Phishing?

[ThorbenS]

Hi,

i just received a mail with topic "Reset password for Bitcoin Forum" claiming to be sent from noreply@bitcointalk.org

Inside there are two links to the domain http://bitcointclk.org  .. i think -> nice try

Feel free to open an abuse-ticket and don't get fooled...


----
#
Domain Name: BITCOINTCLK.ORG
Registry Domain ID: D402200000004566323-LROR
Registrar WHOIS Server: whois.ilovewww.com
Registrar URL: ilovewww.com
Updated Date: 2017-12-17T01:19:54Z
Creation Date: 2017-12-16T22:28:27Z
Registry Expiry Date: 2018-12-16T22:28:27Z
Registrar Registration Expiration Date:
Registrar: Shinjiru MSC Sdn Bhd
Registrar IANA ID: 1741
Registrar Abuse Contact Email: tildadmin@ilovewww.com
Registrar Abuse Contact Phone: +603.79871191
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Registry Registrant ID: C23711765-LROR
Registrant Name: Domain Admin
Registrant Organization: Privacy Protect, LLC (PrivacyProtect.org)
Registrant Street: 10 Corporate Drive
Registrant City: Burlington
Registrant State/Province: MA
Registrant Postal Code: 01803
Registrant Country: US
Registrant Phone: +1.8022274003
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: contact@privacyprotect.org
Registry Admin ID: C23711765-LROR
Admin Name: Domain Admin
#
----

[1713928887]

1713928887

[Welsh]

Nice spotting. Unfortunately, this fools a lot of people and it's very difficult to prevent it.  Probably sent by one of the many account sellers over in the marketplace looking to hack the account and get rid of it at soon as possible.

[Jet Cash]

Thanks for the heads up, and well worth a point for pointing it out.

I think it should be on the scms board though, but it will probably get more exposure here.

[aoluain]

Thanks for the heads up.
This is strange that you got this and happen to be a member of the forum.
I wonder how many other members go this Phishing mail?

To date I have never clicked on suspicious mail, even though I suspect today
suspicious mail can be made to look genuine.

at a glance BITCOINTCLK.ORG can look the real deal, just goes to prove how
something simple can catch people out.

Check and re-check before clicking!!

[guschin]

It is sad to see people trying to fool other just to make money. I mean how hard is it to make a real profile here and rank up to earn with own profile. I just hope that these people get caught and are punished for these illegal things. You should report them to cyber police in your country.

[treatWy]

I wonder how many other members go this Phishing mail?

suspicious mail can be made to look genuine.

at a glance BITCOINTCLK.ORG can look the real deal, just goes to prove how
something simple can catch people out.

Check and re-check before clicking!!

In the first look it seems real but look intimately the letter A in bitcointalk.org became C. Wow looks like legit but counterfeit. I learned to you. Thank you very much

[malikusama]

Not a new thing to be discussed, i have already seen many replica sites with some changing in the URL.
A wise person will always check the URL sent through emails and PMs.
Mostly low ranked users gets into this trap.

[amouretpaix]

Hello, I received the same

Dear,

This mail was sent because the 'forgot password' function has been applied to your account.
IP: 102.16.21.142

If you tried it really, please AUTHORIZE and apply your password reset.
Authorize

If you did NOT, DEAUTHORIZE and confirm your credential. (Then, you don't need to change your password since it is still safe and secure.)
Deauthorize



Regards,
The Bitcoin Forum Team.

L'IP est  :

NetRange: 102.0.0.0 - 102.255.255.255
CIDR: 102.0.0.0/8
NetName: AFRINIC-102
NetHandle: NET-102-0-0-0-1
Parent: ()
NetType: Allocated to AfriNIC
OriginAS:
Organization: African Network Information Center (AFRINIC)
RegDate: 2011-02-10
Updated: 2011-02-10
Comment: This IP address range is under AFRINIC responsibility.
Comment: Please see http://www.afrinic.net/ for further details,
Comment: or check the WHOIS server located at whois.afrinic.net.
Ref: https://whois.arin.net/rest/net/NET-102-0-0-0-1

ResourceLink: http://afrinic.net/en/services/whois-query
ResourceLink: whois.afrinic.net

OrgName: African Network Information Center
OrgId: AFRINIC
Address: Level 11ABC
Address: Raffles Tower
Address: Lot 19, Cybercity
City: Ebene
StateProv:
PostalCode:
Country: MU
RegDate: 2004-05-17
Updated: 2015-05-04
Comment: AfriNIC - http://www.afrinic.net
Comment: The African & Indian Ocean Internet Registry
Ref: https://whois.arin.net/rest/org/AFRINIC

ReferralServer: whois://whois.afrinic.net
ResourceLink: http://afrinic.net/en/services/whois-query

OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net
OrgAbuseRef: https://whois.arin.net/rest/poc/GENER11-ARIN

OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net
OrgTechRef: https://whois.arin.net/rest/poc/GENER11-ARIN

Unfortunately I clicked the Deauthorize link    .... but nothing happen... Does the link is dangerous (virus, malware, password scanning application )
I never give my password or anything.

Thank you
Best regards