[UPDATES] Blockchain.com Clone - PHISHING (New: Google Docs Malware)

[keychainX]

Original website:
https://blockchain.com or https://blockchain.info

Known original email:
noreply@blockchain.com
no-reply@blockchain.info[/size]

Updates: Some thread must read by newbies or anyone that doesn't care about phishing before:

• Half of all Phishing Sites Now Have the Padlock Sign - by Pmalek
  
• What is Punycode and how to protect yourself from Homograph Phishing attacks? - by wwzsocki
  
• Chainlink phishing SCAM - chianlink.io - by dkbit98
  
• [Warning] Phising Exodus Website [exodlus.io] - by DroomieChikito
  
  

Its not enough to just check sender e-mail, there is software that can fake a real blockchain from sender name, but when you click on link it will reroute you to the fake site.

Best practice would be if you did not expect any mail, just remove it without opening. By just click open the spammer will know you took action and opened it, its called 1-pixel tracker and is used as a marketing technique. The sender will know your ip and date/tine of touching the mail.

/KX

[panganib999]

Please double check sender of the email you received.

This is indeed the first that must be done once we recieve an email. If the sender isn't someone we know, don't shut guard down. As much as possible if the email was from a stranger, ignore it or if you consider reading it, never click any links that are attached to it. People are getting to greedy and greedy as time goes by and tgey are willing to do anythung just to phish something from you. The site seems legit but is actually a fake, never trust the looks and make sure to get to know legitimate sites so you can distinguish which is fake and whixh is not.p"0"

[masulum]

Its not enough to just check sender e-mail, there is software that can fake a real blockchain from sender name, but when you click on link it will reroute you to the fake site.

Best practice would be if you did not expect any mail, just remove it without opening. By just click open the spammer will know you took action and opened it, its called 1-pixel tracker and is used as a marketing technique. The sender will know your ip and date/tine of touching the mail.

/KX

I know about domain spoofing to make phishing email sender address same as original sender. That can be very dangerous to member who not double checking content inside email.

Just removed without opening email, it's easy if (phishing target) email not registered to blockchain.com. But how about someone who get this email and also registered on blockchain.com, i think they will open that phishing email, and very possible to click anything inside content.

edit: typo

[masulum]

Another fake blockchain.com website. This website offers free Ethereum to users. The "LOL" thing on this website is, offer ETH but using Stellar Logo  



Website information:
Domain Name: ETHEREUM-BLOCKHAINE.COM
Registry Domain ID: 2454895476_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2019-11-13T20:00:15
Creation Date: 2019-11-13T19:55:26
Registrar Registration Expiration Date: 2020-11-13T19:55:26
Registrar: TUCOWS, INC.
Registrar IANA ID: 69

Code:

ethereum-blockhaine.com/

Be careful, re-check your domain address before login.

[nelson4lov]

Thanks for the heads up @masulum. These phishing attacks are becoming too rampant nowadays. They've gone from spamming phishing links in chat channels like Telegram and whatsapp groups, discord servers and now It's email. I'm not forget the constant phishing attacks in the replies of popular crypto users. Since there's no permanent solution, It's best to always apply caution when visiting external links. If there's one thing that I know, It's that ; if an opportunity or offer is too good to be true, that's because it probably is.

[masulum]

today I received an email in the name of blockchain.com. However, fortunately, I did not register my email to open an account at the service. So I know that this is a phishing/malware email. However, I have something to say here that the e-mail link on the e-mail I received does not use its own domain name. However, they chose to use public cloud storage, in this case, scammers use Google Docs services.

Here are the links and e-mail screenshots:

Code:

The link under view in wallet button: https://docs.google.com/document/pub?id=10zgWhYSe24D411WsXu9As1LdFhXG8d4-2r54M3DtKqM <-- DON'T OPEN THIS PAGE

VirusTotal status: https://www.virustotal.com/gui/url/11143bdb9b6f04a6d855f7d500df4921baba72642bf1600d68de8b6f3c57e2dd/detection

From this case, I want to remind all of the newbie or old members to re-check the link before clicking,

• check email sender,
• use capitalized text to make sure they are not using similar text.,
• don't trust documents from any strange person who shared a link from cloud storage,
• please use virus scanner before opening the link or ignore it.

-

[masulum]

Actually, my email not registered on any bounty, I think they get my email from another case. Since I know if my email registered on the marketplace before and one of the biggest data breaches in Indonesia. Else, I agree with you @Maestro75 if BM not asking email for bounty participants anymore, because BM doesn't need it. And for you as hunters, maybe you can skip any campaign who asking your email to join, to prevent something bad come to you.

[Yaunfitda]

There is also another attempts recently, using puny code attack.

It was open by @Slow death, beware of https://login.xn--blockchan-2pba.com/#/login.

[Falconer]

<skip>
And for you as hunters, maybe you can skip any campaign who asking your email to join, to prevent something bad come to you.

You have to prepare a backup email for that, no need to pass it because we don't know if the campaign has good potential and protects our identity. Several campaigns previously requested email and KYC verification, most participants avoided it and in the end, they had passed potential tokens that have been listed on the top exchange.

[masulum]

@Falconer, it can be a option if someone still wants to join in campaign that ask email. Or, the other option to asked campaign manager to hide the email column from public spreadsheet. Because we never know what happen with that email in the future. When member relogin to that email, and receive an email contains phishing/malware, it still have possibility to clicked unwanted link if he/she not aware with that email.

[Falconer]

@Falconer, it can be a option if someone still wants to join in campaign that ask email. Or, the other option to asked campaign manager to hide the email column from public spreadsheet. Because we never know what happen with that email in the future. When member relogin to that email, and receive an email contains phishing/malware, it still have possibility to clicked unwanted link if he/she not aware with that email.

The target of scammers is to collect as many emails as possible from spreadsheets because the victims are targeted members of the world of cryptocurrency, I am also worried that the manager (bad reputation) is also part of the scammer and manages the bounty scam to collect data from campaign participants, then use the backup email option to not trapped in the black world.