code:
[url=phishing-website.com]legit-website.com[/url]


I wonder how these scammers come up with the clone sites. They do spend some money on all this stuff in order to gain access to people's accounts???

As per the above post, this person has sent messages to other users also, is there anyone who got affected by sending the password?
I don't think this hackers will want to stop at this. This attack on users account will keep on persisting until their launcher attack succeed. To be sure any link it's best not to click on the link sent by anyone rather you can search the site on Google to be sure it's not an anchor text. I haven't fallen victim of this yet but so far I trade with caution knowing how desperate Bitcointalk new users are about getting more merits and high profiled accounts


Title: Re: An attempt was made to steal my password
Post by: _BlackStar on April 14, 2022, 02:04:41 PM
I haven't fallen victim of this yet but so far I trade with caution knowing how desperate Bitcointalk new users are about getting more merits and high profiled accounts
Attacks like that are actually not only carried out by beginners [even though the account they use is a newbie account] because I think that right is also very possible by experienced users with the aim of hacking and selling it.

Honestly I haven't experienced it this long, but it never hurts to be careful and take precautions. Signing messages with bitcoin is one of the precautions that may come in handy when a hacker manages to gain access to an account. So I thought it was good to have the signed message.

Apart from using strong passwords and signing messages, I think implementing 2FA is also important to increase account security. But unfortunately not yet.


Title: Re: An attempt was made to steal my password
Post by: sheenshane on April 14, 2022, 02:59:46 PM
I think implementing 2FA is also important to increase account security. But unfortunately not yet.
IMO, isn't necessary to add this feature in the future because there's a tendency that you will lose the device that is used in generating 2FA code.

Staking your Bitcoin address (https://bitcointalk.org/index.php?topic=996318.0) as you've said, is fair enough, you need to sign a message your Bitcoin address to prove of ownership.  In addition, you should also have an access to your email address that is linked to your Bitcointalk account or it should always be active so that you'll be notified when someone attempts to change it and you'll receive a message that will lock your account upon clicking it and it's effective within 14 days after receiving the notification message that sent to your email address.

I didn't remember the name there's a user that has been hacked before, the hacker used the account and posted a malicious link, might the hacker of OP account maybe this is also their purpose.  After gaining access they will use it in fraud activity because it's impossible to sell when the real owner is always active on the forum.

We should be careful clicking a link that sent messages privately.


Title: Re: An attempt was made to steal my password
Post by: The Sceptical Chymist on April 23, 2022, 01:14:50 PM
IMO, isn't necessary to add this feature in the future because there's a tendency that you will lose the device that is used in generating 2FA code. <snip>

In addition, you should also have an access to your email address that is linked to your Bitcointalk account or it should always be active so that you'll be notified when someone attempts to change it<snip>
Yep and yep.  I can't stand 2FA personally and never use it when I don't have to--and I'd hate to see it implemented on this forum for something like logging in.  I'm thankful there's an option to stay logged in all the time, because many websites don't even have that feature.

Being able to sign a message from a BTC address should be all anyone needs to prove ownership of a bitcointalk account, and hopefully newbies are aware of the importance of staking an address here.  I somehow lost access to the first address I staked, so a while back I created an Electrum wallet specifically for signing one of the addresses in it.  So even though I've never used the wallet for anything, I've got the seed phrase just in case I ever need to prove account ownership.

Same thing with the e-mail.  The one I use here is only for here, and the login info is kept with the Electrum seed phrase.

accounts can only be recovered to the original email used for sign up.
Is that true?  Hopefully not, else I'm screwed if I ever need to provide login info to Theymos.  You'd think being able to sign a message from a staked addy would be enough, because e-mails can get changed and info lost as time goes on.  I've been a member of the forum since 2015, and I don't know how many passwords and so forth that I've burned through.  Anyway, I'd never heard what you claim is true.  Maybe if a mod stops by, they could verify that.


Title: Re: An attempt was made to steal my password
Post by: Xal0lex on April 23, 2022, 03:53:13 PM
accounts can only be recovered to the original email used for sign up.
Is that true?  Hopefully not, else I'm screwed if I ever need to provide login info to Theymos.  You'd think being able to sign a message from a staked addy would be enough, because e-mails can get changed and info lost as time goes on.  I've been a member of the forum since 2015, and I don't know how many passwords and so forth that I've burned through.  Anyway, I'd never heard what you claim is true.  Maybe if a mod stops by, they could verify that.

Here is what theymos writes about this in this thread (https://bitcointalk.org/index.php?topic=5089777.0) :

If your account was hacked

Email recoveries...@bitcointalk.org, ideally from the account's email address.

I think what he is referring to is the e-mail at the time of the break-in, not the very first e-mail address. Because the e-mail can change many times over the course of your time on the forum.