be carefully, what a nasty scammer !!!

[lenoli]

What happened::
i had some problem on exmo.com, someone logged in my account and sell on my dogecoins, but hopefully, he wasn't able to withdraw it, i post this problem in their main thread:

hi Op.

several minutes ago, i received email where were said that someone sign in my profile of exmo and trade with my doges, hopefully i changed my pass, before he made a withdraw. but all my doge was exchanged in btc.

http://imgur.com/a/8KZe6 its i IP from there was made login. can you check it?

thanks a lot

and yesterday i got PM from this user: http://imgur.com/a/kxHTy...
Scammers Profile Link:
https://bitcointalk.org/index.php?action=profile;u=952955

i hate people who thinks that only he is the smart  guy in the world and others are idiots.

hey idiot, you cannot scam me, because you are the most nasty and idiot scammer in the world...

[Joel_Jantsen]

It's a throwaway anyway.Basically,that idiot wanted your login information as he claimed to be from their support team? He is not even a scammer,he is just an idiot.If I was you,I'd see where he goes with the fake info provided.

[BTC-Chaser]

Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.

[suchmoon]

Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.

Not worth the effort for a lame phishing attempt like this, not to mention that two wrongs don't make it right. Creating a phishing domain can backfire real quick.

Better ask exmo support (real one) and maybe they would want to create a fake account to trap the fool.

[BTC-Chaser]

Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.

Not worth the effort for a lame phishing attempt like this, not to mention that two wrongs don't make it right. Creating a phishing domain can backfire real quick.

Better ask exmo support (real one) and maybe they would want to create a fake account to trap the fool.

First off, I did include some warnings of what could go wrong by creating a fake site to trap this fool; I've made that part bold and italic in what was quoted from me.

Second, it wouldn't be a phishing domain; well, unless you want to reason that the intent of finding out an IP this way is phishing, in which case a bunch of legit tech giant companies such as Google, Microsoft, Facebook and their ilk would probably very much like a word with you.
You're not stealing any random person's credentials used for logging in through this domain; you're merely confirming that indeed this specific person has bamboozled your credentials and has the intent of using them in illegitimate ways, for illegitimate purposes.

Third, uhm yeah, exmo creating that fake account, totally not technically in the same category as doing it yourself on your domain... but actually, I'd very much like it if they DID go to such lengths to help bust some crackerjack skidmark; they won't because likely they don't very much enjoy the possibility of it backfiring on them, as you say, but I'd actually applaud them for taking such a stand and helping bust the thieving idiot.

[suchmoon]

Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.

Not worth the effort for a lame phishing attempt like this, not to mention that two wrongs don't make it right. Creating a phishing domain can backfire real quick.

Better ask exmo support (real one) and maybe they would want to create a fake account to trap the fool.

First off, I did include some warnings of what could go wrong by creating a fake site to trap this fool; I've made that part bold and italic in what was quoted from me.

Second, it wouldn't be a phishing domain; well, unless you want to reason that the intent of finding out an IP this way is phishing, in which case a bunch of legit tech giant companies such as Google, Microsoft, Facebook and their ilk would probably very much like a word with you.
You're not stealing any random person's credentials used for logging in through this domain; you're merely confirming that indeed this specific person has bamboozled your credentials and has the intent of using them in illegitimate ways, for illegitimate purposes.

Third, uhm yeah, exmo creating that fake account, totally not technically in the same category as doing it yourself on your domain... but actually, I'd very much like it if they DID go to such lengths to help bust some crackerjack skidmark; they won't because likely they don't very much enjoy the possibility of it backfiring on them, as you say, but I'd actually applaud them for taking such a stand and helping bust the thieving idiot.

You warned about infecting someone's device. That's not phishing. Phishing is an attempt to obtain private information under disguise, which is exactly what you're suggesting.

Google collecting your IP when you visit google.com is not the same. There is no disguise. Not to mention the OP already has what looks like the IP of the perp.

Exmo wouldn't need to be disguising themselves therefore it's not phishing either, although of course they would need to make sure that this kind of "sting" is legal in their jurisdiction. What I'm saying is that Exmo is in a better position to execute it in a successful and legal manner than a vigilante.