Bitcoin Forum
December 14, 2024, 11:24:28 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: be carefully, what a nasty scammer !!!  (Read 565 times)
lenoli (OP)
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


View Profile
February 07, 2017, 06:20:09 AM
 #1

What happened::
i had some problem on exmo.com, someone logged in my account and sell on my dogecoins, but hopefully, he wasn't able to withdraw it, i post this problem in their main thread:
hi Op.

several minutes ago, i received email where were said that someone sign in my profile of exmo and trade with my doges, hopefully i changed my pass, before he made a withdraw. but all my doge was exchanged in btc.

http://imgur.com/a/8KZe6 its i IP from there was made login. can you check it?

thanks a lot
and yesterday i got PM from this user: http://imgur.com/a/kxHTy...
Scammers Profile Link:
https://bitcointalk.org/index.php?action=profile;u=952955

i hate people who thinks that only he is the smart  guy in the world and others are idiots.

hey idiot, you cannot scam me, because you are the most nasty and idiot scammer in the world...
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 2072
Merit: 1353


Top-tier crypto casino and sportsbook


View Profile
February 07, 2017, 07:27:42 AM
 #2

It's a throwaway anyway.Basically,that idiot wanted your login information as he claimed to be from their support team? He is not even a scammer,he is just an idiot.If I was you,I'd see where he goes with the fake info provided.

BTC-Chaser
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
February 07, 2017, 12:54:05 PM
 #3

Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.
suchmoon
Legendary
*
Offline Offline

Activity: 3892
Merit: 9108


https://bpip.org


View Profile WWW
February 07, 2017, 04:34:56 PM
 #4

Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.

Not worth the effort for a lame phishing attempt like this, not to mention that two wrongs don't make it right. Creating a phishing domain can backfire real quick.

Better ask exmo support (real one) and maybe they would want to create a fake account to trap the fool.
BTC-Chaser
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
February 11, 2017, 04:44:09 PM
 #5

Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.


Not worth the effort for a lame phishing attempt like this, not to mention that two wrongs don't make it right. Creating a phishing domain can backfire real quick.

Better ask exmo support (real one) and maybe they would want to create a fake account to trap the fool.

First off, I did include some warnings of what could go wrong by creating a fake site to trap this fool; I've made that part bold and italic in what was quoted from me.

Second, it wouldn't be a phishing domain; well, unless you want to reason that the intent of finding out an IP this way is phishing, in which case a bunch of legit tech giant companies such as Google, Microsoft, Facebook and their ilk would probably very much like a word with you.
You're not stealing any random person's credentials used for logging in through this domain; you're merely confirming that indeed this specific person has bamboozled your credentials and has the intent of using them in illegitimate ways, for illegitimate purposes.

Third, uhm yeah, exmo creating that fake account, totally not technically in the same category as doing it yourself on your domain... but actually, I'd very much like it if they DID go to such lengths to help bust some crackerjack skidmark; they won't because likely they don't very much enjoy the possibility of it backfiring on them, as you say, but I'd actually applaud them for taking such a stand and helping bust the thieving idiot.
suchmoon
Legendary
*
Offline Offline

Activity: 3892
Merit: 9108


https://bpip.org


View Profile WWW
February 14, 2017, 05:29:40 PM
 #6

Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.


Not worth the effort for a lame phishing attempt like this, not to mention that two wrongs don't make it right. Creating a phishing domain can backfire real quick.

Better ask exmo support (real one) and maybe they would want to create a fake account to trap the fool.

First off, I did include some warnings of what could go wrong by creating a fake site to trap this fool; I've made that part bold and italic in what was quoted from me.

Second, it wouldn't be a phishing domain; well, unless you want to reason that the intent of finding out an IP this way is phishing, in which case a bunch of legit tech giant companies such as Google, Microsoft, Facebook and their ilk would probably very much like a word with you.
You're not stealing any random person's credentials used for logging in through this domain; you're merely confirming that indeed this specific person has bamboozled your credentials and has the intent of using them in illegitimate ways, for illegitimate purposes.

Third, uhm yeah, exmo creating that fake account, totally not technically in the same category as doing it yourself on your domain... but actually, I'd very much like it if they DID go to such lengths to help bust some crackerjack skidmark; they won't because likely they don't very much enjoy the possibility of it backfiring on them, as you say, but I'd actually applaud them for taking such a stand and helping bust the thieving idiot.

You warned about infecting someone's device. That's not phishing. Phishing is an attempt to obtain private information under disguise, which is exactly what you're suggesting.

Google collecting your IP when you visit google.com is not the same. There is no disguise. Not to mention the OP already has what looks like the IP of the perp.

Exmo wouldn't need to be disguising themselves therefore it's not phishing either, although of course they would need to make sure that this kind of "sting" is legal in their jurisdiction. What I'm saying is that Exmo is in a better position to execute it in a successful and legal manner than a vigilante.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!