bctjim (OP)
Newbie
Offline
Activity: 13
Merit: 0
|
|
May 02, 2017, 04:04:01 PM Last edit: May 02, 2017, 04:15:57 PM by bctjim |
|
Got a weird email saying this with a word doc attachment: (this is the only site I have this username: bctjim) ---------- Forwarded message ---------- From: Hunter Myra < analuciags@globo.com> Date: Tue, May 2, 2017 at 6:28 AM Subject: BTC-e codes for bctjim To: #######@######.com Good day bctjim. Please find your BTC-e codes. You need to activate them within 5 days. Pass is 0nQ3sCJba You have to paste it to be able to view the document. Best regards Hunter Myra
|
|
|
|
|
|
|
|
|
No Gods or Kings. Only Bitcoin
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1136
All paid signature campaigns should be banned.
|
|
May 02, 2017, 04:10:36 PM |
|
What about Mt. Gox? I see you used it. Did you use the email address there also? That is likely. Also, yes, this web site was hacked a long time ago and all the email addresses were taken. So yes, that was a phishing email. Obviously do not open the attachment.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
bctjim (OP)
Newbie
Offline
Activity: 13
Merit: 0
|
|
May 02, 2017, 04:12:02 PM |
|
Yes I used to use mt gox, but i don't use bctjim name there -- so they've gotten the email from here.
FYI, using any common open source software is a huge security risk, so use different email/password for every site everyone!
(reported email as phishing)
|
|
|
|
chronicsky
Legendary
Offline
Activity: 2786
Merit: 1222
Just looking for peace
|
|
May 02, 2017, 04:18:38 PM |
|
i got the same email stating to activate it in 3 hours
|
|
|
|
European Central Bank
Legendary
Offline
Activity: 1288
Merit: 1087
|
|
May 02, 2017, 04:54:34 PM |
|
yep me too. plus an email that was previously used here i think. i've never used it on any other crypto related site other than here.
|
|
|
|
AGD
Legendary
Offline
Activity: 2069
Merit: 1164
Keeper of the Private Key
|
|
May 02, 2017, 05:10:59 PM |
|
@BurtW
Looks like this is something new, because some newer accounts are recieving this phishing mail too.
|
|
|
|
ibminer
Legendary
Offline
Activity: 1819
Merit: 2792
Goonies never say die.
|
|
May 02, 2017, 05:33:04 PM |
|
Wouldn't this just be from the prior database hack, nothing new, just someone trying to use the data... I never put any real e-mail into BTCTalk until somewhat recently - maybe sometime in Jan/Feb this year, I did so to try and conform to the new forum but my e-mail was never in the database that was hacked, and I have not received this phishing e-mail that everyone else seems to be getting. I feel a little left out
|
|
|
|
Joel_Jantsen
Legendary
Offline
Activity: 1876
Merit: 1308
Get your game girl
|
|
May 02, 2017, 05:34:42 PM |
|
--snipe--
Did you download the attachment ? The attachment probably came with a key logger or another bitcoin stealing malware.Your anti-virus should have detected it if the hacker isn't using a Cryptolocker.Report such mails as phishing to your mail providers asap.Please host the doc file over a server if possible,I may run it virtually and see where it leads.
|
|
|
|
AGD
Legendary
Offline
Activity: 2069
Merit: 1164
Keeper of the Private Key
|
|
May 02, 2017, 06:13:04 PM |
|
The docx file was encrypted to avoid recognition on Virustotal etc. DON'T DECRYPT IT WITH THE GIVEN PASSWORD!!!
This is a new attack!
|
|
|
|
Zepher
Copper Member
Hero Member
Offline
Activity: 686
Merit: 603
Electricity is really just organized lightning
|
|
May 02, 2017, 06:59:17 PM |
|
Did you download the attachment ? The attachment probably came with a key logger or another bitcoin stealing malware.Your anti-virus should have detected it if the hacker isn't using a Cryptolocker.Report such mails as phishing to your mail providers asap.Please host the doc file over a server if possible,I may run it virtually and see where it leads.
I posted the email I received in the other thread by Lauda If you send me an email of yours by Privnote, I'll forward you the email with attachment if you wish. You can then do some analysis on it.
|
My only payment address: 1ZephertJThxkHih7XcaUHBkMSnvkTt5u
|
|
|
mindrust
Legendary
Offline
Activity: 3248
Merit: 2433
|
|
May 02, 2017, 07:02:47 PM |
|
I also got this email few hours ago. Deleted immediately like it was cancer. (it was ) At first i thought it was btc-e but then i realized i use the same address both btc-e and here. (i know its stupid, but don't worry i got my 2FA on always with exchanges) No need to say that you shouldn't click on that word file, or else you'll get fucked big time. My sender's name was "Bell Mark". I guess it is random for everyone.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
May 02, 2017, 07:13:44 PM |
|
This seems to be a duplicate of my own thread, but I'll answer nevertheless: https://bitcointalk.org/index.php?topic=1898046.0The docx file was encrypted to avoid recognition on Virustotal etc. DON'T DECRYPT IT WITH THE GIVEN PASSWORD!!!
This is a new attack!
According to some sources (I can't vouch for this claim), the file is full of Visual Basic scripts. I wouldn't download it, yet alone try running it.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
AGD
Legendary
Offline
Activity: 2069
Merit: 1164
Keeper of the Private Key
|
|
May 02, 2017, 07:26:42 PM |
|
This seems to be a duplicate of my own thread, but I'll answer nevertheless: https://bitcointalk.org/index.php?topic=1898046.0The docx file was encrypted to avoid recognition on Virustotal etc. DON'T DECRYPT IT WITH THE GIVEN PASSWORD!!!
This is a new attack!
According to some sources (I can't vouch for this claim), the file is full of VB scripts. Most likely VB, yes. First I thought OP was a new user because of the low post count. Didn't see, that he had registered already in 2013. If there are new users (after the 2015 hack) affected it would point to a new database hack, but so far it looks like they used the old database. Title of the thread should be changed as long as there is no proof of a new hack.
|
|
|
|
|