dkbit98 (OP)
Legendary
 Offline
Activity: 2408
Merit: 7548
|
 |
August 07, 2019, 09:26:54 PM
Last edit: April 02, 2022, 04:48:23 PM by dkbit98 Merited by suchmoon (4), vapourminer (3), Lauren Smith (3), LoyceV (2), Halab (2), DdmrDdmr (2), bones261 (2), Daniel91 (1), seoincorporation (1), Lafu (1), Pmalek (1), Coin-1 (1), bakasabo (1), tranthidung (1), morvillz7z (1), DireWolfM14 (1), hd49728 (1), Bttzed03 (1), rhomelmabini (1), marlboroza (1), big_daddy (1), Heisenberg_Hunter (1), CucakRowo (1), lulucrypto (1), Dzeronimo (1), SuperTA (1) |
|
Hello my fellow Bitcointalkers!
Today I will show you how one scammer tried to hack my Bitcointalk account,
and I will teach you how to prevent any future similar hack attack.
1. I received PM from unknown member with this content 2. DO NOT click on any link as it redirects you to FAKE Bitcointalk clone website from Turkey.
With intention to collect your Login information and password, and takeover your account. 3. ALWAYS check website Link in address bar, and if it is safe HTTPS.
4. Always check user trust and profile and again DO NOT CLICK on any links.
When you hover over with mouse over link that is outside this forum, color will be blue
When you hover over link and you see green color, that is link inide Bitcointalk forum.
Here we have clear case of hacked account: kingpin4321
- password is changed recently
https://bitcointalk.org/index.php?action=profile;u=2447711
  5. Report user to admin/moderator and give him negative trust. 6. Report phishing website to Google and Symantec.https://submit.symantec.com/antifraud/phish.cgihttps://safebrowsing.google.com/safebrowsing/report_phish/?hl=enhttps://www.phishtank.com/https://www.comodo.com/home/internet-security/submit.php?7. Learn how to protect yourself better. - use Firefox browser or fork called LibreWolf, it shows you warnings for unsecure logins, and it is more secure than Chrome browser. Alternative is Brave browser. - use browser extensions: HTTPS everywhere, ClearURL, NoScript or uMatrix (for experts) - always double check your browser address bar for changes. - bookmark you favorite websites and use password managers like KeePass. - stake your Bitcoin address on forum to prove ownership of your Bitcointalk account -> Stake your Bitcoin address here- install Malwarebytes Browser Extension[/b] for protection8. Ask me if you have any questions.I will update this topic with more information if needed.
Thank you for your attention. Translated and adapted to Russian language by bakasabo: https://bitcointalk.org/index.php?topic=5173654.msg52098506#msg52098506[LEARN] Phishing Quizzes - Beginners & Experts 👈
|
|
|
|
Lafu
Legendary
Offline
Activity: 3150
Merit: 3223
|
|
August 07, 2019, 09:41:50 PM |
|
Nice guide and Information about that phishing site and how they doing it .
Hope that this are reading a lot of users and that not much fall into the trap with that .
Nice catch .
|
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
Thanks. One more thing I noticed, after I entered fake account information with password FU.K YOUXXX is that it redirects me to regular Bitvest Plinko Signature Campaign after it takes my 'login details' https://bitcointalk.org/index.php?topic=5088858.0Maybe lightlord, creator of this topic, should be contacted regarding this, just that he is aware of the situation. They are probably using other random links, with malicious attachments. One more way to super protect is to install browser extension called NoScript, but it is a bit complex. |
|
|
|
|
big_daddy
|
On this forum, when you rollover with the cursor the link is green if it’s a link from this forum, it’s blue, if is a link outside of this forum
So, this is also a way to prevent to click on a scam link
|
If you don't believe it or don't get it, I don't have the time to try to convince you, sorry.
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
August 07, 2019, 09:56:23 PM |
|
On this forum, when you rollover with the cursor the link is green if it’s a link from this forum, it’s blue, if is a link outside of this forum
So, this is also a way to prevent to click on a scam link
I will add that also. Thanks |
|
|
|
morvillz7z
Legendary
Offline
Activity: 2366
Merit: 2128
Join the world-leading crypto sportsbook NOW!
|
|
August 07, 2019, 10:19:16 PM |
|
I think kingpin4321 fell for the exact same thing. Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag.  A third known case (possibly even more) within the past 36 hours: Link |
|
|
|
|
CucakRowo
|
|
August 07, 2019, 10:29:54 PM |
|
To OP,
Mind to create flag for kingpin4321?
i will support you.
|
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
August 07, 2019, 10:33:30 PM |
|
To OP,
Mind to create flag for kingpin4321?
i will support you.
I can do it... my only concern is that it is a hacked account, and even if I want to punish the hacker, I also want to bring back original user kingpin4321. Maybe it is best to wait for moderators to decide. EDIT: I created it. Who knows how many users he contacted... |
|
|
|
tranthidung
Legendary
Offline
Activity: 2450
Merit: 4273
Farewell o_e_l_e_o
|
|
August 08, 2019, 02:21:11 AM |
|
I think it is good to use Trust, rather than Flag. Of if you still want to use Flag, it should be a Newbie Flag, as this Flag created by admin, on @newsilike: https://bitcointalk.org/index.php?action=trust;u=157669That guy has not broken any contract with you, and has not yet stolen your money. |
|
|
|
|
darklus123
|
|
August 08, 2019, 03:40:31 AM |
|
Nice catch tho, it can really be pretty obvious attempt from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy. ~
As if lightlord would even care. There is also actually no point in letting him know. |
|
|
|
|
|
rhomelmabini
|
|
August 08, 2019, 05:42:51 AM |
|
Nice catch tho, it can really be pretty obvious attempt from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy.
Well, I've got this assumption that the hacker thinks he can get as this user is just a Member rank and have little to know about phishing. Not knowing what he tried to mess is a techy guy and even surpass him on the knowledge about those kinds of things. It might be good to move this one on B&H board as it is more appropriate there. Nice catch OP. |
|
|
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
August 08, 2019, 07:37:12 AM
Last edit: August 08, 2019, 08:05:29 AM by dkbit98 |
|
Nice catch tho, it can really be pretty obvious attempt from the hacker. I just wondered why choose your account over a higher account which he can benefit more, hmm sounds fishy. ~
As if lightlord would even care. There is also actually no point in letting him know. Same reason why he hacked user kingpin4321and maybe he thinks members like me are stupid brainless sheeps. Thank you for your 'advice'. Thanks. Fake bitcointalk login website is still very much active! I noticed that time is not changing on fake site June 07, 2019, 10:23:06 PM for now https://whois.domaintools.com/sebiltv.com.tr   |
|
|
|
Bttzed03
Legendary
Offline
Activity: 2114
Merit: 1150
https://bitcoincleanup.com/
|
|
August 08, 2019, 08:14:06 AM |
|
I wonder why the account (kingpin4321) isn't tagged yet. I created it.
Add the flag in your OP. |
|
|
|
|
Saint-loup
Legendary
Offline
Activity: 2786
Merit: 2428
|
|
August 08, 2019, 09:01:52 AM
Last edit: August 08, 2019, 09:17:38 AM by Saint-loup |
|
I wonder why the account (kingpin4321) isn't tagged yet. I created it.
Add the flag in your OP. I've supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account or a bought account. But yes I'm a little bit surprised to see that so few people have already done the same.  https://bitcointalk.org/index.php?action=trust;u=2447711 |
|
|
|
LoyceV
Legendary
Offline
Activity: 3486
Merit: 17627
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
August 08, 2019, 09:04:17 AM |
|
Can you copy the URL as shown in the PM? I'm asking because you can't do this (I can't even do it within quote tags, so I've replaced the "/" by "slash"): [url=https://bitcointalkFAKE.org]http://bitcointalk.org[slashurl] It shows like this: https://bitcointalkFAKE.orgI think the scammer replaced the lower case L by an upper case i: [url=https://bitcointalkFAKE.org]https://bitcointaIk.org[/url] And now it works: https://bitcointaIk.org |
| | Peach
BTC bitcoin | │ | Buy and Sell
Bitcoin P2P | │ | .
.
▄▄███████▄▄
▄██████████████▄
▄███████████████████▄
▄█████████████████████▄
▄███████████████████████▄
█████████████████████████
█████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA
LATIN AMERICA | | | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
█████████████▀
▐███████████▌
▐███████████▌
█████████████▄
██████████████
███▀███▀▀███▀ | .
Download on the
App Store | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀ | .
GET IT ON
Google Play | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ |
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
August 08, 2019, 09:10:30 AM |
|
I wonder why the account (kingpin4321) isn't tagged yet. I created it.
Add the flag in your OP. I supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account, it could have been bought too. Someone stated this before: I think kingpin4321 fell for the exact same thing. Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag. A third known case (possibly even more) within the past 36 hours: LinkAnd I checked his history also. |
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
Can you copy the URL as shown in the PM? I'm asking because you can't do this (I can't even do it within quote tags, so I've replaced the "/" by "slash"): [url=https://bitcointalkFAKE.org]http://bitcointalk.org[slashurl] It shows like this: https://bitcointalkFAKE.orgI think the scammer replaced the lower case L by an upper case i: [url=https://bitcointalkFAKE.org]https://bitcointaIk.org[/url] And now it works: https://bitcointaIk.orgSure I can. Here it is: https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782 Active now: http://sebiltv.com.tr/index/index.php?topic=5088858.0&
Do NOT visit this links! |
|
|
|
LoyceV
Legendary
Offline
Activity: 3486
Merit: 17627
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
August 08, 2019, 09:21:10 AM |
|
https://bitcointalk.oгg/index.php?topic=5154525.0#msg51488782 Firefox expands it to this: https://bitcointalk.xn--og-hlc/index.php?topic=5154525.0#msg51488782 And then obviously can't find the site. If I try this (the first 5 characters copied from the URL from the PM, then "test" added by me: Firefox turns it into this: http://www.k.xn--ogtest-pof/ What kind of sorcery is this? It reminds me of the homograph attack, which is now automatically replacred on all English boards. This is the culprit: Google confirms it's Cyrillic: https://en.wikipedia.org/wiki/Ge_(Cyrillic) I guess theymos missed this one. |
| | Peach
BTC bitcoin | │ | Buy and Sell
Bitcoin P2P | │ | .
.
▄▄███████▄▄
▄██████████████▄
▄███████████████████▄
▄█████████████████████▄
▄███████████████████████▄
█████████████████████████
█████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA
LATIN AMERICA | | | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
█████████████▀
▐███████████▌
▐███████████▌
█████████████▄
██████████████
███▀███▀▀███▀ | .
Download on the
App Store | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀ | .
GET IT ON
Google Play | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ |
|
|
|
Saint-loup
Legendary
Offline
Activity: 2786
Merit: 2428
|
|
August 08, 2019, 09:24:50 AM |
|
I wonder why the account (kingpin4321) isn't tagged yet. I created it.
Add the flag in your OP. I supported the flag and tagged it since this account obviously tried to hack the OP. But we don't know if it's a hacked account, it could have been bought too. Someone stated this before: I think kingpin4321 fell for the exact same thing. Yesterday in Services someone posted a fake giveaway with a link to a phishing Bitcointalk clone, he was first to reply. I guess I was late with my tag/flag. A third known case (possibly even more) within the past 36 hours: LinkAnd I checked his history also. Why the real owner doesn't say anything, if his account had been hacked? He would already come in meta or on this thread to report the hack, no? There is something fishy. |
|
|
|
|
