|
Title: Question for forum experts: Possible Phishing? Post by: DanielleEber on March 02, 2013, 04:36:10 PM An advertiser on DailyBitcoins.org is offering "Earn 0.1 BTC for making forum post", and contact chromaticcreative@gmail.com
When I contacted them, I got the following email: -------------------------------------- From: Casper Cehng Tsz Chun <caspercat1997@gmail.com> Greetings! Thanks for showing your interest to our offer. This offer is for whoever owns a BitcoinTalk account. As we need to check if you are qualified for this event, you need to provide us a user ID of BitcoinTalk. You can know your user ID by logging in to your account>profile>Additional information>Show General statistics for this member>Copy the URL. The user ID will be http://bitcointalk.org/.......u=<your user id>;...... . Please copy your user id and go to http://chromaticcreative.net/bitcoin/mega/uid.php?u=<your user id> Wish us a good partnership. Casper -------------------------------------- It seems my forum user ID number is not something they need for legitimate purposes, and this might be a type of phishing (obtaining private information by social engineering). I would like to hear from forum experts what you think. Title: Re: Question for forum experts: Possible Phishing? Post by: 21after2 on March 02, 2013, 04:37:00 PM There's been a few topics going around about the guy. I think John The Dog confirmed that he's been banned for it.
Title: Re: Question for forum experts: Possible Phishing? Post by: John (John K.) on March 02, 2013, 04:38:51 PM He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.
Title: Re: Question for forum experts: Possible Phishing? Post by: DanielleEber on March 02, 2013, 06:08:07 PM He is banned from this forum, and someone giving him access to their own accounts will be banned for this too. Would having my user ID number (or direct link to my user page which includes the ID number as part of the path) enable him to have access to my account? That is what seemed questionable to me that he would need it for any legitimate purpose. I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy regardless. Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator to remove the ad and not have other people suckered in. Title: Re: Question for forum experts: Possible Phishing? Post by: John (John K.) on March 02, 2013, 06:13:03 PM He is banned from this forum, and someone giving him access to their own accounts will be banned for this too. Would having my user ID number (or direct link to my user page which includes the ID number as part of the path) enable him to have access to my account? That is what seemed questionable to me that he would need it for any legitimate purpose. Title: Re: Question for forum experts: Possible Phishing? Post by: DeathAndTaxes on March 02, 2013, 06:22:01 PM He is banned from this forum, and someone giving him access to their own accounts will be banned for this too. Would having my user ID number (or direct link to my user page which includes the ID number as part of the path) enable him to have access to my account? That is what seemed questionable to me that he would need it for any legitimate purpose. I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy regardless. Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator to remove the ad and not have other people suckered in. No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide. Title: Re: Question for forum experts: Possible Phishing? Post by: John (John K.) on March 02, 2013, 07:05:05 PM He is banned from this forum, and someone giving him access to their own accounts will be banned for this too. Would having my user ID number (or direct link to my user page which includes the ID number as part of the path) enable him to have access to my account? That is what seemed questionable to me that he would need it for any legitimate purpose. I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy regardless. Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator to remove the ad and not have other people suckered in. No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide. Title: Re: Question for forum experts: Possible Phishing? Post by: DanielleEber on March 02, 2013, 09:18:30 PM No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide. Good point, and therefore a phishing attempt. If he wants help posting here, he doesn't need to know the same user names and IDs on both systems, just a post and then a link to the post itself to prove it was made. Bitcoin inherently doesn't need a separate account on his system, he could just pay direct to a bitcoin address provided by the person doing the post. Right, now to inform dailybitcoins. Title: Re: Question for forum experts: Possible Phishing? Post by: dree12 on March 02, 2013, 09:24:43 PM They are using the accounts to get free ripples.
This is their reply: Quote congratulations! you are elligible to participate in our offer, you have 2 options to choose from: Option A: You will lend the account to us for at most 48 hours. Your account will be returned afterwards, and you get the coins when you grant us access to the account. Option B: Help us to create a post at specific location, you will be rewarded after 48 hours (You need to be out of newbies in order to do so, we will handle if you chosse option A); Both options are offering 0.1BTC as reward. Please send email to chromaticcreative@gmail.com , tell us your option, Bitcoin Addreess, and account ID. My AFK time is quite long sometimes, if you pop your full account information i may not be able to send the coins to you immediately, please leave every questions down in 1 mail. Futher instruction on where to send will be replied after tellingus your option. Title: Re: Question for forum experts: Possible Phishing? Post by: theymos on March 02, 2013, 09:26:34 PM Giving away your user ID is fine, but you should not give people random URLs that they ask for. Some URLs contain session IDs that can (I think) be used for evil purposes.
Title: Re: Question for forum experts: Possible Phishing? Post by: DanielleEber on March 02, 2013, 09:48:45 PM Giving away your user ID is fine, but you should not give people random URLs that they ask for. Some URLs contain session IDs that can (I think) be used for evil purposes. The request for account information, before even telling me what they are doing, is what triggered my scam radar. Just a bit more info, I replied to Mr. Chun by email, asking for more info about what they are doing, and saying my identity on bitcointalk.org is private (I don't use the same account name everywhere). I got back the exact same email as in the first post, so it's an automated reply. Checking their website, it appears to be third party ad referrals. Given that I use adblock on my web browser, I have a poor opinion of ads in general. I don't mind targeted ones on topics I care about, or when I am actively searching for a product, but the rest of the time it's just taking up useful screen space, or even delivering exploits. So I will not only stay away from this guy, but run away and recommend others stay away. Thanks for everyone's helpful information, I very much appreciate the community here. |