Bitcoin Forum
November 06, 2024, 04:49:44 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: PSA: **WARNING** ACTIVE PHISHING CAMPAIGN AGAINST BitcoinTalk and BTC-e USERS  (Read 1115 times)
bitsalame (OP)
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
May 03, 2017, 12:50:02 AM
Last edit: May 03, 2017, 01:02:41 AM by bitsalame
 #1

Some asshole initiated a phishing campaign against the users of BTC-e and BitcoinTalk.
They are exploiting the leaked DBs from the major hacks in 2014 and 2015 respectively.

The ones I detected are:
1) Targeting BTC-E users: spoofed emails from LocalBitcoins
2) Targeting BTC-E users: spoofed emails from Blockchain.info
3) Targeting BitcoinTalk users: fake emails from Btc-e with some attached payload.
4) +Several failed login attempts.

The last thing I heard was that the BitcoinTalk DB was being offered for sale in 2016.
Considering this "explosive" sudden campaign my speculation is that either some asshole bought it or it was finally released to the public.

Users of BTC-e and BitcoinTalk who used the same emails to register to all these sites should take extra precaution.
I highly suggest to change not only the passwords of every service (if you haven't already... come on, it's been more than 3 years) AND ALSO change your email addresses.
HabBear
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 638


View Profile WWW
May 03, 2017, 02:19:50 AM
 #2

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!
BTCforJoe
Hero Member
*****
Offline Offline

Activity: 882
Merit: 976



View Profile
May 03, 2017, 02:27:07 AM
 #3

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?
iamTom123
Hero Member
*****
Offline Offline

Activity: 490
Merit: 501



View Profile
May 03, 2017, 03:32:47 AM
 #4

From time to time, I got some emails supposedly from a reputable exchange telling me to invest money due to high returns. I am not anymore a newbie on this aspect so I can easily detect a phising or pharming type of an email. In the first place, if one email is offering to give you an unrealistically high return on your money then you must raise your both eyebrows and delete immediately the said email.

I am always sad for newbies who can fall victim for this scam but if one is just using his own brain and use our own ability to doubt then we can easily decipher a real email from a fake one. This is not the first and would not be the last.
Wind_FURY
Legendary
*
Offline Offline

Activity: 3094
Merit: 1929



View Profile
May 03, 2017, 04:09:03 AM
 #5

If you lurk in this forum long enough, you should know better than to click links from random users. Bitcoin is reaching new all time highs. It is to be expected that scammers and thieves start working again.

██████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
██████████████████████
.SHUFFLE.COM..███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
█████████████████████
████████████████████
██████████████████████
████████████████████
██████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
██████████████████████
██████████████████████
██████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
.
...Next Generation Crypto Casino...
bitsalame (OP)
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
May 03, 2017, 04:11:03 AM
 #6

I compartmentalize all my email addresses to keep track of companies that sell personal information or potential leaks like the ones I am detecting right now.

I register each website with an unique email address, and if if such email receives any spam unrelated to the company it was used for, it has been sold or hacked.

After Bitcointalk got hacked in 2015 I changed my email address for this forum. The Phishing attempt didnt come to my new address, but to the leaked one. Therefore it is confirmed that these guys are using the leaked DB from the 2015 hack and it is not from a more recent hack.

Regards
bitsalame (OP)
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
May 03, 2017, 04:12:31 AM
 #7

If you lurk in this forum long enough, you should know better than to click links from random users. Bitcoin is reaching new all time highs. It is to be expected that scammers and thieves start working again.

You clearly don't understand what phishing is, if you think you will be getting email looking like actually coming from a random person.
Read again my OP and try to deduce it again.
bitsalame (OP)
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
May 03, 2017, 04:45:51 AM
Last edit: May 03, 2017, 05:10:01 AM by bitsalame
 #8

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?

Ok these are the emails I've been getting:
First Email:
Quote
From: no-reply@localbitcoins.com
To: (address registered ONLY for btc-e)
Subject: [localbitcoins.com #36354 message from administrator.
Body:
Quote
no-replay@localbitcoins.com (recipient address)

Message:

Please check and secure your account.

You can login here https://localbitcoins.com/login/44641

Second Email:
Quote
From: no-reply@localbitcoins.com
To: (address registered ONLY for btc-e)
Subject: [localbitcoins.com #80654 message from administrator.
Body:
Quote
no-replay@localbitcoins.com (recipient address)

Message:

Please check and secure your account.

http://localbitcoins.com/login/51939

Third Email:
Quote
From: Blockchain noreplay@blockc (sic)
To: (address registered ONLY for btc-e)
Subject: Authorize log-in attempt.
Body:
Quote
Authorize log-in attempt (recipient's email address)

An attempt to login to your blockchain.info wallet was made from an unknown browser
Please check and secure your account.

Please Login here ! [Link: http://www.vanityonlinestore.com/mic/a266.php?(email address)

BlockChain Security Team.

Fourth email, in this attempt they were incredibly stupid and also incredibly sneaky at the same time. Even though they didn't even bother spoofing the email address, the phishing link uses unicode (the k is not ascii, it is the russian unicode) if they were clever enough, they could have registered that domain, pay for an ssl certificate and they could have had an indistinguishable blockchain.info spoof with a "green" ssl lock in the browser. But fortunately these guys are a bunch of careless amateurs.
Quote
From: Blockchain info@cafricambi.com
To: (address registered ONLY for btc-e)
Subject: Activate your email address
Body:
Quote
Dear Customer

Actiνate your email address , Unνerified email could susρend your account.

httρs://blocκchain.info/wallet/email/xlK6sVρOHiEρκcd0S8

2017 BLOCKCHAIN LUXEMBOURG S.A. ALL RIGHTS RESERVED

Fifth email:
Quote
From: Franks Keane richardpotter@sky.com (? Seriously?)
To: (address registered ONLY for BitcoinTalk forums up to 2015)
Subject: BTC-e codes for (BitcoinTalk username)
Data:
Quote
Hello (BitcoinTalk Username).

Please review attached your BTC-e codes.

You have to use it within 6 hours.

Password is GLmsWjr50MJ6i. You have to type it to be able to open the document.

Thanks
Franks Keane
(Attached BitcoinTalkUsername.docx)

And lastly, the very first one actually targetted btc-e users, by spoofing btc-e itself.
Quote
From: BTC-e noreplay@test.com
To: (address registered ONLY for BTC-e)
Subject: Please update your email account.
Data:
Quote

This phishing campaign started on Apr 22nd.
I had zero attempts for 4 years since the hack, and that was baffling considering that it was public knowledge that their DB was dumped from these two sites. I guess that the attackers were either saving it for the right moment, or were finally able to sold the DB or they just got tired of keeping it and made it public.
HabBear
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 638


View Profile WWW
May 03, 2017, 05:29:40 AM
 #9

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?

Then it should be called "fishing"...if these people are trying to fish your password, private keys, bank info, etc.

The word was poorly chosen from the beginning. Everyone should stop using it. It makes no sense.
AGD
Legendary
*
Offline Offline

Activity: 2070
Merit: 1164


Keeper of the Private Key


View Profile
May 03, 2017, 05:58:27 AM
 #10

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?

Then it should be called "fishing"...if these people are trying to fish your password, private keys, bank info, etc.

The word was poorly chosen from the beginning. Everyone should stop using it. It makes no sense.

Nobody uses the word "fishing" in connection with computer hacking. The "ph" in "phishing" defines it as hacking related and is widespread used. If I remember correct, the "ph" was first used in "phreaking", which was phone hacking back in the last millenium.
Something like the "Z" in "Warez" and Appz", which made clear, that this site is releasing cracked software.

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
Kakmakr
Legendary
*
Offline Offline

Activity: 3542
Merit: 1965

Leading Crypto Sports Betting & Casino Platform


View Profile
May 03, 2017, 05:59:22 AM
 #11

No matter what these people are doing < definition is not that important > it should be noted that there are active attempts by someone to steal our coins from many platforms. Change your passwords regularly and do not re-use the same passwords for all the different services.

Thanks OP, for giving everyone a early warning about this. ^smile^

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
davis196
Hero Member
*****
Offline Offline

Activity: 3150
Merit: 937



View Profile
May 03, 2017, 05:59:37 AM
 #12

Some asshole initiated a phishing campaign against the users of BTC-e and BitcoinTalk.
They are exploiting the leaked DBs from the major hacks in 2014 and 2015 respectively.

The ones I detected are:
1) Targeting BTC-E users: spoofed emails from LocalBitcoins
2) Targeting BTC-E users: spoofed emails from Blockchain.info
3) Targeting BitcoinTalk users: fake emails from Btc-e with some attached payload.
4) +Several failed login attempts.

The last thing I heard was that the BitcoinTalk DB was being offered for sale in 2016.
Considering this "explosive" sudden campaign my speculation is that either some asshole bought it or it was finally released to the public.

Users of BTC-e and BitcoinTalk who used the same emails to register to all these sites should take extra precaution.
I highly suggest to change not only the passwords of every service (if you haven't already... come on, it's been more than 3 years) AND ALSO change your email addresses.

I don`t have a BTC-e account and i changed my bitcointalk email one month ago.
This is enough for my account security,i quess.
Hackers are trying to hit the bitcoin price back to 1000 USD.

sportis
Sr. Member
****
Offline Offline

Activity: 406
Merit: 252


Veni, Vidi, Vici


View Profile
May 03, 2017, 10:19:10 AM
 #13

Hopefully I use a different email account for bitcointalk and localbitcoins. I have never notice any phishing attempt for the latter site. The truth is that I have a long time to use it and maybe this is the reason nobody interests about me. However thanks the @OP to aware us of these incidents.
buwaytress
Legendary
*
Offline Offline

Activity: 2982
Merit: 3691


Join the world-leading crypto sportsbook NOW!


View Profile
May 03, 2017, 10:34:58 AM
 #14


Then it should be called "fishing"...if these people are trying to fish your password, private keys, bank info, etc.

The word was poorly chosen from the beginning. Everyone should stop using it. It makes no sense.

This really reminds me about pointless arguments about how to pronounce GIF... even the suggested pronunciation by its creators is never seen as definitive because there will always be people out there who think of language in their own rigid terms.

Phishing has been in use for 20 years and is accepted terminology.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
bitsalame (OP)
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
May 03, 2017, 05:59:16 PM
 #15


Then it should be called "fishing"...if these people are trying to fish your password, private keys, bank info, etc.

The word was poorly chosen from the beginning. Everyone should stop using it. It makes no sense.

This really reminds me about pointless arguments about how to pronounce GIF... even the suggested pronunciation by its creators is never seen as definitive because there will always be people out there who think of language in their own rigid terms.

Phishing has been in use for 20 years and is accepted terminology.

Sounds like some kids just graduated from grammar school... it it is typical of teenagers to be hypercorrecting shit.

@HabBear Phishing is a established terminology in computer security, it describes a specific social engineering modality.
Go check the dictionary, the neologism has been added to every reputable dictionary available.
Dogeboi3210
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
May 03, 2017, 09:04:07 PM
 #16

Some asshole initiated a phishing campaign against the users of BTC-e and BitcoinTalk.
They are exploiting the leaked DBs from the major hacks in 2014 and 2015 respectively.

The ones I detected are:
1) Targeting BTC-E users: spoofed emails from LocalBitcoins
2) Targeting BTC-E users: spoofed emails from Blockchain.info
3) Targeting BitcoinTalk users: fake emails from Btc-e with some attached payload.
4) +Several failed login attempts.

The last thing I heard was that the BitcoinTalk DB was being offered for sale in 2016.
Considering this "explosive" sudden campaign my speculation is that either some asshole bought it or it was finally released to the public.

Users of BTC-e and BitcoinTalk who used the same emails to register to all these sites should take extra precaution.
I highly suggest to change not only the passwords of every service (if you haven't already... come on, it's been more than 3 years) AND ALSO change your email addresses.
I've definitely gotten some sketch emails related to BTC-E. People need to be careful around these emails, because one mistake and your BTC is gone.
Wind_FURY
Legendary
*
Offline Offline

Activity: 3094
Merit: 1929



View Profile
May 04, 2017, 04:33:39 AM
 #17

If you lurk in this forum long enough, you should know better than to click links from random users. Bitcoin is reaching new all time highs. It is to be expected that scammers and thieves start working again.

You clearly don't understand what phishing is, if you think you will be getting email looking like actually coming from a random person.
Read again my OP and try to deduce it again.

Yes sorry. Phishing are emails that look like the real thing but actually is not. But the point is still the same. Scammers and thieves are more motivated to steal now that Bitcoin is reaching new all time highs.

██████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
██████████████████████
.SHUFFLE.COM..███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
█████████████████████
████████████████████
██████████████████████
████████████████████
██████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
██████████████████████
██████████████████████
██████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
.
...Next Generation Crypto Casino...
bitsalame (OP)
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
May 04, 2017, 06:34:29 PM
 #18

Yes, but it is not just about being "more" active.
The things that grabs my attention is that they are being active at all. They could have exploited these leaks any time before.
I had zero phishing emails before, they kept them dormant for 4/5 years and they suddenly exploiting both userbases at the same time.
Wesimon
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


https://gexcrypto.io


View Profile
May 04, 2017, 07:43:13 PM
 #19

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Why should we stop using the term "phishing"? It is a jargon or technical term in the field of computing (computer) so there is nothing wrong about using it. As defined on wikipedia, phishing is a term that pertains to maliciously attempting to get your private information such as username, password, etc. by disguising themselves as a trustworthy entity.

I do not know what is your deal with "phishing" at all. We should stop using that term if it is inappropriate but since it's the right term for the issue and it is the issue, then use it. You can always use other terms but all have their freedom to use any term they want so why force us to stop using that term.

             ███
     ▄▄▄▄▄   ▀▀▀
  ▄█████████▄
 ███▀     ▀███▄
███         ███
███         ███
 ███▄     ▄████
  ▀████████████
     ▀▀▀▀▀  ███
            ███
███▄       ▄███
 ▀███▄▄▄▄▄███▀
   ▀▀█████▀▀
gexcrypto
E X C R Y P T O

Global Trading Corp.
████
████
████
████
████  ████
████  ████
████  ████
████  ████
████  ████
      ████
      ████
      ████
      ████
YOUR COMPREHENSIVE CRYPTO TRADING PLATFORM
|       WHITEPAPER       |       FACEBOOK       |       TWITTER       |       ANN THREAD       |
████
████
████
████
████  ████
████  ████
████  ████
████  ████
████  ████
      ████
      ████
      ████
      ████
btcforall777
Full Member
***
Offline Offline

Activity: 235
Merit: 250


View Profile
May 04, 2017, 08:13:32 PM
 #20

I got 1 spoofing BTC-E.com. But I was not a dumb head to click on it.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!