Bitcoin Forum
June 19, 2019, 12:23:49 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: New Wave of Phishing Emails  (Read 1449 times)
Lauda
GrumpyKitty
Legendary
*
Offline Offline

Activity: 2254
Merit: 2075


Modern Liberalism is a Mental Disorder


View Profile
May 02, 2017, 02:36:53 PM
 #1

It looks like someone is using the forums hacked database again for nefarious purposes. Several individuals have mentioned receiving these emails, and at least some have already fallen victim to them.



Do not download.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
1560947029
Hero Member
*
Offline Offline

Posts: 1560947029

View Profile Personal Message (Offline)

Ignore
1560947029
Reply with quote  #2

1560947029
Report to moderator
1560947029
Hero Member
*
Offline Offline

Posts: 1560947029

View Profile Personal Message (Offline)

Ignore
1560947029
Reply with quote  #2

1560947029
Report to moderator
1560947029
Hero Member
*
Offline Offline

Posts: 1560947029

View Profile Personal Message (Offline)

Ignore
1560947029
Reply with quote  #2

1560947029
Report to moderator
Bitcoin Poker 3.0
The Largest Bitcoin Poker Site
Bad Beat Jackpot Available
No Limit Texas Hold'em Cash Games And Tournaments
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1560947029
Hero Member
*
Offline Offline

Posts: 1560947029

View Profile Personal Message (Offline)

Ignore
1560947029
Reply with quote  #2

1560947029
Report to moderator
Zepher
Copper Member
Hero Member
*****
Offline Offline

Activity: 686
Merit: 582


Electricity is really just organized lightning


View Profile
May 02, 2017, 02:47:44 PM
 #2



Email came from brianbooker@uk2.net

As Lauda says, do not open any attachments. This is ransomware or malware.

My only payment address: 1ZephertJThxkHih7XcaUHBkMSnvkTt5u
goinmerry
Legendary
*
Offline Offline

Activity: 1176
Merit: 1012


View Profile
May 02, 2017, 02:52:35 PM
 #3

Anyone have an idea how it is possible to acquired information to us? Kinda want some technical knowledge about this kind of phishing attempt*.

As I mentioned in related thread to this, I used my unused extra old laptop (the stock one) to find out what will happened out of my curiousity. Connect it to internet, download, remove internet and open it. My security there are not triggered. Im wondering how it can access those inside stuffs?
Lauda
GrumpyKitty
Legendary
*
Offline Offline

Activity: 2254
Merit: 2075


Modern Liberalism is a Mental Disorder


View Profile
May 02, 2017, 02:54:45 PM
 #4

Anyone have an idea how it is possible to acquired information to us?
The forum was hacked in 2015. I assume the database used for this phishing attempt is from that hack.

Kinda want some technical knowledge about this kind of phishing attempt*.
Use Google then?

As I mentioned in related thread to this, I used my unused extra old laptop (the stock one) to find out what will happened out of my curiousity. Connect it to internet, download, remove internet and open it. My security there are not triggered. Im wondering how it can access those inside stuffs?
You won't really figure out what it is doing or attempting to do without adequate technical knowledge, unless it is plainly obvious (e.g. ransomware screen).

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1806
Merit: 1682


Practice Captcha look at Avatar, slct Fire Hydrant


View Profile WWW
May 02, 2017, 03:10:58 PM
 #5

The btc-e DB has been hacked multiple times. I suspect the emails came from one of these hacks.

Lauda
GrumpyKitty
Legendary
*
Offline Offline

Activity: 2254
Merit: 2075


Modern Liberalism is a Mental Disorder


View Profile
May 02, 2017, 03:13:06 PM
 #6

The btc-e DB has been hacked multiple times. I suspect the emails came from one of these hacks.
I have not registered on BTC-e with this username, nor this email. Therefore, it had to be from Bitcointalk considering that other BTCT users have been getting them as well.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1092
Merit: 1118

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
May 02, 2017, 03:22:47 PM
 #7

Got it as well and as Lauda the email used the username that i use only here. So it comes from the previous hack
the domain used to send the email is globo.com

helloeverybody
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile WWW
May 02, 2017, 03:51:34 PM
 #8

I can confirm i also got this email today as well and theres no other places ive used that email so its definitely from the hacked database.

owlcatz
Legendary
*
Offline Offline

Activity: 1848
Merit: 1220


BTC, XMR & VIA FTW


View Profile WWW
May 02, 2017, 04:03:52 PM
 #9

I can confirm i also got this email today as well and theres no other places ive used that email so its definitely from the hacked database.

There is a new wave of phishing scams in the past 24 hours - a few users have already been burnt over .3 btc -



Then the url looks just like bitcointalk and wants you to login... so this is new, ongoing - not good!!! I reported one yesterday as well and gave it red trust -

https://bitcointalk.org/index.php?action=profile;u=986625

Thanks, and be careful out there - bitcointalk.org links will be green not blue!!!  Sad

EDit - https://bitcointalk.org/index.php?topic=1898264.msg18840021#msg18840021
zekoroger
Sr. Member
****
Offline Offline

Activity: 453
Merit: 256


View Profile
May 02, 2017, 04:10:37 PM
 #10

be careful, that phishing fucker scammer make me alot damage today Sad

owlcatz
Legendary
*
Offline Offline

Activity: 1848
Merit: 1220


BTC, XMR & VIA FTW


View Profile WWW
May 02, 2017, 06:24:03 PM
 #11

be careful, that phishing fucker scammer make me alot damage today Sad



Fixed link for ya... 
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 1260
Merit: 1203


Can I merit you with some Flags? 🚩


View Profile
May 02, 2017, 07:22:14 PM
 #12

I can sort of establish a connection.The attacker is probably sending mails to coin collectors who are assumed to be having more bitcoins on them ? Lauda and Zepher is merely a case but it does connect the dots.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
erikalui
Legendary
*
Offline Offline

Activity: 1680
Merit: 1050



View Profile WWW
May 02, 2017, 07:30:29 PM
 #13

I thought that I got this mail as a payment of one of the campaigns I have participated. I downloaded the attachment as well but since I don't have btc-e account, is it something I can do to now? I deleted the word doc file from my computer but my antivirus did not give me any alert.

This was the email I received: http://prntscr.com/f3cucm

                                           ▄▄███████▄▄
      ▄▄███████▄▄                       ▄███████████████▄      ▄▄███████▄▄
   ▄███████████████▄    ▄▄███████▄▄    ███████████████████  ▄███████████████▄      ▄▄███████▄▄
  ██████▀▀▀▀▀▀▀▀█████▄███████████████▄██████▌  ▐███▀▀▀████████████▀▀▀▀▀███████  ▄███████████████▄
 ███████   ▄▄▄▄▄█████████████▀▀▀▀▀██████████   ███▌  ▐█████████     ▄▄▄███████████████████████████
████████   ▀▀▀▀██████████      ▄▄▄█████████▌   ▀▀▀   ██████████   ▀▀▀▀██████████████   ███   ██████
████████   ▄▄▄▄█████████████▌  ▐███████████   ▄▄▄▄   ██████████▌   ▄▄▄███████████████   ▀   ████████
████████   ▀▀▀▀▀████████████▌  ▐██████████▌  ▐███▌  ▐██████████▌   ▀▀   ██████████████▌   ▐█████████
 ███████▄▄▄▄▄▄▄▄█████████████   █████████████████▄▄▄████████████   ▄▄▄███████████████   ▄   ████████
  ███████████████████████████   ████████▀███████████████▀  █████████████████████████   ███   ██████
   ▀███████████████▀███████████████████    ▀▀███████▀▀      ▀███████████████▀  ███████████████████
      ▀▀███████▀▀    ▀███████████████▀                         ▀▀███████▀▀      ▀███████████████▀
                        ▀▀███████▀▀                                                ▀▀███████▀▀
.BET











▐████████████████████▌
  ██████████████████ 
  ██▄▄        ▄▄██▄ 
  ████
██████████████ 
  ███████
███████████ 
   █████
███████████   
   ▄██████████████▄   
  ▄████████████████▄ 
  ██████████████████ 
  ▐██████████████▌ 
   ▀▀    ▀▀▀▀    ▀▀   
  ██████████████████ 
  ███████████████████ 
..PLAY NOW..











Zepher
Copper Member
Hero Member
*****
Offline Offline

Activity: 686
Merit: 582


Electricity is really just organized lightning


View Profile
May 02, 2017, 08:12:22 PM
 #14

I thought that I got this mail as a payment of one of the campaigns I have participated. I downloaded the attachment as well but since I don't have btc-e account, is it something I can do to now? I deleted the word doc file from my computer but my antivirus did not give me any alert.

This was the email I received: http://prntscr.com/f3cucm

If you used the password to unlock the attachment, consider your PC infected.

Keyloggers/coin stealers/and a bunch of other stuff could be running in the background.

Wipe your PC.

Start off with a fresh operating system.

My only payment address: 1ZephertJThxkHih7XcaUHBkMSnvkTt5u
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 580
Merit: 502



View Profile
May 02, 2017, 08:45:37 PM
 #15

Haven't seen one of these yet.  Stuff like this is why I use Linux virtual machines for all my workspace!  Snapshots are your friend.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
anonymoustroll420
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
May 02, 2017, 09:05:57 PM
 #16

It's most likely the old Bitcointalk database

Please don't stop us from using ASICBoost which we're not using
HeroC
Legendary
*
Offline Offline

Activity: 863
Merit: 1000


GPG: FA122C1A | IRC: HeroCC


View Profile
May 03, 2017, 02:06:14 AM
 #17

I got this email too, encrypted docx that wanted editing privileges from some random email @mail.com
chronicsky
Legendary
*
Offline Offline

Activity: 1778
Merit: 1076

Somebody said get a life...so they did


View Profile WWW
May 03, 2017, 04:45:38 AM
 #18

and stupidly, my friend clicked download on the file.
Fortunately i noticed in time before he put the password in it.

is it gonna do anything if it has been downloaded?
I deleted it instantly :/
pooya87
Legendary
*
Offline Offline

Activity: 1680
Merit: 1700



View Profile
May 03, 2017, 05:19:48 AM
 #19

This may be a good reminder:

Real link is green when you move your mouse over: bitcointalk forum (real link)

Fake link is not: bitcointalk forum (with different/fake link)

p.s. i am referring to the attempt that owlcatz mentioned not the email (obviously Smiley)

Gimpeline
Hero Member
*****
Offline Offline

Activity: 553
Merit: 505



View Profile
May 03, 2017, 05:37:47 AM
 #20

I got the mail too.
I dont have an BTC-e account or use this e-mail in other places so it must come from here
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!