Beware of this kind of PMs!

[notaek]

What happened::

Received this pm a few minutes ago:



The link is about this topic: https://bitcointalk.org/index.php?topic=1314653.0

But the actual link masking beneath it:

Code:

http://bitcointaik.org/index.php?topic=1325758.0

It'll redirect you to a login page where, if you enter your login credentials will lead to a compromise.

Scammers Profile Link:

https://bitcointalk.org/index.php?action=profile;u=386326

Additional Notes:

Be sure to check the actual link by hovering onto a clickable text before exploring it.
And never click on links sent by a newbie.


BTW, thanks Lutpin for the warning.

[Lutpin]

We're getting these more often lately, it seems.
That kind of phishing has been around for a long time, but the last weeks, a lot of threads about it pop up.
redsn0w reported a similar PM just some minutes ago.
I'd advice you to report the PM, if you haven't already done that.

[notaek]

We're getting these more often lately, it seems.
That kind of phishing has been around for a long time, but the last weeks, a lot of threads about it pop up.
redsn0w reported a similar PM just some minutes ago.
I'd advice you to report the PM, if you haven't already done that.

Yeah, that's done already.

[Zeke2345]

I would have fell for it,reason I try to stick to not clicking on any links in the forum. Just not knowledgeable  enough about these type of things.
Watch me get a ton of messages now.

Looks like the newbie warning helped a little in this situation though.

[notaek]

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Doubly signing this:

- -----BEGIN BITCOIN SIGNED MESSAGE-----
Just for the sake of safety, I'm changing the password. 

(This message is signed by notaek from Bitcointalk.org on 12th March, 2016)
- -----BEGIN SIGNATURE-----
1NoTajKJT6gRLEPkHwcb1EB4cNyDrmuhii
HGYQ/cCa1umsrF8GUeVX8r/tRxGYDEgx34q2V8VJZlj/SpBkyaGZj08tgsj2eaa3yJiqyleJ7vlIpE2tzj3j1NM=
- -----END BITCOIN SIGNED MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.51
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJW5GnuAAoJEBI9bCdjrvBEksUH/ifA+hNowWobL5hY+jF0bL6p
sUe/Mbs7uHJK9lUGhuKx9gzCYoKHWkthi+qJvd5Z/aERzVNe+OMvybtMXjNEenBM
fj/WsprGjIrXKdRGhrzm7wj7bXDRcTPRT7oGX+KKL+kcidnY9nLaYdDQl6XFvE0U
DEzsOfDfnux6u7HC/RrPyDS7YICzAix1LlZoRrKc9Vfj2AMecJTCQGNNXl9wBuzQ
zfB4rEx3ojhKxc6XpSdkreFm7oeUmii6SaN1jNC7f3WYwyoPPFisJwqloJuE5TgZ
VZ0HOPy8OT//NvLm7/HjUh9rAS10AIzPXWbO1exoxGmr0eozMEdJvNp0ld2h1U0=
=WtUo
-----END PGP SIGNATURE-----

[Lutpin]

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Doubly signing this:

- -----BEGIN BITCOIN SIGNED MESSAGE-----
Just for the sake of safety, I'm changing the password. 

(This message is signed by notaek from Bitcointalk.org on 12th March, 2016)
- -----BEGIN SIGNATURE-----
1NoTajKJT6gRLEPkHwcb1EB4cNyDrmuhii
HGYQ/cCa1umsrF8GUeVX8r/tRxGYDEgx34q2V8VJZlj/SpBkyaGZj08tgsj2eaa3yJiqyleJ7vlIpE2tzj3j1NM=
- -----END BITCOIN SIGNED MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.51
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJW5GnuAAoJEBI9bCdjrvBEksUH/ifA+hNowWobL5hY+jF0bL6p
sUe/Mbs7uHJK9lUGhuKx9gzCYoKHWkthi+qJvd5Z/aERzVNe+OMvybtMXjNEenBM
fj/WsprGjIrXKdRGhrzm7wj7bXDRcTPRT7oGX+KKL+kcidnY9nLaYdDQl6XFvE0U
DEzsOfDfnux6u7HC/RrPyDS7YICzAix1LlZoRrKc9Vfj2AMecJTCQGNNXl9wBuzQ
zfB4rEx3ojhKxc6XpSdkreFm7oeUmii6SaN1jNC7f3WYwyoPPFisJwqloJuE5TgZ
VZ0HOPy8OT//NvLm7/HjUh9rAS10AIzPXWbO1exoxGmr0eozMEdJvNp0ld2h1U0=
=WtUo
-----END PGP SIGNATURE-----

PGP signature checks out.
Bitcoin signed message checks out aswell.

[moneybat]

So the mods/admins don't care to block this link or make turn it to a [suspicious link]? seems this is one way people are getting hacked and its been around awhile now

[specturul]

but if come from the forum with same url... how it can redirect to another login page?

[Lutpin]

with same url...

Because it's not the same URL.
It's taking advantage of the lookalike between an upper case i/I and an lower case l/L in some fonts.
Also, they are trying to hide the different url using bbcode.

Code:

[url=scam link here]real link here[/url]

[specturul]

with same url...

Because it's not the same URL.
It's taking advantage of the lookalike between an upper case i/I and an lower case l/L in some fonts.
Also, they are trying to hide the different url using bbcode.

Code:

[url=scam link here]real link here[/url]

ok thank you for explanation....

nick name seems italian:

Benito = Benito Mussolini!

(Finito) = (Ended - It's Over)

[bitbaby]

Reported that site here : https://www.google.com/safebrowsing/report_phish/

If others do it too, that will add a warning when someone visits that page accidentally.

There's a firefox addon to show real hyperlinks, forgot the name of it.

This might be it: https://addons.mozilla.org/en-us/firefox/addon/url-tooltip/

Display the destination URL when hovering cursor over a link. Show link URLs without looking at status bar. Useful when disabling status bar to gain extra screen space or for full screen browsing.
* Show hyperlink destination