|
Title: Warning! BTC-e Voucher Email phishing alert! Post by: J1mb0 on May 02, 2017, 01:52:39 PM I am guessing the email below has a malign document attached! I advise anyone getting these emails NOT TO OPEN the attachments.
I imagine the sender/offender would try and gain access to your crypto wallets. Quote Mills Dean <seanlittle@sky.com> Attachments14:28 (19 minutes ago) to J1mb0 Good day RATATATATATAT!. See the attached BTC-e vouchers. You have to use them within 6 hours. Access key is 8x5VXl You need to paste it to access the document. Thanks Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: bathrobehero on May 02, 2017, 01:53:57 PM Got the same a few minutes ago, just deleted it in like 2 seconds.
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: gribble on May 02, 2017, 02:00:32 PM I am guessing the email below has a malign document attached! I advise anyone getting these emails NOT TO OPEN the attachments. I have got the same of email but with different sender, i just deleted it because i am sure it is just, I imagine the sender/offender would try and gain access to your crypto wallets. Quote Mills Dean <seanlittle@sky.com> Attachments14:28 (19 minutes ago) to J1mb0 Good day RATATATATATAT!. See the attached BTC-e vouchers. You have to use them within 6 hours. Access key is 8x5VXl You need to paste it to access the document. Thanks so i gives my witness on this thread. So for the other people becareful with this email. For the detail here. Hi blabla.. See the attached BTC-e vouchers. You have to activate it within 4 hours. The Passwd is eklLxxyz. You need to paste it to be able to view the document. Kindest regards Boone Rhonda Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: goinmerry on May 02, 2017, 02:08:26 PM Just got the same email too:
Sender: Benjamin IIliana <natalio@antakya.com.ar> This email is kinda obvious and I will assume that most of the traders at BTC-e will know that kind of email is not related to the site itself. I tried to open it on my extra laptop out of curiousity but the word is empty. That laptop have no files and really not always in used so I test it out there. Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: stomachgrowls on May 02, 2017, 02:20:56 PM I am guessing the email below has a malign document attached! I advise anyone getting these emails NOT TO OPEN the attachments. This isnt new anymore because there are really email do similar to this not only on BTC-e but most of sites as long they can able to steal money from people. I do also recieve this email but commonly i just ignore and delete it right away.Dont take itt serious because once you click the bait then consequences will surely be the next.I imagine the sender/offender would try and gain access to your crypto wallets. Quote Mills Dean <seanlittle@sky.com> Attachments14:28 (19 minutes ago) to J1mb0 Good day RATATATATATAT!. See the attached BTC-e vouchers. You have to use them within 6 hours. Access key is 8x5VXl You need to paste it to access the document. Thanks Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: pseudozach on May 02, 2017, 02:27:43 PM I am guessing the email below has a malign document attached! I advise anyone getting these emails NOT TO OPEN the attachments. I have got the same of email but with different sender, i just deleted it because i am sure it is just, I imagine the sender/offender would try and gain access to your crypto wallets. Quote Mills Dean <seanlittle@sky.com> Attachments14:28 (19 minutes ago) to J1mb0 Good day RATATATATATAT!. See the attached BTC-e vouchers. You have to use them within 6 hours. Access key is 8x5VXl You need to paste it to access the document. Thanks so i gives my witness on this thread. So for the other people becareful with this email. For the detail here. Hi blabla.. See the attached BTC-e vouchers. You have to activate it within 4 hours. The Passwd is eklLxxyz. You need to paste it to be able to view the document. Kindest regards Boone Rhonda Just received the same from tsioutsiosachilleas@arcor.de Hi <username>. Please review your BTC-e vouchers. You need to use it within 6 hours. The Pass is h9quRlC4mcz You have to type it to access the document. Kind regards ••• Beach Marah Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: dE7ERV on May 02, 2017, 02:35:14 PM Received and discarded. Nobody is going ask you to deliver something within 6 hours.
Scammers are getting greedier by the minute :) Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: Petopas on May 02, 2017, 02:38:47 PM in case anybody is interested in details:
Delivered-To: OBFUSCATED@gmail.com Received: by 10.140.90.21 with SMTP id w21csp1848049qgd; Tue, 2 May 2017 06:29:34 -0700 (PDT) X-Received: by 10.99.140.93 with SMTP id q29mr11087440pgn.237.1493731774573; Tue, 02 May 2017 06:29:34 -0700 (PDT) Return-Path: <SRS0=YDkd=4I=uowmail.edu.au=sr970@bounce.secureserver.net> Received: from p3plsmtp04-05-26.prod.phx3.secureserver.net (p3plsmtp04-05.prod.phx3.secureserver.net. [72.167.218.163]) by mx.google.com with ESMTP id 133si17142515pgb.73.2017.05.02.06.29.34 for <OBFUSCATED@gmail.com>; Tue, 02 May 2017 06:29:34 -0700 (PDT) Received-SPF: pass (google.com: domain of srs0=ydkd=4i=uowmail.edu.au=sr970@bounce.secureserver.net designates 72.167.218.163 as permitted sender) client-ip=72.167.218.163; Authentication-Results: mx.google.com; dkim=pass header.i=@uowmailedu.onmicrosoft.com; spf=pass (google.com: domain of srs0=ydkd=4i=uowmail.edu.au=sr970@bounce.secureserver.net designates 72.167.218.163 as permitted sender) smtp.mailfrom=SRS0=YDkd=4I=uowmail.edu.au=sr970@bounce.secureserver.net Received: (qmail 95453 invoked from network); 2 May 2017 13:29:33 -0000 Delivered-To: 201312040538_[Suspicious link removed] Received: (qmail 95451 invoked by uid 30297); 2 May 2017 13:29:33 -0000 Received: from unknown (HELO p3plibsmtp02-08.prod.phx3.secureserver.net) ([68.178.213.8]) (envelope-sender <sr970@uowmail.edu.au>) by p3plsmtp04-05-26.prod.phx3.secureserver.net (qmail-1.03) with SMTP for <201312040538_[Suspicious link removed]>; 2 May 2017 13:29:33 -0000 Received: from NAM02-BL2-obe.outbound.protection.outlook.com ([104.47.38.233]) by p3plibsmtp02-08.prod.phx3.secureserver.net with bizsmtp id FRVY1v02551pDqY01RVYzk; Tue, 02 May 2017 06:29:33 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uowmailedu.onmicrosoft.com; s=selector1-uowmail-edu-au; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KD3TiZYlFC8m1bBMbuZJcxpKDfn0V3yO/tCjw82L1nM=; b=eW6ljwuEcwb+nKQxRK3BZSLLrE0U9Non1OJveJcwUvpw33JXGCaSmn1i6HKQncqfrL3SMMJXlVirXWOtpKs7pVuPMU7V7Q1cimew0ggHbhMs4LJB6FD0dPGVxOggChRJbeZLTXNjjJkAYqBJpat0eiNC48BHBSyMGyNl7DZ/gAQ= Authentication-Results: OBFUSCATED.net; dkim=none (message not signed) header.d=none;OBFUSCATED.net; dmarc=none action=none header.from=uowmail.edu.au; Received: from Admin-PC (122.174.168.18) by BN6PR03MB2532.namprd03.prod.outlook.com (10.168.223.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12; Tue, 2 May 2017 13:29:29 +0000 From: Tyler Brianna <sr970@uowmail.edu.au> To: 201312040538_[Suspicious link removed] Subject: BTC-e vouchers for OBFUSCATED Date: Tue, 2 May 2017 18:59:25 +0530 MIME-Version: 1.0 X-mailer: Courier 8625874107441.84 Content-type: Multipart/mixed; boundary="------------328706827163318355060214" Content-Description: Multipart message X-Originating-IP: [122.174.168.18] X-ClientProxiedBy: BM1PR01CA0010.INDPRD01.PROD.OUTLOOK.COM (10.163.198.145) To BN6PR03MB2532.namprd03.prod.outlook.com (10.168.223.150) Return-Path: sr970@uowmail.edu.au Message-ID: <BN6PR03MB25328AF7050873B1BB4A8F84C1170@BN6PR03MB2532.namprd03.prod.outlook.com> X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6a5abda9-9ec8-4801-d2df-08d4915f436c X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201703131423075)(201703031133081);SRVR:BN6PR03MB2532; X-Microsoft-Exchange-Diagnostics: 1;BN6PR03MB2532;3:4xxJgZHu6tWnRf9VqabzWlBBKnYPBhdlmuNNjQHLLk8n6Hdg0AvU480emJE+TqRXHur4j0ovCFZ/VS5jd8B37tFfd/3hTAM+vs1wzTCMjego+OFtPYD8DkEFeXghZ+pThWJyfTTQbsr6/rsQJpmPNphzyIe968WoctdBpi8wo00fX4OtQN6iAgrMmCDFpF+Wdh5FM1y1Hiqot6ZGguz9meMVMfFIM0kNcfKxMRgTZUh2F1fsf58HabgD2ENG6QrIVJsG3AifNfYSfoqZvQo7tydOwh4OZ5qUZncUHKOqKSCMD/OkZ0C0AOc5wP3jj+ynAgm5EIb9FM70x2ZnmAhfAg==;25:2K6/WKEsUPkRvS2W6wx88mriWniocYhG53fjVK276eP22HfScS4cg3RA1aiRdaLzpQUJTTwtVj60ObHEXEVsKdR7MiEDMzTUGhQM+JmotgdytEJt25c4lmiETrFaF+rOp/p7674F34o4RpCpEOD5CgGOWZ2dM5d/kGRqsnGgrrt9QYLwv2oneB2EAWfWa/an6fwYc7uC8GIp/RKMQYhsMLITlgw91MJxd5YQodK8aZmUQezj9l7iNrBpX0IOhGqHebqiKMGQkZZf/hs90Olq1hez9YwTaN7YlCnjuVJxzThwsrFPt1magw38LyRoQmlZZviUkNpbAxO5qf7DJSNAfGhtH5j0SraE3UlYYtkVonAKFBqOr//GSXS4M1Cm8Q1oAixMi0U/jY78J6mP19aIc4WV35vWZOvbP8mp2g2vT8/I4P/KtS/tmGOu8/xmw1P3u3LmqukmzWLemPPUnmoaD+hEkJhzS2QXZpjc9LNHH+ocu8K+tRBu2rT7qXTtOVr2wBrZlhJIszYfVEIKlJL35G+4uE9X93DyiJuZldI1RM4= X-Microsoft-Exchange-Diagnostics: 1;BN6PR03MB2532;31:X7oOUCkUxbPr7uPfSyqu24CCFu4RPcq6Bom5aaY/LvXeKh5CUpHognUZ6slDVMYbz0dPmT9T1IfS1WIGsyArPPdmw3Uei0QP3VWZrUxkLWt+kcUvoOfi8p3zz2RJWa+TOZNWn0tZgz0/FwCLXWk153O4ZsEm/Gus7bZIqW+EB8NsYo9Db1JhsaEPSiKGMXoZ9GW+JA8/qgiFOAF3Gkaf66NMHhel7q7fQ0PFQ95lue1ZUQ/WXc2w0SyUjA/tmWo2A+E8y3ZCRpOTLbjxHAgwAym2qjX1IIdW1Ioe2lQX89sq2PnL6X1ksNXQzve8HqCEk39hUEH6R7MnYJVa/KFwhQ==;20:sXFULROZUa+6EgRTo3o2HosPUPqgunIPgFYqmmHN2fSi9kwD/mIQttZn+9wBnDII9q3dpquED0Pzz/nOqjs0snCSMsEE9lGlQv/mEdrXR8KotvDDSDQFJzUtPrdFrZNil25sQqPshCWQVU9Z/RP3uMa05+vS66umdGZFC3mJ57g= X-Microsoft-Antispam-PRVS: <BN6PR03MB253290844AB71C77ECB0454DC1170@BN6PR03MB2532.namprd03.prod.outlook.com> X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(102415395)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(6041248)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(6072148);SRVR:BN6PR03MB2532;BCL:0;PCL:0;RULEID:;SRVR:BN6PR03MB2532; X-Microsoft-Exchange-Diagnostics: 1;BN6PR03MB2532;4:y+mRh20sUOqQnJMmYmYZS9Gi659cqSR3oCscGR/xHLI9viiNIt1Xp/Zu6+sLOjBxmbNBK3lggE8WO0SzKOUmLSyIsKe788Xn44X5c8ScO2MWiDa0TgvUAOByxGyH02Zk7Adach9nTvH05HYdXzIzekpDazkJLS94O9Ugpe0RZ+1SrDSQI+yn7HghvY3q4AGvW4UlEMKsKfiHgpEWuzqJm2FE0gBzlbLmoW2/KcrOeFcricyFAX7DM4xrk5dmoKj9L4ttSQ/eZYyAjmIMJP25p/RCXj0IUKC0OP/lp133eoSP7mjkaUxcisTn/lMgjwMIOdGvINmUP/wI0VI8NZzsnJMOGXlmx6fuEAj+LvYxSo9UzRBwXlTwABOQLh2hk5JUXDTXlCLBn5HG9dGAmnTlvNx/A5dlpZoezMHzs2YlICeL8ISx1DuEGDw1swmgbtRi2ERcuzx7BWEKyRRuZsVpabytOdP3so5MdwD3RUHXj9oFyJ0fnHQZ73gURXPhR6NcmMizCLkHFxLjoxMS1g1z5KOHMfKdEWawaSM3klUjvSC861rMHiCzvZWbaFh9YJO+7AdgevbWJkAAnKpXMg5H1aPlITHcfMwTJdbUO+pPZRztIRCQG77HCYUq98IRhOEfswPtardA9anIJ1l3Ul1li37r982uDMRFWxrVCNMoi7bi7158uV1PM2W1YoOiMV+qufm72Xg83nrvuCoVhti+V7pQAbMgf6td5YRD3AiAiBVBVsTR+08r5j8BUN+hIoNDXfNSdLOqsQFRQKcLM0QG+6EUbAIJVo2Q1CU2hSB5GAAk4/A/ycudInsf8hukysZ1z09Be6hZ3WxzG/bQLqI5bA== X-Forefront-PRVS: 02951C14DC X-Forefront-Antispam-Report: SFV:SPM;SFS:(10009020)(4630300001)(6009001)(39840400002)(39850400002)(39400400002)(39410400002)(39450400003)(86362001)(88552002)(478600001)(53556002)(6496005)(6486002)(38730400002)(6116002)(3846002)(110136004)(5890100001)(6666003)(5660300001)(42882006)(21490400002)(25786009)(5000100001)(305945005)(6916009)(72586001)(50986999)(9686003)(74316002)(33656002)(7736002)(2906002)(568964002)(4610100001)(50226002)(3480700004)(8676002)(2351001)(564344004)(74482002)(189998001)(81166006)(53936002)(42186005)(66066001)(2361001)(16520700004);DIR:OUT;SFP:1501;SCL:5;SRVR:BN6PR03MB2532;H:Admin-PC;FPR:;SPF:None;MLV:nov;PTR:InfoNoRecords;LANG:en; X-Microsoft-Exchange-Diagnostics: 1;BN6PR03MB2532;23:jwuosKYo2fb8ktldWuFSZgMYrQj3UhdafHOKURtyC97kgKWoXwrw/9vZsGkxGnWVnL8k8CUtAMHIbOPNJ9BD0kaL/YcqCUu700XmxXzb9xFzdJt+DCUZJVBg6c708gaGoRYoNJIK7agTuXFtYJub8057zMV6niT4dQ0q+NDrhUwN/Dyg88nIy+GszEmwwARFclGUzLzK5k1Td3efoGlLRlWIOAcEiLIvZ5Tk9T3ibX8nKqkpbq6gENDhczxRU04aB3ByfGvHeOnRp7RxIL9K2pUrOLN+s1YYyELNpj4SeIIYFMp/c+L5mkb4FWRRMsBoZhduL+ffjjmuBPINzf5dLTYGsrhma6QqH1OpK88+pt9CTrX43m1t/a/BygmwRxpdZ2+dCm/K5ZAih2sJD5JYZpcUQwHXv1dUSwt3kGshvmcfEaZ4OEfKNMQqPSEWUrRo00MEpDryabGg0GwG0wajvH2r9DHI2MkB8eLJo51jFz/JnuODGNtO08/5epZBbRwVmf6sqgwcm9W1C3l+fMcSz1hDy5w6TVn43I4DVVSN/F+XAdJpf46kPXF6NTwJaHHB5Fcsj95q+mX7kp40L2qB/y3LDNiNAv7hllQmmPko78dHHGZM/zZFphkwKhomtdbEXDdCIxVHA2FcPWDzfSP+eMbwEPq/M8V6ke9ai2Dfoqn2+G5NTTvwi+kOblHVV9UaPqEJ2KgHO86PCguj2FVfWv6fk5HZHE5f4EqTNoSjqSIyuK5qSm3VPDJicukFx7TWHQWf2Wi+KuToh5b3l3OeZJ8YS2Hlb1hSyudHY4IKN4M+C9Z0hVgXE5CQUt7aBPGoDNTIhwn2VCLv1escIJUPti/ZDNNGmZj4pigWoMvD8uxta8+23Yb5iJLS72WBeXbCuP7VjfTrovmgusJPBIejFd8of4Q/O2TU5S6xS1YOo7qlYY1HtMtun/xjiu17V5f/jsNF2XbjjIciL9yodMzhpNSQYG6+uzFOV9SEEcqokSABI8drF2Tub62qH/NHgVb6f6LjdE3aJTYMbTsdawxbEOk0ujeJV6/uqEjl72rPyfiR3F9dNaxGUEYbuvGGCajh2UKwb0Ek+x+7mP/O29DY68waEFSUEVWOHWnKzrOC4wBMf9Bw6ZpYsHKzDuCdbIbY8L0KI/4P5yE8uWuaM2Y40vo1eCeHXIJWEWoryNYQisX254HcSn8TkH62q2tXlOtPPvL08G//ElbG7EEaqoHy8fYp1TTAwJvgOISl+TGCUR4= X-Microsoft-Exchange-Diagnostics: 1;BN6PR03MB2532;6:93KY0erRemtbvYLK/681H3eW8sEI9xzStwdBCv5a0DYX+gr0be7nFDwSEZopElli3mMAhd8IYy9EEGxhzDwaWq6+QJa+ETU8YwZx4N6WFdnsRvB2nbNwiPw9XeoViC7QDkWlE70RJcH4gfJNSByrl4ZD9HS49DhpwR+jq8670e7s4hFL2tTvfRSDit/F16oMTcq0sFZrRs391VgFYsND5+sK94n/GSMHsYg0dAwcj5Oy3ntgkEoutycid97SNMWfDjubMQO1zvsTqmU3F2BO1gFthFIYT/hmUqoPR73FKHv16yoPTg2Uzgmf0IQeehq4D9mz5Aw+TUGwX40TmEwgEm5h65kKkZTcQHbbVE0qkYnSd45VvbTtQxJT6IC0fW9rd6T6/+QtAG7wDxY7n4+gjn85suL4UkhK027qHN9h3L1vuCtqMtV0HLiL3ksxomOINszKlGzhMn74daZFzqR/yW7aLQUwEK0VIp6VIRp+syRGV6XF9rfXPzrpnOzSfhH+dNHIsjpRd/ikNw3pklVspA==;5:LQXBUD2wtge8wEPi9T38cGk7UnCXFggUw6HbR5+mAr7W8Fg3xFSnX1wCAVCXwnIKncgcIPsJpKg9iqbc24q82YJQmncBAOLVIizqi0kCfiGMyLSq0Q0OoQYSHjUOJagGuycyt9XfFFN46kgdGb7LiVwKcHS8QkOYBcOVY8j6+Oc=;24:m6qxW7xgRbZVMU4CWs9MH1/WNrH3QBOnO6cX8Fti62Gfr8EWNTHj05OHf6DkwT5gOYUf8uXDV2ksmWLTKqdhpw== SpamDiagnosticOutput: 1:22 X-Microsoft-Exchange-Diagnostics: 1;BN6PR03MB2532;7:nBGs4yPEQHsubmD+IK6SSVu8ma+UUHHXq1/9kqzVwsHOjt/xssjebMQ5Pcqlx9/XMZdrkYMFPA/zoDr1+rf12aE4TpK0GWdnsnqSQpqVAk0FQjrmssxiLJ8fPVoiRCGe55EwNGXHSiDxdp+T1lC3gUUAVT2wfChD/AAidbaJsaVbDg05E4cUlgxWp5GFI2lQrtlviS9YZT90x6hYBrP3OrWLM3xuCpt6nLzGLw0i90RxkTUVIsku4+kU14Gtm6m/TTa2AwzS23lXq5PnmKmqA+YWFpaO82CJNndEzJ++hOtfCaZj/vi/yRXQu2nAP4OrfEYSCenNg2ZfJibtOVouDg== X-OriginatorOrg: uowmail.edu.au X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 May 2017 13:29:29.8643 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2532 --------------328706827163318355060214 Content-type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-Disposition: inline Content-Description: Message text Good day OBFUSCATED. Please find attached the BTC-e vouchers. Please use it within 8 hours. The Pass key is dxEoDk You need to paste it to access the document. Thanks Tyler Brianna --------------328706827163318355060214 Content-type: application/octet-stream; name="OBFUSCATED.docx" Content-Transfer-Encoding: Base64 Content-Disposition: attachment; FileName="OBFUSCATED.docx" Content-Description: Attached file: OBFUSCATED.docx --------------328706827163318355060214-- Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: Insanerman on May 02, 2017, 02:45:10 PM Thanks for the alarm. This is alarming as there are many phishing emails running around. My advice, Do not open any email whom you did not recognized the sender.Check always the URL, and do not share any sensitive information.
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: kolloh on May 02, 2017, 03:11:23 PM I got one of these as well. I'm guessing this is due to some database compromise that leaked username/emails?
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: ranochigo on May 02, 2017, 03:13:02 PM I got this too. Kinda weird, the name I was addressed with was my account name. Probably the data leak that happened last time.
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: free-bit.co.in on May 02, 2017, 03:16:07 PM LoL got the same email,too.Deleted in seconds! Anyone know what's inside? I'm mean what does the script do in the docx file?
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: Violet58 on May 02, 2017, 03:55:35 PM Got the same e-mail and flagged it as phishing. I didn't open the attachment, so I shouldn't face any problem, should I?
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: iigor on May 02, 2017, 04:59:43 PM I didnt open the file with password they gave.
Just downloaded it to my pc and tried to open but its saying its corrupted, "wordpad cant open this file". How can they phish us if we dont give them username and password? Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: CoinHoarder on May 02, 2017, 05:06:25 PM I also got this email and figured it to be a phishing attempt. A search on Google brought me to this thread, lol. I will delete it. No one ever sends me free money, so i knew something was up, lol.
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: free-bit.co.in on May 02, 2017, 05:10:02 PM I didnt open the file with password they gave. Just downloaded it to my pc and tried to open but its saying its corrupted, "wordpad cant open this file". How can they phish us if we dont give them username and password? It's a microsoft office word file..in the sent docx file is probably a script written code, it does something.I don't know what it does because I deleted the email immediately maybe someone can check what it is in a safe system (Virtual windows with sandbox). Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: J1mb0 on May 02, 2017, 05:13:48 PM I didnt open the file with password they gave. Just downloaded it to my pc and tried to open but its saying its corrupted, "wordpad cant open this file". How can they phish us if we dont give them username and password? Just opening the attachment, and running the VB could well give the phisher enough control to send coins to himself when you open a wallet or a light client. Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: B-MoneyXcan on May 02, 2017, 05:50:52 PM Just received the same.
My username in the email... its similar to google doc i have for certain a database leak Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: goozman96 on May 02, 2017, 05:53:17 PM I got this too. See: Hacked in 2014 (https://www.databreaches.net/bitcoin-exchange-btc-e-and-bitcointalk-forum-breaches/)
PS Why is this posted under Altcoin Discussion? Shouldn't it be under Currency Exchange? Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: sana54210 on May 02, 2017, 06:06:52 PM Oh wow I feel so left out about this :D I didn’t get any mails and apparently many people did, why didn’t they sent one to me too :D
All kidding aside, I always thought if these worked, the “write your address here, send us the transaction fee and we will double your money” type of scams and this phishing ones look so weird to me, do they even ever work ? Who falls for these ? I don’t think even 1 person falls for this but if they do, pray for their soul man. Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: makngeerwork on May 02, 2017, 06:11:43 PM same, just checked email.... what are we noobs?
Hi makngeerwork. See attached your BTC-e vouchers. You need to activate them within 8 hours. The Access key is w8pKFy9KTM. You need to paste it to be able to view the document. Thanks William Anthony Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: CoinHoarder on May 02, 2017, 06:21:17 PM I don’t think even 1 person falls for this but if they do, pray for their soul man. I guess there are a few people stupid enough to make this worth their time, otherwise they wouldn't do it. It is simply a numbers game. Send the email to a million+ BTC-e users and you are bound to find someone stupid enough. Older people that are computer illiterate may be more likely to open the file. Which reminds me... I need to inform my mom about this. She has some funds on BTC-e. I've tried for years to get her to move her BTC and LTC to cold wallets, but she doesn't seem too worried... I think older people have too much trust in the goodness of people's intentions. Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: Deadly7 on May 02, 2017, 06:42:29 PM I also received the same phishing email, even though I haven't posted here in years.
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: iigor on May 02, 2017, 07:28:03 PM I scanned my pc with mb and mb anti-rootkit, in and out of safe mode and nothing has been found.
Here, content of the file: https://i.imgur.com/l8Og4Qp.jpg Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: free-bit.co.in on May 02, 2017, 07:33:40 PM I scanned my pc with mb and mb anti-rootkit, in and out of safe mode and nothing has been found. Here, content of the file: https://i.imgur.com/l8Og4Qp.jpg You scanned them with the file still being encrypted? Then of course nothing can be detected as a virus or harmful script. DON'T DECRYPT THE FILE ! Unless you have a save environment to do it (Virtual machine and sandbox!). Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: iigor on May 02, 2017, 07:52:29 PM So if i dont decrypt the file and just delete it, im safe?
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: singula on May 02, 2017, 08:04:15 PM I looked at the file ... it is an encrypted .doc
I have not tried opening it, but this approach is not typical for phishing, but for malware infections. Some macro in the .doc would run (sometimes user is tricked to enable macros, sometimes an exploit is used to run macros without further user's intervention) and then the computer would get infected by some malware. Could be some ransomware, botnet, scareware, password stealer, banker, adware, but surely it will be something evil. I am not going to examine it further to find which one it is. Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: kolloh on May 02, 2017, 08:33:50 PM So if i dont decrypt the file and just delete it, im safe? Yeah, you should be. The file shouldn't be able to execute in its encrypted state afaik and I'm guessing the attacker encrypts it to avoid virus signature detection. Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: iigor on May 02, 2017, 09:28:21 PM Then that password that they sent us is the key to run whats inside the file?
Title: Re: Warning! BTC-e Voucher Email phishing alert! Post by: kolloh on May 03, 2017, 05:17:01 AM Then that password that they sent us is the key to run whats inside the file? Yeah, it unencrypts the docx file which would allow it to run whatever malicious code is inside. Don't enter the password in or mess with the file. Just delete it is the safest course of action. |
