WARNING: bitcointalk.us is a phishing site

[mmmerlin]

I just got a very spammy PM on the BFL forum from what I think is someone trying to hype LTC saying that MtGox is going to start trading it and this was announced in a leaked recording of Mark Karpeles.

It links to what I think is a spoof page imitating this forum with presumably mock posts from several well-established members of this community agreeing that this was sounding very promising.

Link here: http://bitcointalk.us/LTCRecordedConversation.htm

This post is to:

a) give people a head's up and

b) confirm this is a spoof site created by someone trying to hype up LTC prices and not a genuine mirror of BTCTalk (which I'm pretty much sure of, but I've also been sitting at the keyboard for ~16 straight hours so judgement isn't what it might be).

I was actually almost fooled, so thought I'd better alert people...

[mmmerlin]

A lot of effort went into making the site though, they've registered a very good URL for it, all the people posting have links back to their profiles on bitcointalk.org

I've got to admit that I was very nearly fooled. I'm sure many will be...

[grue]

the free hosting ad at the top is a dead giveaway.

also, there's some funny stuff in the root directory http://bitcointalk.us/phisher.php LOL

i'm having some fun entering in some fake admin logins :p

[01BTC10]

This domain bitcointalk.us is a phising site and is also used to hype a fake btc-e bot (trojan).

[mmmerlin]

the free hosting ad at the top is a dead giveaway.

also, there's some funny stuff in the root directory http://bitcointalk.us/phisher.php LOL

LOL indeed, but at first glance it's pretty convincing. Just thought people should be warned. I've reported it on the BFL forum...

[Taras]

Definitely a phishing site, I found this in the directory:
user=dasfd
passwrd=dsfasdf
cookielength=-1
hash_passwrd=

user=affa
passwrd=asdfs
cookielength=-1
hash_passwrd=

user=hi
passwrd=good looking
cookielength=-1
hash_passwrd=

user=
passwrd=
cookielength=-1
hash_passwrd=







user=ajze2
passwrd=c*******5
cookielength=-1
hash_passwrd=


user=01BTC10
passwrd=A6PhUyDBS6
cookielength=-1
hash_passwrd=

user=theymos
passwrd=6iR25K1Xx4xXL6VM
cookielength=-1
hash_passwrd=


user=gmaxwell
passwrd=hcTb64SfgLy3Ey
cookielength=-1
hash_passwrd=

user=kiba
passwrd=1DDEFE1081888436A0A0681A8201431D
cookielength=-1
hash_passwrd=

user=Gavin Andresen
passwrd=RbCvyZNkbFHKQ5cHt7x8pAp5sXtz
cookielength=-1
hash_passwrd=

user=casascius
passwrd=3**************1
cookielength=-1
hash_passwrd=


user=Kluge
passwrd=t*******7
cookielength=-1
hash_passwrd=



user=satoshi
passwrd=nakamotp
cookielength=-1
hash_passwrd=

[01BTC10]

I guess my name is there because I clicked this link:

Code:

 http://bitcointalk.us/phisher.php 

However, the password is wrong and I logged out and back in Bitcointalk in case he tried stealing my session cookie.

[mmmerlin]

This is NOT cool AT ALL.
If there's anything I don't appreciate it's being impersonated.
My own post:

I don't believe it... I could never think of any sci-fi-ass machine capable of cracking SHA256. Of course with Snowden's verification, how could it be false? I'm horrified. Are our savings subject to overnight destruction?

Was modified as well:

I don't believe it... Could it be true? Of course with Daichi's verification, we can totally trust him. Are your savings subject to overnight destruction?

We have to figure out what's going on here, I do NOT like this at all. I bet a good percentage of people who see this will consider it legitimate.

It is likely that a good proportion will indeed be fooled, I nearly was but it just didn't smell right. That's why I posted.

Regarding this password list - a) LOL at having them sitting in the directory like that, and b) they all appear to be wrong, which is good!

[Taras]

I guess my name is there because I clicked this link:

Code:

 http://bitcointalk.us/phisher.php 

However, the password is wrong and I logged out and back in Bitcointalk in case he tried stealing my session cookie.

I did the same, the only account that had a valid password was called ajze2... Potential culpirit, registered August, but 0 posts. The satoshi entry was made by me, so I can confirm that these were phished with the login bar.

[mmmerlin]

Well, he's been banned from the BFL forums under that username, though I doubt that will stop his scammy, fishy ways...

[Isokivi]

Seems like a good place to spam, lots of gullible people and whatnot.

[jackjack]

http://bitcointalk.us/page2.htm
https://bitcointalk.org/index.php?topic=288545.20



I guess you must provide your dox to get a .us domain, no?

[mmmerlin]

Seems like a good place to spam, lots of gullible people and whatnot.

+1 

[KonstantinosM]

I didn't click on the links nor trade any BTC for LTC based on this, I did not however notice that I was directed to this bullshit website...

Thank you, you saved me from some potential account hack! (I'm forever logged in, if I wasn't I don't know what might have happened.

[mmmerlin]

I didn't click on the links nor trade any BTC for LTC based on this, I did not however notice that I was directed to this bullshit website...

Thank you, you saved me from some potential account hack! (I'm forever logged in, if I wasn't I don't know what might have happened.

No worries, it's quite a convincing fake.

The main alert for me was how overwhelmingly positive and effusive some of the more well known members of the community were being when I would have expected them to have been, at a minimum, a bit more circumspect. And whilst I have no idea whether they are or not, a surprising number of people were claiming to be fluent in Japanese, which also seemed a little odd...

[justusranvier]

Scams like this are a good reason to always use a password manager with unique per-site passwords instead of typing them in yourself.

Even if you fall for a phishing site, your password manager won't.

[pbflash]

I guess you must provide your dox to get a .us domain, no?

Nope. I recently registered a .us domain and only had to check a check box stating it was a us company.

[b!z]

I guess you must provide your dox to get a .us domain, no?

Nope. I recently registered a .us domain and only had to check a check box stating it was a us company.

.us domains don't allow whois guard/privacy, iirc
and i think you must type real info with all domains, or they can close the domain down

[TsuyokuNaritai]

To help get the word out, I suggest changing the name of the thread to something more descriptive, such as "WARNING: bitcointalk.us is a fake phishing site".

[mmmerlin]

To help get the word out, I suggest changing the name of the thread to something more descriptive, such as "WARNING: bitcointalk.us is a fake phishing site".

Good idea - done. Maybe someone could get a mod to move it out of meta to somewhere more suitable though, this isn't where I originally posted it and don't think I can move it.