Warning! BTC-e Voucher Email phishing alert!

[makngeerwork]

same, just checked email....  what are we noobs?

Hi makngeerwork.

See attached your BTC-e vouchers.

You need to activate them within 8 hours.

The Access key is w8pKFy9KTM. You need to paste it to be able to view the document.

Thanks
William Anthony

[CoinHoarder]

I don’t think even 1 person falls for this but if they do, pray for their soul man.

I guess there are a few people stupid enough to make this worth their time, otherwise they wouldn't do it. It is simply a numbers game. Send the email to a million+ BTC-e users and you are bound to find someone stupid enough.

Older people that are computer illiterate may be more likely to open the file. Which reminds me... I need to inform my mom about this. She has some funds on BTC-e. I've tried for years to get her to move her BTC and LTC to cold wallets, but she doesn't seem too worried... I think older people have too much trust in the goodness of people's intentions.

[Deadly7]

I also received the same phishing email, even though I haven't posted here in years. 

[iigor]

I scanned my pc with mb and mb anti-rootkit, in and out of safe mode and nothing has been found.

Here, content of the file:

[free-bit.co.in]

I scanned my pc with mb and mb anti-rootkit, in and out of safe mode and nothing has been found.

Here, content of the file:

You scanned them with the file still being encrypted? Then of course nothing can be detected as a virus or harmful script. DON'T DECRYPT THE FILE ! Unless you have a save environment to do it (Virtual machine and sandbox!).

[iigor]

So if i dont decrypt the file and just delete it, im safe?

[singula]

I looked at the file ... it is an encrypted .doc

I have not tried opening it, but this approach is not typical for phishing, but for malware infections.

Some macro in the .doc would run (sometimes user is tricked to enable macros, sometimes an exploit is used to run macros without further user's intervention) and then the computer would get infected by some malware. Could be some ransomware, botnet, scareware, password stealer, banker, adware, but surely it will be something evil.

I am not going to examine it further to find which one it is.

[kolloh]

So if i dont decrypt the file and just delete it, im safe?

Yeah, you should be. The file shouldn't be able to execute in its encrypted state afaik and I'm guessing the attacker encrypts it to avoid virus signature detection.

[iigor]

Then that password that they sent us is the key to run whats inside the file?

[kolloh]

Then that password that they sent us is the key to run whats inside the file?

Yeah, it unencrypts the docx file which would allow it to run whatever malicious code is inside. Don't enter the password in or mess with the file. Just delete it is the safest course of action.