Possible Phishing Link from user - Aid Needed.

[Aventhe]

A few minutes ago I got sent the following message from AlexUAE777



Without thinking, I clicked on the link and it turns out the link is (check bottom left corner):



Clearly it is fake, and has been altered to look legitimate. I have since then changed my password, however can someone tell me if I am at risk of other data beeches or should I update passwords on everything or maybe even reset windows.

When I clicked on the link it brought me to a Bitcointalk.org login page and asked for my login, however I didnt put anything into it just pressed the backspace to go back to the normal forum. Would this save my info or could it still have been stolen?

(I've talked to the account owner on Telegram and apparently the account was compromised for this message to be sent.)
-Av.

[1714857298]

1714857298

[1714857298]

1714857298

[1714857298]

1714857298

[Aventhe]

I tried to shutdown my computer and a weird program was still running that would stop it the shutdown process. Possible malware? If yes, can they still access files after a PC format?

[EcuaMobi]

When I clicked on the link it brought me to a Bitcointalk.org login page and asked for my login, however I didnt put anything into it just pressed the backspace to go back to the normal forum. Would this save my info or could it still have been stolen?

If you didn't enter your password there then you should be fine.

I tried to shutdown my computer and a weird program was still running that would stop it the shutdown process. Possible malware? If yes, can they still access files after a PC format?

It's not very likely anything got installed just from opening the page. Did you download anything? Did you do anything else at all?
But that does look like malware if it stops the shutdown process. If you format the PC you will get rid of everything, but when you restore your files you may re-install whatever you have now.
Make sure to have a proper antivirus.


Please report his PM and in the comment ask the moderator to post here confirming the veracity of the PM. Then I'll tag AlexUAE777 to try and stop him.
Or you can temporarily allow me or another trusted user to access your account to verify the PM is real

[pugman]

Since you didn't enter any details, your account is not in risk. Had you entered your credentials and logged in, things would have scaled across in a different way. But luckily that did not happen. This link in the image has the website myrippleaddress.com and here's what virustotal.com had to say on it.
myrippleaddress.com : https://www.virustotal.com/#/domain/myrippleaddress.com
bitcointalk.org-index.php: https://www.virustotal.com/#/url/91fbdb8a19b736f71be20933629937b4ef2f15ac60702ceea277dd71d21872f0/detection
I'd suggest you to install malwarebytes.

[AlexUAE777]

First of all. I didn't send any link to the topic starter.
He contacted me in Telegram and asked why do I have to send him phishing link.
I was out of the city and couldn't react immediately, since I hadn't laptop with me.
With 15-20 minutes I was able to log into my account and check Outbox for mentioned message & link there was no such message.
Aventhe reported that my account was online, while I wasn't logged in and when I logged in I saw that account total logged in time is 16 hours 30 minutes.
I suppose that if the message was really sent, it could be my account was hacked, so I changed my pw.
Didn't find where to look for access IP list, so perhaps we need someone with admin rights to check it further.

https://i.imgur.com/aaGWL5p.jpg

[AlexUAE777]

May I ask why user with nickname Vod (https://bitcointalk.org/index.php?action=profile;u=30747) put a distrust on me with reference to this topic?
I didn't send any link!!!

[EcuaMobi]

May I ask why user with nickname Vod (https://bitcointalk.org/index.php?action=profile;u=30747) put a distrust on me with reference to this topic?
I didn't send any link!!!

If the PM was sent from your account then your account does deserve negative trust, regardless of the IP. It's trivial to use another IP so you can't prove it wasn't really you. And even if you account was really compromised then it deserves negative trust because it can be compromised again.

I've asked OP to prove the PM is real. If it is then I'll tag you too. If he doesn't prove it after some days you could ask vod to remove the feedback he's left on your profile

[Vod]

I've asked OP to prove the PM is real. If it is then I'll tag you too. If he doesn't prove it after some days you could ask vod to remove the feedback he's left on your profile

I've also asked the OP to prove the PM was real, and will remove my negative trust if proof is not provided.

[Aventhe]

I've asked OP to prove the PM is real. If it is then I'll tag you too. If he doesn't prove it after some days you could ask vod to remove the feedback he's left on your profile

I've also asked the OP to prove the PM was real, and will remove my negative trust if proof is not provided.

Fuck, I've already deleted the PM in case I accidentally click on it from another device, bad choice right there as I should have waited. If someone does have the balls to enter that url, you will know it is legitimate.

+ I also took a screenshot of the PM on my phone before I deleted it, idk if that helps. I hope it's understandable I don't like malware laying around in my messages.

[Aventhe]

However I do have the Bitcointalk PM notification via e-mail setup, and here is the message:

Notice the timing matches up. Also, I am more than willing to give someone my email login to verify the message and check the sender's address (if it is actually Bitcointalk).

Even if the message content can't be verified, a message was sent and that for sure can be verified.

EcuaMobi, no I didn't input anything into the webpage, but I still believe it was malware. Lauda via Telegram in brief explained that with JS it can be anything.

Edit: if I am not incorrect, emails don't show what the user has written the url to look like, but rather what it redirects to.

[Aventhe]

When I clicked on the link it brought me to a Bitcointalk.org login page and asked for my login, however I didnt put anything into it just pressed the backspace to go back to the normal forum. Would this save my info or could it still have been stolen?

If you didn't enter your password there then you should be fine.

I tried to shutdown my computer and a weird program was still running that would stop it the shutdown process. Possible malware? If yes, can they still access files after a PC format?

It's not very likely anything got installed just from opening the page. Did you download anything? Did you do anything else at all?
But that does look like malware if it stops the shutdown process. If you format the PC you will get rid of everything, but when you restore your files you may re-install whatever you have now.
Make sure to have a proper antivirus.


Please report his PM and in the comment ask the moderator to post here confirming the veracity of the PM. Then I'll tag AlexUAE777 to try and stop him.
Or you can temporarily allow me or another trusted user to access your account to verify the PM is real

Could theymos verify that such email has been sent to me, or is that out of the boundaries?

[nguyenkhanhhung14]

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia ). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

[EcuaMobi]

However I do have the Bitcointalk PM notification via e-mail setup, and here is the message: [img ]http://https://i.imgur.com/XdMOS3X.png[/img]

Aventhe has granted me temporary access to his email account and I've verified this email.
I've checked the headers and compared it with notifications from PMs I sent to him and, to my knowledge, the email seems real.

I'm tagging AlexUAE777.

[Aventhe]

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia ). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

[nguyenkhanhhung14]

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia ). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

Maybe he felt to hard to get enough 100 Merits to get to Full Member rank so he tried to hack Full member account in this forum and your account look really good cause you have managed few bounty campaigns before ). Or maybe this one is not only sent for you, he sent it for hundreds other member one by one then he could easily clean his Outbox by deleting all his sent PM .

[Aventhe]

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia ). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

Maybe he felt to hard to get enough 100 Merits to get to Full Member rank so he tried to hack Full member account in this forum and your account look really good cause you have managed few bounty campaigns before ). Or maybe this one is not only sent for you, he sent it for hundreds other member one by one then he could easily clean his Outbox by deleting all his sent PM .

I guess so, however the code was specifically made for me. My Account name & the numbers in the end of the url is the thread number to my Datecoin signature campaign.

[nguyenkhanhhung14]

If you didn't fill your login via this link I think your account still safe. You no need to worry about it. I also had the same problem like this with fake Coinbase email before. I received an email from Coinbase warn that my account logged in from Russian while I'm living in Asia ). I clicked at the link and it also asked me to login to my Coinbase but luckily I didn't do that and for now my Coinbase account and all my balance still safe

But this was only sent to me, and it is more targeted than an email sent to thousands.

Thanks EcuaMobi for verifying the email. If vod, Lauda or anyone else trusted also wants to verify, I am more than happy.

Maybe he felt to hard to get enough 100 Merits to get to Full Member rank so he tried to hack Full member account in this forum and your account look really good cause you have managed few bounty campaigns before ). Or maybe this one is not only sent for you, he sent it for hundreds other member one by one then he could easily clean his Outbox by deleting all his sent PM .

I guess so, however the code was specifically made for me. My Account name & the numbers in the end of the url is the thread number to my Datecoin signature campaign.

Finally you can ensure that your account still safe and nobody will fall into this phishing trap anymore cause this amateur hackers have been exposed. . I think this is the last time you click on any link without checking the bottom left corner . 

[BCTBF]

I experienced it too, but with the difference I was not redirected to the login page, but strangely when I got a link like that, I was redirected to a thread and I logout by itself. But after I felt something strange, I immediately retyped bitcointalk.org in the address bar, and I went back to my account and without the need to login. I think that's very strange.

[warningsigns]

Just curious. What exactly do these phishers aim to achieve by penetrating the accounts? It's not like they can steal coins within the short time span when the genuine owners realize what happened and the accounts are then tagged for being hacked into.

Or is it a quick sale? Which seems unlikely, given they first need to put up ads which would be open for all to see, including DT members.

Neither will taking out loans work. This is a painstakingly time consuming process involving signing of staked addresses etc. And lenders do a systematic check of the forum for any record of the account having any open and unresolved issues.

[Aventhe]

I experienced it too, but with the difference I was not redirected to the login page, but strangely when I got a link like that, I was redirected to a thread and I logout by itself. But after I felt something strange, I immediately retyped bitcointalk.org in the address bar, and I went back to my account and without the need to login. I think that's very strange.

Well, that's kinda what happened to me.