Question for forum experts: Possible Phishing?

[DanielleEber]

An advertiser on DailyBitcoins.org is offering "Earn 0.1 BTC for making forum post", and contact chromaticcreative@gmail.com

When I contacted them, I got the following email:
--------------------------------------
From: Casper Cehng Tsz Chun <caspercat1997@gmail.com>

Greetings!

Thanks for showing your interest to our offer. This offer is for whoever owns a BitcoinTalk account. As we need to check if you are qualified for this event, you need to provide us a user ID of BitcoinTalk.
You can know your user ID by logging in to your account>profile>Additional information>Show General statistics for this member>Copy the URL. The user ID will be http://bitcointalk.org/.......u=<your user id>;...... .

Please copy your user id and go to http://chromaticcreative.net/bitcoin/mega/uid.php?u=<your user id>

Wish us a good partnership.

Casper

--------------------------------------

It seems my forum user ID number is not something they need for legitimate purposes, and this might be a type of phishing (obtaining private information by social engineering).  I would like to hear from forum experts what you think.

[21after2]

There's been a few topics going around about the guy. I think John The Dog confirmed that he's been banned for it.

[John (John K.)]

He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

[DanielleEber]

He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

Would having my user ID number (or direct link to my user page which includes the ID number as part of the path)
enable him to have access to my account?  That is what seemed questionable to me that he would need it for any
legitimate purpose.

I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy
regardless.  Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator
to remove the ad and not have other people suckered in.

[John (John K.)]

He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

Would having my user ID number (or direct link to my user page which includes the ID number as part of the path)
enable him to have access to my account?  That is what seemed questionable to me that he would need it for any
legitimate purpose.

No, of course. Anyone could look that up easily. (for example theymos, the admin, is 35).

[DeathAndTaxes]

He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

Would having my user ID number (or direct link to my user page which includes the ID number as part of the path)
enable him to have access to my account?  That is what seemed questionable to me that he would need it for any
legitimate purpose.

I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy
regardless.  Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator
to remove the ad and not have other people suckered in.

No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide.

[John (John K.)]

He is banned from this forum, and someone giving him access to their own accounts will be banned for this too.

Would having my user ID number (or direct link to my user page which includes the ID number as part of the path)
enable him to have access to my account?  That is what seemed questionable to me that he would need it for any
legitimate purpose.

I have no desire to be a front for someone who is banned, paid or not, so I have decided not to work with this guy
regardless.  Now I want to find out if it's a scam of some kind, so I can report it back to the dailybitcoins.org operator
to remove the ad and not have other people suckered in.

No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide.

There is a good point here.

[DanielleEber]

No but most people re-use their passwords and likely he is going to check the password on his site against the userID you provide.

Good point, and therefore a phishing attempt.  If he wants help posting here, he doesn't need to know the same user names and IDs on
both systems, just a post and then a link to the post itself to prove it was made.  Bitcoin inherently doesn't need a separate account on
his system, he could just pay direct to a bitcoin address provided by the person doing the post.

Right, now to inform dailybitcoins.

[dree12]

They are using the accounts to get free ripples.

This is their reply:

congratulations! you are elligible to participate in our offer, you have 2 options to choose from:


Option A: You will lend the account to us for at most 48 hours. Your account will be returned afterwards, and you get the coins when you grant us access to the account.


Option B: Help us to create a post at specific location, you will be rewarded after 48 hours (You need to be out of newbies in order to do so, we will handle if you chosse option A);


Both options are offering 0.1BTC as reward. Please send email to chromaticcreative@gmail.com , tell us your option, Bitcoin Addreess, and account ID. My AFK time is quite long sometimes, if you pop your full account information i may not be able to send the coins to you immediately, please leave every questions down in 1 mail. Futher instruction on where to send will be replied after tellingus your option.

[theymos]

Giving away your user ID is fine, but you should not give people random URLs that they ask for. Some URLs contain session IDs that can (I think) be used for evil purposes.

[DanielleEber]

Giving away your user ID is fine, but you should not give people random URLs that they ask for. Some URLs contain session IDs that can (I think) be used for evil purposes.

The request for account information, before even telling me what they are doing, is what triggered my scam radar.  Just a bit more info, I replied to Mr. Chun by email, asking for more info about what they are doing, and saying my identity on bitcointalk.org is private (I don't use the same account name everywhere).  I got back the exact same email as in the first post, so it's an automated reply.  

Checking their website, it appears to be third party ad referrals.  Given that I use adblock on my web browser, I have a poor opinion of ads in general.  I don't mind targeted ones on topics I care about, or when I am actively searching for a product, but the rest of the time it's just taking up useful screen space, or even delivering exploits.  So I will not only stay away from this guy, but run away and recommend others stay away.

Thanks for everyone's helpful information, I very much appreciate the community here.