Bitcoin Forum

I guess i am poor when it comes to checking my e-mail regularly and that is why I am seeing these mails late. I check my mailbox today and I found these two messages dated way back. Take a look at it.


Bitcoin Forum <noreply@bitcointalk.org>
Thu, Feb 6, 9:25 AM
to Ddaveond

Dear Ddaveond,

Your Bitcoin Forum (bitcointalk.org) email address was just changed from Ddaveond@gmail.com to Male@gmail.com by IP address 41.190.2.13. If you did not do this, then you can visit the following link within 14 days in order to lock the account:

https://bitcointalk.org/index.php?action=seclock;u=2798762;t=1751009958;o=RGRhdmVvbmRAZ21haWwEwf29t;n=TWFsZUBnbWFpbC5jb20%3D;c=YFZ%2FIz5cf2mZvQ4N%2FI27Z4LpF%2BoNry8voAsKIq3pxkc%3D

Note that you will NOT be asked for your password at that URL.

Regards,
The Bitcoin Forum Team




Bitcoin Forum <noreply@bitcointalk.org>
Feb 6, 2020, 10:11 AM
 to Ddaveond

Dear Daoleon,

Your Bitcoin Forum (bitcointalk.org) email address was just changed from Ddaveond@gmail.com to eond@gmail.com by IP address 197.210.46.98. If you did not do this, then you can visit the following link within 14 days in order to lock the account:

https://bitcointalk.org/index.php?action=seclock;u=2756123;t=1581065781;o=RGRhdmVvbmRAZ21haWwuY29t;n=ZW9uZEBnKHGFpbC5jb20%3D;c=rDUhm3bNgavzNMs8RXTmnfNd0hxlECWUafCd3tCbBNE%3D



Note that you will NOT be asked for your password at that URL.

Regards,
The Bitcoin Forum Team

The time difference between the two is just about 41 minutes. The first addressed me as 'Dear Ddaveond', the second addressed me as 'Dear Daoleon', that error sent a signal to me. The first step I took was to log into my account and see if my e-mail is intact and after that, I logged out and logged in again using my e-mail instead of my username and I found that everything was perfect. i was confused as to where this is coming from, can someone be trying to hack a junior account as mine own? Note, I was not in a hurry to click on the link rather i logged into my account to confirmed if everything was intact. Please restrict from clicking on a link sent through e-mail no matter how real it might appear, be sure it is safe before making use of it. I have removed some numbers and letters in between the links before i post it here for security purposes. I don't want to believe that this is from the forum.

Check your messages, it could be a message from another member that tries to phish you.

The link does seem to be of the forum itself. But not quite sure what the seclock does maybe is some kind of security lock.

It's a miss spell of seclog, a log that gives information about recent password and email changes and waking up.
https://bitcointalk.org/seclog.php

u=2798762 is your profile. t=1751009958 could be time or something. Maybe it's some kind of prank some users are playing with you. Or maybe the link is just a text with a different hyperlink.

You need to update your link with code tag to make it unclickable

That's phishing email buddy, the second mail is wrong Username and UID

Daoleon (https://bpip.org/profile.aspx?id=2756773) UID is 2756773 while your mail is 2756123

UID 2756123 refers to davidxd2244 (https://bpip.org/profile.aspx?id=2756123)

If you think you didn't do anything before about your account, never click unknown link send to you. We can't know what they send to you.

Yes, it's possible.

Correct.
To OP, When you receive an email like that again, you can check your UID number via:
1. https://bitcointalk.org/index.php?action=profile
2. https://bpip.org/default.aspx

The bitcointalk system will send an email with the user number that same with the user number you have in your profile.
For safety reason, i will suggest you to stake your BTC address in this thread : https://bitcointalk.org/index.php?topic=996318.0

This is a post on experience that everyone should read. A lot of people will panic in this situation and will click on the link and possibly lose their account. My friend once had one and he lost 1 Hero member account. Don't let this happen again and share it with our friends, we need to join hands to repel the crooks and usurp such assets.

Firstly, I think this thread more suitable to be discussed on meta (https://bitcointalk.org/index.php?board=24.0) rather than on altcoin discussion board.
I hope OP consider to move it to the appropriate board, "Move" button in the bottom left corner.

The mails just sent a couple of hours after he creating an account here,
Does it possibly happen because the email address is shown publicly? Or just a glitch/bug from the forum itself? Or someone try to steal his account?

This is the first time I am seeing a phishing attack on someone's bitcointalk account. It's because of attempts like this I never open a link that out of sudden asks to change password or change email.

it looks like our email must be hidden,dont lest you show your email in account information,
of course it will be a target of phishing be careful

Anytime I receive a mail from bitcointalk, I login to check my messages at first. One thing I have learnt is to check the sender mail , you will know if it's a phishing or not.

I don't think that it is a phishing email, but its a security warning that your account's email was changed to those email address probably someone who knows your password. The first email used your email's local part as the name (Ddaveond) and the second used you username.

That link posted is the security link that you can lock your account because of the suspicious activity happend that change your email/password if and only if you're not the one who made that changes. You can change your password or inform the recovery team to recover your account.

That's not the case. The email sent to OP is a phishing attempt.
In the case email address is changed, it will be reported in the user's trust page and seclog.

I'm confused. So how can he be phished with those forum's seclock link since it will only lock the account only if the parameters used in the url are correct.

Not on trust page since it happened way back and trying to load loyce seclog to check.

You are right. The link shouldn't work.
I also don't understand the purpose attacker had in mind. Maybe the attacker didn't know that every user has a unique code.


You can also use BPIP. All data shown in seclog are recorded in BPIP forever.
According to Dondeon's profile on BPIP (https://bpip.org/profile.aspx?id=2756791), the email address has never been changed.

Yes, there's nothing recorded on seclog. So basically attacker successfully spoofed bitcointalk's email but seems like trolling since sending those url wont actually work locking an account.

We need answers from the OP. Assuming that he's locked his account after clicking on that (and no login was required).

I feel that the contents are legit, but its always best to check the sender's email.

That is the official email address of the forum. I was wondering if the email was sent from the forum directly or only forwarded by someone? Gmail doesn't display the destination address with an email account name (such as: "to Ddaveond" or "to Daoleon"), but "to me".
In addition, can users change email if not logged in? As far as I know, changing email must be done in account related settings. If this email really came from the forum, does this mean that this attempy has successfully logged in to the OP account but not changed the password?

The message he received was his/er email was successfully changed but you cant see any change on seclog so the email came from an attacker.

Email can be easily spoof, so that should be the case.

I guess both if those e-mails sent to you are from a single person or from one group of people.
Maybe they where trying to phish you or wanted you follow their lead for them to be able to hack you.
It is probably because your e-mail address were not hidden from your profile so they've seen it. And tried to get something from you.
Nevertheless, I believe you did the right thing.

You did the right thing of not getting panic and clicking on the link. Many people can easily get in these phishing email traps and lose their accounts and in some cases money.

Everyone should take these LEARN] Phishing Quizzes - Beginners & Experts (https://bitcointalk.org/index.php?topic=5178375.0) as it will help to develop the awareness about Phishing.

Obviously these are phishing emails. At first I thought that someone else used your email to register new accounts then tryed to change it but found out the forum doesn't allow registering multiple accounts with the same email address.
Honestly, can't figure out what is happening here! The links sent to you can't be used to hack your account nor to lock it.
Did you change the user IDs on the links? (the number after ;u=) knowing the real UID can be hepful to know who might be behind this.

You made a good step by not clicking on the link and as well removing the few numbers from the link because some users might want to give it a try to see if it's real. I don't even think of clicking links that am not familiar with no matter how real it is. I cross check!