Title: Phishing Attempts to be aware of Post by: williamj2543 on August 20, 2014, 04:34:53 AM MOVED THREAD, could someone please sticky this for newbies and anyone else to be aware of?
Please post any phishing scams that you have seen related to bitcoin. I first started this thread to notify people of a blockchain.info phishing attempt, and the original post is below, and after other people started posting other phishing emails I decided to move it to beginners and help to help others to not fall victim to these scams. Always be careful, general tips are to check the original email sender, and whenever you click a link, check the URL at the top. Usually people say to check if there is a green lock, but I hate this rule. Anyone can buy a green lock for about 2$, so you have to click on the green look and make sure it is the website you are looking for. ORIGINAL POST: Today I received an email from "blockchain" saying my wallet will be locked, and I need to verify my account to unlock it. The email looks very similar to an email from blockchain.info, but I had NEVER got an email from blockchain like this so I instantly knew it wasn't from blockchain. I checked who its from, and the email was sent from: contact@blackchain.fo I think theres a bot crawling these forums for email addresses. This is what the email looks like: https://i.imgur.com/A1r7pUH.png If you click on the link, you are directed to a website that looks exactly like the blockchain.info wallet sign in page, but the URL is a lot different, and is easily noticeable. The URL was: http://www.blockchain.0800co.co.uk/en/wallet/login/62608fc635ceb5435bc2f7d51445ec89c8ba72da9a64bce2b398170e907a841200a28aee6c5e25d388a01a4c04c91f31/login.php?page=Login?token=7777772e626c6f636b636861696e2e30383030636f2e636f2e756bb9ef8a71b399cfafd89524da6fb5524f Don't click on it please, and be VERY careful with emails from blockchain.info. I would reccomend adding contact@blackchain.fo to a blacklist or a spam list if your email provider has something like that. Title: Re: Phishing Attempts to be aware of Post by: Sindelar1938 on August 20, 2014, 05:18:54 AM Thanks for posting
A needed reminder that a single moment of inattention can cost us all dear! Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 20, 2014, 06:14:33 AM Thanks for posting No problem. I'll post again if I get another phishing attempt on my email. I also had one from cavirtex.com, but that was a long time ago.A needed reminder that a single moment of inattention can cost us all dear! Title: Re: Phishing Attempts to be aware of Post by: Perseus353 on August 20, 2014, 10:42:52 AM In the past week I've gotten identical "Invoice Payment Confirmation" emails from "Cloudhashing" and "Cointerra".
No text in the email -- just an attachment with a file called "invoice_772.jar" Seems a phishing attempt too. Title: Re: Phishing Attempts to be aware of Post by: ProtoAES256 on August 20, 2014, 12:43:30 PM Same here, just received.
http://www.blockchain.0800co.co.uk/ ima gonna report dat site. Title: Re: Phishing Attempts to be aware of Post by: fdiini on August 20, 2014, 12:45:23 PM Wouldn't it be easy for someone to figure out who owned that url and charge him with conspiracy to hacking and stealing?
Title: Re: Phishing Attempts to be aware of Post by: The Haxxor on August 20, 2014, 12:45:40 PM thanks for the information mate. :)
Title: Re: Phishing Attempts to be aware of Post by: Sunderland on August 20, 2014, 03:17:52 PM yes i received mail from blockchain.IMFO
not .INFO damn almost got scam because of that ...info / imfo Title: Re: Phishing Attempts to be aware of Post by: Coinhunter32 on August 20, 2014, 04:08:13 PM Anyone into their senses and not drunk can notice the .co.uk
We can't even click on Home button :D Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 20, 2014, 04:42:47 PM Someone get the registrar and report this. This should be stopped, many people will lose btc.
Title: Re: Phishing Attempts to be aware of Post by: marcotheminer on August 20, 2014, 05:12:48 PM ALSO we very wary of blockchain.imfo... They started not long ago too...
Title: Re: Phishing Attempts to be aware of Post by: ikank268 on August 20, 2014, 05:45:09 PM Really ? blockchain.info is scam ? or blockchain.imfo ??
I need to careful about it . Title: Re: Phishing Attempts to be aware of Post by: CrackedLogic on August 20, 2014, 05:50:55 PM I also got this, I posted a thread about it in the trading discussion board.
Title: Re: Phishing Attempts to be aware of Post by: pikabit on August 20, 2014, 06:12:01 PM I always double triple quadruple check. Paranoia crew.
Title: Re: Phishing Attempts to be aware of Post by: BTCevo on August 20, 2014, 06:14:49 PM Easy way to prevent phishing attacks like this is to hide your email address on your bitcointalk.org profile guy's
Title: Re: Phishing Attempts to be aware of Post by: aerobatic on August 20, 2014, 08:47:41 PM In the past week I've gotten identical "Invoice Payment Confirmation" emails from "Cloudhashing" and "Cointerra". No text in the email -- just an attachment with a file called "invoice_772.jar" Seems a phishing attempt too. I too received fake invoice .JAR files from those two companies, but im a customer of both of those companies. Are you ALSO a customer of those companies as well? Or are they just random 'bitcoin related' companies being used to spoof the emails to try and get you to click the .jar files. its annoying that my antivirus didnt pickup a threat in the .JAR file when there clearly is. No doubt its something to assist in extracting bitcoins or private keys or something. Title: Re: Phishing Attempts to be aware of Post by: evanito on August 20, 2014, 08:55:20 PM These people are cold as ice to scam in the name of such a backbone bitcoin website.
Title: Re: Phishing Attempts to be aware of Post by: snappa4ever on August 20, 2014, 11:16:08 PM This is really much too common. You should always use common sense when clicking on links, regardless if you are involved in bitcoin or not.
Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 21, 2014, 05:52:53 AM Also guys a tip for the future, always be careful of the capital I in emails and links, it looks the exact same as a lowercase L and is almost impossible to spot if you don't check it.
Title: Re: Phishing Attempts to be aware of Post by: ProtoAES256 on August 21, 2014, 08:31:12 AM Someone get the registrar and report this. This should be stopped, many people will lose btc. I've reported to the registrar(123-reg.co.uk) but they refer me to the actual host, that is webfusion.com. Now I'm still waiting for reply. Feel free to spam them at abuse@webfusion.com :PTitle: Re: Phishing Attempts to be aware of Post by: Tittiez on August 21, 2014, 05:21:59 PM (I'm posting about the invoice jars in this thread because it's the only thread on bitcointalk that mentions it)
It's not just cloudhashing.com, it seems as though somebody got into the mailing servers (or at least spoofed them, but it looks legit) of various large/largish bitcoin websites, i got one from btc-e. I got an email from both btc-e.com and cloudhashing.com with this invoice_772.jar Actually, cloudhashing.com was invoice_773.jar BTC-E: http://u.cubeupload.com/Period/20140821131856.png http://u.cubeupload.com/Period/20140821131911.png Cloudhashing: http://u.cubeupload.com/Period/20140821131946.png http://u.cubeupload.com/Period/20140821132002.png If somebody would like me to upload these jars somewhere so you can take a look at them, PM me and I'll send you a link. Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 21, 2014, 06:12:34 PM Guys do you want to make an official phishing topic, to notify others? I can move this (I don't know what is a good subcategory for this).
Title: Re: Phishing Attempts to be aware of Post by: xcapator on August 21, 2014, 11:04:27 PM Guys do you want to make an official phishing topic, to notify others? I can move this (I don't know what is a good subcategory for this). I think this thread should go to Beginners & Help section since there too many newbies unaware (or even dont know) about this stuff. Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 22, 2014, 04:35:27 AM Guys do you want to make an official phishing topic, to notify others? I can move this (I don't know what is a good subcategory for this). I think this thread should go to Beginners & Help section since there too many newbies unaware (or even dont know) about this stuff. Title: Re: Phishing Attempts to be aware of Post by: Dannie on August 22, 2014, 06:56:33 AM Really ? blockchain.info is scam ? or blockchain.imfo ?? I need to careful about it . blockchain.info is the legit one. You should bookmark the site, and never use a seemingly correct link you find in email to log in your account. Title: Re: Phishing Attempts to be aware of Post by: Dannie on August 22, 2014, 07:01:58 AM Please post any phishing scams that you have seen related to bitcoin. I first started this thread to notify people of a blockchain.info phishing attempt, and the original post is below, and after other people started posting other phishing emails I decided to move it to beginners and help to help others to not fall victim to these scams. Always be careful, general tips are to check the original email sender, and whenever you click a link, check the URL at the top. Usually people say to check if there is a green lock, but I hate this rule. Anyone can buy a green lock for about 2$, so you have to click on the green look and make sure it is the website you are looking for. That is a good idea. For those interested, you can also check https://blog.blockchain.com/security-alerts/ to find some more historical examples of phishing attempts. :) Title: Re: Phishing Attempts to be aware of Post by: catena5260 on August 22, 2014, 07:59:46 AM Wouldn't it be easy for someone to figure out who owned that url and charge him with conspiracy to hacking and stealing? Not that easy if the server is hosted abroad. It is hard make some countries cooperate with your justice. Plus I guess the url was registered using fake data Title: Re: Phishing Attempts to be aware of Post by: nobunaga on August 22, 2014, 08:03:39 PM hey guys, yesterday i clicked that jar file ( yes I am an Idiot). Good thing I have last line of defenses (2-Factor Authentication, encryption) on every coins related programs and websites. I deleted the file right away, but I am still worried something hidden program is still there on my pc. could you guys please help me how to scan and remove it? i ran anti-virus programs like malware bytes and AVG and they showed that file is "clean". I am confused now. please help.
Title: Re: Phishing Attempts to be aware of Post by: Milkcookie on August 22, 2014, 08:15:14 PM the best is that you run as well some registry cleaner to be sure !
Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 22, 2014, 11:18:18 PM Always keep an antivirus (I use avg) on a PC holding or transferring bitcoins. If you lose your bitcoins, your loss, whereas with a bank they usually refund any fraudulent transactions. ESPECIALLY if you are actually holding the bitcoin wallet on your harddrive, like bitcoin-qt. Never open any suspicious emails, and use common sense.
Title: Re: Phishing Attempts to be aware of Post by: ksoza on August 22, 2014, 11:28:19 PM got that too funny stuff
Title: Re: Phishing Attempts to be aware of Post by: PangPang on August 23, 2014, 04:40:00 PM hey guys, yesterday i clicked that jar file ( yes I am an Idiot). Good thing I have last line of defenses (2-Factor Authentication, encryption) on every coins related programs and websites. I deleted the file right away, but I am still worried something hidden program is still there on my pc. could you guys please help me how to scan and remove it? i ran anti-virus programs like malware bytes and AVG and they showed that file is "clean". I am confused now. please help. I am paranoid, and I suggest you to format the hard disk after backing up the important files. For anti-virus programs, they can't catch 100% of the malware. But still it is good to have a good anti-virus program as they can probably catch 90% of the malware. Title: Re: Phishing Attempts to be aware of Post by: oceans on August 24, 2014, 04:47:21 PM Thank you for posting this. We can all have those moments were we lose concentration for a few seconds and can accidentally click on something not realising but seeing posts like this is a stark reminder of just how bad things can be if we did and what do look out for.
Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 24, 2014, 08:13:50 PM Set a second password on your blockchain wallet. If a hacker gets your credentials they need this second password t actually get any money out.
Title: Re: Phishing Attempts to be aware of Post by: ofirbeigel on August 24, 2014, 09:50:14 PM I also got a Coindesk phishing attempt (http://99bitcoins.com/almost-got-scammed-alleged-coindesk/) and later on a CryptoCoinsNews phishing attempt (http://www.cryptocoinsnews.com/news/phishing-website-attempts-impersonate-cryptocoinsnews/2014/08/14).
Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 24, 2014, 10:42:02 PM I also got a Coindesk phishing attempt (http://99bitcoins.com/almost-got-scammed-alleged-coindesk/) and later on a CryptoCoinsNews phishing attempt (http://www.cryptocoinsnews.com/news/phishing-website-attempts-impersonate-cryptocoinsnews/2014/08/14). Thanks for the info. The more the better, we gave to spread the word of all these scams.Title: Re: Phishing Attempts to be aware of Post by: feryjhie on August 24, 2014, 10:56:38 PM i already got an email from blockchain after i open the link its look phising website
and i close that link :D Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on August 24, 2014, 11:17:25 PM i already got an email from blockchain after i open the link its look phising website You should be fine. I don't think its possible for a website to directly infect you without downloading anything. Even if it looks like a phishing website I still open it so that I know how it looks. and i close that link :D Title: Re: Phishing Attempts to be aware of Post by: feryjhie on August 24, 2014, 11:27:10 PM i already got an email from blockchain after i open the link its look phising website You should be fine. I don't think its possible for a website to directly infect you without downloading anything. Even if it looks like a phishing website I still open it so that I know how it looks. and i close that link :D yeah i still open for 5 minutes to see how it looks :D and the i close that link and delete the email from my email :D Title: Re: Phishing Attempts to be aware of Post by: Nawaytes on August 25, 2014, 02:04:46 AM i already got an email from blockchain after i open the link its look phising website You should be fine. I don't think its possible for a website to directly infect you without downloading anything. Even if it looks like a phishing website I still open it so that I know how it looks. and i close that link :D yeah i still open for 5 minutes to see how it looks :D and the i close that link and delete the email from my email :D haha me too, sometimes we want to know how the phising looks like ;D there are many types of phishing that used by the bad guys :-\ Title: Re: Phishing Attempts to be aware of Post by: TimeWatch on August 26, 2014, 08:58:35 AM Phishing is the problem that cannot be controlled.It's the huge threat for many people around the internet every now and then.And also many people doesn't know about it or by ignorance they become a victim of it and loose money.
Title: Re: Phishing Attempts to be aware of Post by: phantomcircuit on September 15, 2014, 02:24:12 AM (I'm posting about the invoice jars in this thread because it's the only thread on bitcointalk that mentions it) It's not just cloudhashing.com, it seems as though somebody got into the mailing servers (or at least spoofed them, but it looks legit) of various large/largish bitcoin websites, i got one from btc-e. I got an email from both btc-e.com and cloudhashing.com with this invoice_772.jar Actually, cloudhashing.com was invoice_773.jar The "From" header in an email is not authenticated in anyway. These emails are being sent from compromised servers through the smtp.com email service. Please forward the phishing email to abuse@smtp.com The .jar file contains a packed (ie disguised) trojan. Whoever is doing this is rapidly modifying their technique and constantly changing the packing format. It takes about 2 weeks for major AV products to update their signatures each time the attacker updates it, which unfortunately makes them basically useless. tl;dr dont execute email attachments ending in .jar antivirus cant help you with this one! Title: Re: Phishing Attempts to be aware of Post by: applesRyummy on September 15, 2014, 04:05:15 AM i already got an email from blockchain after i open the link its look phising website You should be fine. I don't think its possible for a website to directly infect you without downloading anything. Even if it looks like a phishing website I still open it so that I know how it looks. and i close that link :D yeah i still open for 5 minutes to see how it looks :D and the i close that link and delete the email from my email :D I personally always will manually type in "blockchain.info" into my browser but sometimes it will forget my identifier, so I go to my email, get a recent backup of my wallet and click on the link, if you have a random pishing link in your email you man accidentally click on it and actually enter your passwrod Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on September 15, 2014, 04:10:17 AM i already got an email from blockchain after i open the link its look phising website You should be fine. I don't think its possible for a website to directly infect you without downloading anything. Even if it looks like a phishing website I still open it so that I know how it looks. and i close that link :D yeah i still open for 5 minutes to see how it looks :D and the i close that link and delete the email from my email :D I personally always will manually type in "blockchain.info" into my browser but sometimes it will forget my identifier, so I go to my email, get a recent backup of my wallet and click on the link, if you have a random pishing link in your email you man accidentally click on it and actually enter your passwrod Title: Re: Phishing Attempts to be aware of Post by: imBLACKjack on September 15, 2014, 05:09:41 AM i already got an email from blockchain after i open the link its look phising website You should be fine. I don't think its possible for a website to directly infect you without downloading anything. Even if it looks like a phishing website I still open it so that I know how it looks. and i close that link :D yeah i still open for 5 minutes to see how it looks :D and the i close that link and delete the email from my email :D I personally always will manually type in "blockchain.info" into my browser but sometimes it will forget my identifier, so I go to my email, get a recent backup of my wallet and click on the link, if you have a random pishing link in your email you man accidentally click on it and actually enter your passwrod Title: Re: Phishing Attempts to be aware of Post by: Kakmakr on September 15, 2014, 06:29:28 AM I saw people complaining about a phishing attempt on users on this forum too.
The person PM you, saying he has bad new or something, and post a link, that looks like a bitcointalk.org address, and if you click on that link, it prompts you to login. When you type in your username and password, your account is hacked. >:( Luckily, nobody wants a newbie account, like mine. ^smile^ Title: Re: Phishing Attempts to be aware of Post by: Coef on September 15, 2014, 05:21:27 PM I saw people complaining about a phishing attempt on users on this forum too. The person PM you, saying he has bad new or something, and post a link, that looks like a bitcointalk.org address, and if you click on that link, it prompts you to login. When you type in your username and password, your account is hacked. >:( Yup, you need to be careful with all the links in posts, PMs, or emails. Double check if the hyperlink is leading to the right site before clicking it, and be extra careful with redirecting links. Title: Re: Phishing Attempts to be aware of Post by: icet208 on September 15, 2014, 07:54:11 PM I`ve been hacked with Phishing method on btc-e.com
Title: Re: Phishing Attempts to be aware of Post by: Chemistry1988 on September 17, 2014, 09:47:19 PM Other than being careful with all the links, you should enable 2FA on every sites in which the feature is available (eg. Coinbase, Bitstamp, btc-e, blockchain.info, etc) as a second protection to your bitcoin.
Title: Re: Phishing Attempts to be aware of Post by: williamj2543 on September 17, 2014, 09:49:29 PM Other than being careful with all the links, you should enable 2FA on every sites in which the feature is available (eg. Coinbase, Bitstamp, btc-e, blockchain.info, etc) as a second protection to your bitcoin. blockchain.info has it by default I think. On new computers, or if it has been a while I have to check my email to re verify my wallet.Title: Re: Phishing Attempts to be aware of Post by: soowein on March 25, 2015, 12:23:15 PM Wouldn't it be easy for someone to figure out who owned that url
and charge him with conspiracy to hacking and stealing? |