I think the .us would be the first sign.
~BCX~
Well, I almost fall for it
![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif)
The download was a .zip file, had it be an .exe I would of know it was a scam right away.
![Grin](https://bitcointalk.org/Smileys/default/grin.gif)
But the "story" was really well done, it was actually an interesting reading
![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif)
http:// bitcointalk .us/
lolwut
edit: Yes, passes.txt is what you think. WTF
edit: the amount of boot.ini and win.ini in that file is interesting, i bet the site has some drive by shit aswell.
I found "http:// bitcointalk .us/" too, but didn't want to make it public because of the passes.txt
I'm new to bitcointalk so I didn't know who theymos was until I searched his profile. Let's hope those password aren't real
![Roll Eyes](https://bitcointalk.org/Smileys/default/rolleyes.gif)
now that it's public, let's hope those people who tried to log in are aware of the phishing and have changed their password.