PSA: **WARNING** ACTIVE PHISHING CAMPAIGN AGAINST BitcoinTalk and BTC-e USERS

[bitsalame]

Some asshole initiated a phishing campaign against the users of BTC-e and BitcoinTalk.
They are exploiting the leaked DBs from the major hacks in 2014 and 2015 respectively.

The ones I detected are:
1) Targeting BTC-E users: spoofed emails from LocalBitcoins
2) Targeting BTC-E users: spoofed emails from Blockchain.info
3) Targeting BitcoinTalk users: fake emails from Btc-e with some attached payload.
4) +Several failed login attempts.

The last thing I heard was that the BitcoinTalk DB was being offered for sale in 2016.
Considering this "explosive" sudden campaign my speculation is that either some asshole bought it or it was finally released to the public.

Users of BTC-e and BitcoinTalk who used the same emails to register to all these sites should take extra precaution.
I highly suggest to change not only the passwords of every service (if you haven't already... come on, it's been more than 3 years) AND ALSO change your email addresses.

[HabBear]

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

[BTCforJoe]

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?

[iamTom123]

From time to time, I got some emails supposedly from a reputable exchange telling me to invest money due to high returns. I am not anymore a newbie on this aspect so I can easily detect a phising or pharming type of an email. In the first place, if one email is offering to give you an unrealistically high return on your money then you must raise your both eyebrows and delete immediately the said email.

I am always sad for newbies who can fall victim for this scam but if one is just using his own brain and use our own ability to doubt then we can easily decipher a real email from a fake one. This is not the first and would not be the last.

[Wind_FURY]

If you lurk in this forum long enough, you should know better than to click links from random users. Bitcoin is reaching new all time highs. It is to be expected that scammers and thieves start working again.

[bitsalame]

I compartmentalize all my email addresses to keep track of companies that sell personal information or potential leaks like the ones I am detecting right now.

I register each website with an unique email address, and if if such email receives any spam unrelated to the company it was used for, it has been sold or hacked.

After Bitcointalk got hacked in 2015 I changed my email address for this forum. The Phishing attempt didnt come to my new address, but to the leaked one. Therefore it is confirmed that these guys are using the leaked DB from the 2015 hack and it is not from a more recent hack.

Regards

[bitsalame]

If you lurk in this forum long enough, you should know better than to click links from random users. Bitcoin is reaching new all time highs. It is to be expected that scammers and thieves start working again.

You clearly don't understand what phishing is, if you think you will be getting email looking like actually coming from a random person.
Read again my OP and try to deduce it again.

[bitsalame]

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?

Ok these are the emails I've been getting:
First Email:

From: no-reply@localbitcoins.com
To: (address registered ONLY for btc-e)
Subject: [localbitcoins.com #36354 message from administrator.
Body:

no-replay@localbitcoins.com (recipient address)

Message:

Please check and secure your account.

You can login here https://localbitcoins.com/login/44641

Second Email:

From: no-reply@localbitcoins.com
To: (address registered ONLY for btc-e)
Subject: [localbitcoins.com #80654 message from administrator.
Body:

no-replay@localbitcoins.com (recipient address)

Message:

Please check and secure your account.

http://localbitcoins.com/login/51939

Third Email:

From: Blockchain noreplay@blockc (sic)
To: (address registered ONLY for btc-e)
Subject: Authorize log-in attempt.
Body:

Authorize log-in attempt (recipient's email address)

An attempt to login to your blockchain.info wallet was made from an unknown browser
Please check and secure your account.

Please Login here ! [Link: http://www.vanityonlinestore.com/mic/a266.php?(email address)

BlockChain Security Team.

Fourth email, in this attempt they were incredibly stupid and also incredibly sneaky at the same time. Even though they didn't even bother spoofing the email address, the phishing link uses unicode (the k is not ascii, it is the russian unicode) if they were clever enough, they could have registered that domain, pay for an ssl certificate and they could have had an indistinguishable blockchain.info spoof with a "green" ssl lock in the browser. But fortunately these guys are a bunch of careless amateurs.

From: Blockchain info@cafricambi.com
To: (address registered ONLY for btc-e)
Subject: Activate your email address
Body:

Dear Customer

Actiνate your email address , Unνerified email could susρend your account.

httρs://blocκchain.info/wallet/email/xlK6sVρOHiEρκcd0S8

2017 BLOCKCHAIN LUXEMBOURG S.A. ALL RIGHTS RESERVED

Fifth email:

From: Franks Keane richardpotter@sky.com (? Seriously?)
To: (address registered ONLY for BitcoinTalk forums up to 2015)
Subject: BTC-e codes for (BitcoinTalk username)
Data:

Hello (BitcoinTalk Username).

Please review attached your BTC-e codes.

You have to use it within 6 hours.

Password is GLmsWjr50MJ6i. You have to type it to be able to open the document.

Thanks
Franks Keane
(Attached BitcoinTalkUsername.docx)

And lastly, the very first one actually targetted btc-e users, by spoofing btc-e itself.

From: BTC-e noreplay@test.com
To: (address registered ONLY for BTC-e)
Subject: Please update your email account.
Data:

Dear Customer btce

Please update your email account.

https://www.btc-e.com/update-email/44tg4y2d
(Links to http://www.linkbucks.com/AjeTr?(email address registered for btce))

This phishing campaign started on Apr 22nd.
I had zero attempts for 4 years since the hack, and that was baffling considering that it was public knowledge that their DB was dumped from these two sites. I guess that the attackers were either saving it for the right moment, or were finally able to sold the DB or they just got tired of keeping it and made it public.

[HabBear]

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?

Then it should be called "fishing"...if these people are trying to fish your password, private keys, bank info, etc.

The word was poorly chosen from the beginning. Everyone should stop using it. It makes no sense.

[AGD]

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Technically, it is phishing if spoofed emails are being delivered to users. I'm assuming that these emails are a way to phish your password and/or private keys somehow.

OP, do you have any examples of what these spoofed emails look like?

Then it should be called "fishing"...if these people are trying to fish your password, private keys, bank info, etc.

The word was poorly chosen from the beginning. Everyone should stop using it. It makes no sense.

Nobody uses the word "fishing" in connection with computer hacking. The "ph" in "phishing" defines it as hacking related and is widespread used. If I remember correct, the "ph" was first used in "phreaking", which was phone hacking back in the last millenium.
Something like the "Z" in "Warez" and Appz", which made clear, that this site is releasing cracked software.

[Kakmakr]

No matter what these people are doing < definition is not that important > it should be noted that there are active attempts by someone to steal our coins from many platforms. Change your passwords regularly and do not re-use the same passwords for all the different services.

Thanks OP, for giving everyone a early warning about this. ^smile^

[davis196]

Some asshole initiated a phishing campaign against the users of BTC-e and BitcoinTalk.
They are exploiting the leaked DBs from the major hacks in 2014 and 2015 respectively.

The ones I detected are:
1) Targeting BTC-E users: spoofed emails from LocalBitcoins
2) Targeting BTC-E users: spoofed emails from Blockchain.info
3) Targeting BitcoinTalk users: fake emails from Btc-e with some attached payload.
4) +Several failed login attempts.

The last thing I heard was that the BitcoinTalk DB was being offered for sale in 2016.
Considering this "explosive" sudden campaign my speculation is that either some asshole bought it or it was finally released to the public.

Users of BTC-e and BitcoinTalk who used the same emails to register to all these sites should take extra precaution.
I highly suggest to change not only the passwords of every service (if you haven't already... come on, it's been more than 3 years) AND ALSO change your email addresses.

I don`t have a BTC-e account and i changed my bitcointalk email one month ago.
This is enough for my account security,i quess.
Hackers are trying to hit the bitcoin price back to 1000 USD.

[sportis]

Hopefully I use a different email account for bitcointalk and localbitcoins. I have never notice any phishing attempt for the latter site. The truth is that I have a long time to use it and maybe this is the reason nobody interests about me. However thanks the @OP to aware us of these incidents.

[buwaytress]

Then it should be called "fishing"...if these people are trying to fish your password, private keys, bank info, etc.

The word was poorly chosen from the beginning. Everyone should stop using it. It makes no sense.

This really reminds me about pointless arguments about how to pronounce GIF... even the suggested pronunciation by its creators is never seen as definitive because there will always be people out there who think of language in their own rigid terms.

Phishing has been in use for 20 years and is accepted terminology.

[bitsalame]

Then it should be called "fishing"...if these people are trying to fish your password, private keys, bank info, etc.

The word was poorly chosen from the beginning. Everyone should stop using it. It makes no sense.

This really reminds me about pointless arguments about how to pronounce GIF... even the suggested pronunciation by its creators is never seen as definitive because there will always be people out there who think of language in their own rigid terms.

Phishing has been in use for 20 years and is accepted terminology.

Sounds like some kids just graduated from grammar school... it it is typical of teenagers to be hypercorrecting shit.

@HabBear Phishing is a established terminology in computer security, it describes a specific social engineering modality.
Go check the dictionary, the neologism has been added to every reputable dictionary available.

[Dogeboi3210]

Some asshole initiated a phishing campaign against the users of BTC-e and BitcoinTalk.
They are exploiting the leaked DBs from the major hacks in 2014 and 2015 respectively.

The ones I detected are:
1) Targeting BTC-E users: spoofed emails from LocalBitcoins
2) Targeting BTC-E users: spoofed emails from Blockchain.info
3) Targeting BitcoinTalk users: fake emails from Btc-e with some attached payload.
4) +Several failed login attempts.

The last thing I heard was that the BitcoinTalk DB was being offered for sale in 2016.
Considering this "explosive" sudden campaign my speculation is that either some asshole bought it or it was finally released to the public.

Users of BTC-e and BitcoinTalk who used the same emails to register to all these sites should take extra precaution.
I highly suggest to change not only the passwords of every service (if you haven't already... come on, it's been more than 3 years) AND ALSO change your email addresses.

I've definitely gotten some sketch emails related to BTC-E. People need to be careful around these emails, because one mistake and your BTC is gone.

[Wind_FURY]

If you lurk in this forum long enough, you should know better than to click links from random users. Bitcoin is reaching new all time highs. It is to be expected that scammers and thieves start working again.

You clearly don't understand what phishing is, if you think you will be getting email looking like actually coming from a random person.
Read again my OP and try to deduce it again.

Yes sorry. Phishing are emails that look like the real thing but actually is not. But the point is still the same. Scammers and thieves are more motivated to steal now that Bitcoin is reaching new all time highs.

[bitsalame]

Yes, but it is not just about being "more" active.
The things that grabs my attention is that they are being active at all. They could have exploited these leaks any time before.
I had zero phishing emails before, they kept them dormant for 4/5 years and they suddenly exploiting both userbases at the same time.

[Wesimon]

Please stop calling it phishing. That word doesn't mean anything related to IT, email, or hackers. The first rule about naming new "things" is to give it a name that relates to that "thing's" definition. Phishing isn't it. We need to stop using that word.

What are the spoofed emails asking for? How would we know if the email we received was part of this email hack?

Thanks for the PSA!

Why should we stop using the term "phishing"? It is a jargon or technical term in the field of computing (computer) so there is nothing wrong about using it. As defined on wikipedia, phishing is a term that pertains to maliciously attempting to get your private information such as username, password, etc. by disguising themselves as a trustworthy entity.

I do not know what is your deal with "phishing" at all. We should stop using that term if it is inappropriate but since it's the right term for the issue and it is the issue, then use it. You can always use other terms but all have their freedom to use any term they want so why force us to stop using that term.

[btcforall777]

I got 1 spoofing BTC-E.com. But I was not a dumb head to click on it.