PSA: **WARNING** ACTIVE PHISHING CAMPAIGN AGAINST BitcoinTalk and BTC-e USERS

[Restmand]

thank you for informing us, there are different site that are made by men that are the goals is to steal and het all the money of the bitcoin users, phishing is a site that once you have been logged on your account , your password might be save on their databases and they even know your username or even your email, better to keep our security and take time to think what was we are opening.

[bitsalame]

I got 1 spoofing BTC-E.com. But I was not a dumb head to click on it.

Nice job! But these attempts were too unsophisticated, so be careful.
Having the userbase of a site is a goldmine for a sophisticated phisher, if he knows what to do.

The recommended course of action is to do exactly what I did: compartmentalize your email addresses.
Regards

[luv2drnkbr]

Just chiming in to say I also got a bunch of phishing e-mails.  The latest one purported to be from BTC-e and told me to open the attached docx file to read a message sent to me.

The e-mail address I received these messages on was one only registered to BTC-e and is NOT registered on MtGox or these Bitcointalk forums, which leads me to believe some kind of compromise might have happened at BTC-e.

[Juggy777]

Some asshole initiated a phishing campaign against the users of BTC-e and BitcoinTalk.
They are exploiting the leaked DBs from the major hacks in 2014 and 2015 respectively.

The ones I detected are:
1) Targeting BTC-E users: spoofed emails from LocalBitcoins
2) Targeting BTC-E users: spoofed emails from Blockchain.info
3) Targeting BitcoinTalk users: fake emails from Btc-e with some attached payload.
4) +Several failed login attempts.

The last thing I heard was that the BitcoinTalk DB was being offered for sale in 2016.
Considering this "explosive" sudden campaign my speculation is that either some asshole bought it or it was finally released to the public.

Users of BTC-e and BitcoinTalk who used the same emails to register to all these sites should take extra precaution.
I highly suggest to change not only the passwords of every service (if you haven't already... come on, it's been more than 3 years) AND ALSO change your email addresses.

If the database is of three years old or old in short I feel mostly higher ranked members shall be at risk than newbies and those who have joined a while back, but in any circumstances I feel every one should change his passwords and be on the safe side. What if it's a insider member who's been targeting people who he believes have loads of Bitcoins, without any offense to any members, such scammers could be among us and thanks to op now all will be aware and be safe.

[ViceOfBTC21]

So I'm lucky and safe because I registered my account in 2017. And out of curiosity, were there any IDs in these leaks? If yes then Fiat depositors have problems.

[deisik]

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?

I received such an email myself a few days ago

Basically, I was offered 4 Btc-e vouchers which I had to redeem within 4 days. It was clear that it was no more than a phishing attempt, but I got curious. So I fired up a virtual machine in a read-only mode, disconnected network and shared folders, opened the Microsoft Word document attached to the email and entered the password which was written in it. Quite naturally, there were no vouchers but some Windows script embedded (I had to switch off a few security features in Word to run it) and it tried to do some nefarious stuff but it failed miserably. If anyone is interested to look at that script (or in any other related info), I can send this email (but you should certainly know what you are doing)