Bitcoin Forum
October 17, 2021, 08:49:49 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 [7] 8 9 »  All
  Print  
Author Topic: New Ledger phishing mail targets individual users  (Read 1714 times)
Csmiami
Copper Member
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 902


Yes, I consider myself to be hilarious


View Profile WWW
December 23, 2020, 01:00:06 AM
 #121

----

I stand myself corrected; they sent a second email that did go straight to the spam folder; you have to laugh... On said second email, they apologize for nothing, but the title adds a nice ERRATUM word; and a newly underlined phone number appears on the list of items that have been compromised. They are still missing the email address, so I guess there's still room for a ERRATUM ERRATUM? The rest of the email is exactly the same
1634460589
Hero Member
*
Offline Offline

Posts: 1634460589

View Profile Personal Message (Offline)

Ignore
1634460589
Reply with quote  #2

1634460589
Report to moderator
1634460589
Hero Member
*
Offline Offline

Posts: 1634460589

View Profile Personal Message (Offline)

Ignore
1634460589
Reply with quote  #2

1634460589
Report to moderator
1634460589
Hero Member
*
Offline Offline

Posts: 1634460589

View Profile Personal Message (Offline)

Ignore
1634460589
Reply with quote  #2

1634460589
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1634460589
Hero Member
*
Offline Offline

Posts: 1634460589

View Profile Personal Message (Offline)

Ignore
1634460589
Reply with quote  #2

1634460589
Report to moderator
Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2859


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 28, 2020, 04:01:49 PM
 #122

New day brings a new phishing surprise. This time the story is directed and brought to you by our dear Prince Shaon. Prince Shaon didn't put much thought to it so he simple wrote from a gmail account. Ohh, bless him. Our prince suggests we all download his 'additional wallet' so that our accounts don't get hacked. Noble of him indeed. Too bad he signed the email like the Ledger CEO did in the genuine emails that were sent to users.

I would have preferred a signature by Prince Shaon instead. Makes me sad looking at it this way Cry


suchmoon
Legendary
*
Offline Offline

Activity: 2828
Merit: 6727


https://bpip.org


View Profile WWW
December 28, 2020, 04:43:01 PM
 #123

New day brings a new phishing surprise. This time the story is directed and brought to you by our dear Prince Shaon.

Oooohhhh.... Ledger CEO being the crown prince of Nigeria would make perfect sense. Both have the habit of treating recipients of their e-mails as utter idiots.

aesma
Hero Member
*****
Offline Offline

Activity: 1568
Merit: 672


fly or die


View Profile
December 28, 2020, 08:43:16 PM
 #124

The one I got was very nice, probably the best scam email I ever got, a big paragraph in good English, not a single mistake/typo. Maybe why it got through antispam filters. The sending address gave it away though as well as the fact it wants you to download something, with a link, of course.
HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3919

<insert witty quote here>


View Profile
December 28, 2020, 09:38:08 PM
 #125

They're just getting lazy now... no text... obviously fake email, no sign off... just a straight up link to Google Docs Roll Eyes Roll Eyes

jerry0
Full Member
***
Offline Offline

Activity: 1274
Merit: 143


View Profile
December 28, 2020, 09:39:10 PM
 #126

New day brings a new phishing surprise. This time the story is directed and brought to you by our dear Prince Shaon. Prince Shaon didn't put much thought to it so he simple wrote from a gmail account. Ohh, bless him. Our prince suggests we all download his 'additional wallet' so that our accounts don't get hacked. Noble of him indeed. Too bad he signed the email like the Ledger CEO did in the genuine emails that were sent to users.

I would have preferred a signature by Prince Shaon instead. Makes me sad looking at it this way Cry





Has anyone here clicked on the link that those scam/spam emails posted and if so, what is it?  Is it malware/keylogger or is it something else?  Like asking you to type your seed?  Could you lose your coins just clicking on those links?  Read about chrome extension and how someone got their coins stolen in it... when they used a hardware wallet... but it wasn't ledger or trezor.
HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3919

<insert witty quote here>


View Profile
December 28, 2020, 09:54:36 PM
Merited by suchmoon (4)
 #127

Has anyone here clicked on the link that those scam/spam emails posted and if so, what is it?  Is it malware/keylogger or is it something else?  Like asking you to type your seed?  Could you lose your coins just clicking on those links?  Read about chrome extension and how someone got their coins stolen in it... when they used a hardware wallet... but it wasn't ledger or trezor.
You can't lose your coins from a Ledger (or other hardware wallets) simply by clicking on a link... That is the entire purpose of hardware wallets. You would need to have the device connected and explicitly authorise a transaction on the device itself to send a transaction, and the private keys/seeds are shielded from external applications.

The simple answer is that it doesn't matter what the link goes to (be it a fake version of Ledger Live, keylogger or a website asking for your 24 words), you simply should NOT click on it... it's obviously fake and a poor attempt to try and steal your coins.

jerry0
Full Member
***
Offline Offline

Activity: 1274
Merit: 143


View Profile
December 28, 2020, 10:12:51 PM
 #128

Has anyone here clicked on the link that those scam/spam emails posted and if so, what is it?  Is it malware/keylogger or is it something else?  Like asking you to type your seed?  Could you lose your coins just clicking on those links?  Read about chrome extension and how someone got their coins stolen in it... when they used a hardware wallet... but it wasn't ledger or trezor.
You can't lose your coins from a Ledger (or other hardware wallets) simply by clicking on a link... That is the entire purpose of hardware wallets. You would need to have the device connected and explicitly authorise a transaction on the device itself to send a transaction, and the private keys/seeds are shielded from external applications.

The simple answer is that it doesn't matter what the link goes to (be it a fake version of Ledger Live, keylogger or a website asking for your 24 words), you simply should NOT click on it... it's obviously fake and a poor attempt to try and steal your coins.




I saw this post on someone using a hardware wallet called keepkey and used a malicious chrome extension through google... 


So what happened here then? This person typed in his keepkey seed?  Again i don't know of any hardware wallets besides nano ledger and trezor... but this guy mentioned he used a hardware wallet.


https://bitcointalk.org/index.php?topic=5255282.0;all




Yea obviously you should not click on whatever link is in the email.  But i got to assume it has to be malware/keylogger at least right?  I can't imagine a hacker putting a link and you only get screwed if you actually type in your seed.  I mean... wouldn't they make it malware/keylogger as well so then they can get into your email or say keepass/lastpass and thus they find your seed somewhere there?



Also i assume the safe way to find out if a link has malware/keylogger or any malicious would be use a separate computer that uses linux or chromebook then?  Or even if you use a windows computer, make sure its like a throwaway computer or a testing computer so to speak... to see what it is?  I recall i saw some youtube video where a guy intentionally click on malware/virus/keylogger links to see what it did to their computer... and they used a virtual machine for that.


So someone installing a virtual machine or using linux/chromebook could possibly test this all out without risk to their main computer?  But would there be any danger to their internet though?
aesma
Hero Member
*****
Offline Offline

Activity: 1568
Merit: 672


fly or die


View Profile
December 28, 2020, 10:55:11 PM
 #129

He says it was a phishing app. So basically what some of these Ledger emails are trying to do : have you install a fake app, then use it as normal. As soon as you authorize a transfer of your coins, the app will take over and have you send to their address, and send everything instead of just the amount you had chosen.

With a Ledger though, you should still be able to see what's happening on the Ledger screen and not authorize it.
Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2859


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 28, 2020, 11:02:54 PM
 #130

So what happened here then? This person typed in his keepkey seed?
He downloaded a fake Chrome extension that asked him to enter his recovery phrase (for whatever reason). He did, the words were sent to the scammers who ultimately emptied his accounts. This is not a hack of a hardware wallet. This was an avoidable human error and a person who fell for a phishing attempt. Your seed phrase should never be stored or entered anywhere online. If you remember that simple rule, you will save yourself plenty of trouble.

Yea obviously you should not click on whatever link is in the email.  But i got to assume it has to be malware/keylogger at least right? 
No, the hackers are interested in your recovery phrase. Infecting you with a keylogger wont help them gain access to the crypto assets stored on your hardware device. They want you to enter your seed in their malicious app.

Why are you so concerned about what it is? It is not a genuine app, and it could potentially do you some harm in one way or the other. If you find a needle on the ground, you don't stick it into your arm to see what it is. Just pass by it or throw it away.

HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3919

<insert witty quote here>


View Profile
December 28, 2020, 11:09:38 PM
 #131

I saw this post on someone using a hardware wallet called keepkey and used a malicious chrome extension through google...  

So what happened here then? This person typed in his keepkey seed?  Again i don't know of any hardware wallets besides nano ledger and trezor... but this guy mentioned he used a hardware wallet.
Exactly, if you read the various details of that story (and any other involving loss from hardware wallets), it's generally because the seed has been compromised by either:

- some fake piece of software that asks the user to enter their seed on the PC... boom! coins gone.
or
- user stored their seed in a screenshot, email, instant messenger, text document, other digital format etc. and it got compromised.


Yea obviously you should not click on whatever link is in the email.  But i got to assume it has to be malware/keylogger at least right?  I can't imagine a hacker putting a link and you only get screwed if you actually type in your seed.  I mean... wouldn't they make it malware/keylogger as well so then they can get into your email or say keepass/lastpass and thus they find your seed somewhere there?
Which do you think is easier and quicker to make (and more likely to success)? Huh A website that says "hey this is Ledger website, please confirm your 24 word ledger seed here:" and harvests 24 word seeds... or create an installer for malware that goes targeting keepass/lastpass databases on the off chance the victim actually has those installed, and they actually stored their seed there (against all common sense and recommendations of NOT storing your seed digitally)? Huh


Also i assume the safe way to find out if a link has malware/keylogger or any malicious would be use a separate computer that uses linux or chromebook then?  Or even if you use a windows computer, make sure its like a throwaway computer or a testing computer so to speak... to see what it is?  I recall i saw some youtube video where a guy intentionally click on malware/virus/keylogger links to see what it did to their computer... and they used a virtual machine for that.

So someone installing a virtual machine or using linux/chromebook could possibly test this all out without risk to their main computer?  But would there be any danger to their internet though?
Why does it even matter??!? Huh Roll Eyes Just DON'T click on the link... who cares if it's just a website asking for your 24 word seed or malware disguised as wallet software... there is literally ZERO reason (for normal users) to click on the link.

Seriously, just delete the emails and move on with your life.

bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2424



View Profile WWW
December 29, 2020, 09:46:53 AM
 #132

Yea obviously you should not click on whatever link is in the email.  But i got to assume it has to be malware/keylogger at least right?  I can't imagine a hacker putting a link and you only get screwed if you actually type in your seed.  I mean... wouldn't they make it malware/keylogger as well so then they can get into your email or say keepass/lastpass and thus they find your seed somewhere there?
Which do you think is easier and quicker to make (and more likely to success)? Huh A website that says "hey this is Ledger website, please confirm your 24 word ledger seed here:" and harvests 24 word seeds... or create an installer for malware that goes targeting keepass/lastpass databases on the off chance the victim actually has those installed, and they actually stored their seed there (against all common sense and recommendations of NOT storing your seed digitally)? Huh


To be honestly, both is pretty easy to accomplish.
The website obviously is a no-brainer. But the other method wouldn't require too much work either.

You wouldn't create a malware which specifically targets the password manager. You would use some generic malware which gives you full access to the victims system.
Then you could always load other pieces of malware to search/extract specific kind of information.


But the consensus is: Don't click on unknown links. And if you did and it downloaded something, delete it and do not execute or open the file.

LTU_btc
Legendary
*
Offline Offline

Activity: 2114
Merit: 1047



View Profile WWW
December 30, 2020, 11:06:22 PM
 #133

Through all these phishing emails in my spam folder, today I found something new Smiley :

Never heard about website Crypto-mails.com before and I can't even access it.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
December 31, 2020, 11:42:03 AM
 #134

LTU_btc, that mail is nothing but the promotion of the coin/token mentioned in it, and it is quite expected that the database will be used for such purposes. Since the database became public, the amount of spam in my case has increased at least 4 to 5 times, but thanks to a good spam filter everything ends up in a spam folder, including legitimate emails from Ledger which are obviously marked by many as spam.

Someone has already mentioned that it is not the smartest thing to open such spam e-mails at all, because it is possible that those who send them use some methods to get your IP and some other information. In other words, you are letting the bad guys know that you are active and that it makes sense to keep trying to deceive you in some way.

The Pharmacist
Legendary
*
Offline Offline

Activity: 2394
Merit: 4626


>>Proudly cycling merits for Team Foxpup<<


View Profile
December 31, 2020, 11:49:44 AM
 #135

I stand myself corrected; they sent a second email that did go straight to the spam folder;
For a long time I thought I wasn't getting these phishing e-mails, but I happened to check the spam folder of the e-mail address that I gave Ledger (which is not my primary one by any means), and yep, I've been getting them alright.  Luckily they did go to the spam folder immediately, and I hope that's true for most people. 

Strangely (or not) I've gotten quite a few legitimate e-mails from the Ledger team that haven't gone to the spam folder.  I haven't been paying attention to them either, or that e-mail address in general.  Meanwhile, I don't have anything on either Ledger I own--not that I'm afraid of getting hacked, just that I don't own a lot of crypto these days. 

Never heard about website Crypto-mails.com before and I can't even access it.
Nor have I and I wouldn't even try to access it.  Is it possible to own a domain name that doesn't have a website, just e-mail hosting?

LTU_btc
Legendary
*
Offline Offline

Activity: 2114
Merit: 1047



View Profile WWW
December 31, 2020, 02:36:09 PM
 #136

Someone has already mentioned that it is not the smartest thing to open such spam e-mails at all, because it is possible that those who send them use some methods to get your IP and some other information. In other words, you are letting the bad guys know that you are active and that it makes sense to keep trying to deceive you in some way.
Is it really possible for them to know IP address when you just open email without clicking any links? Because I've never hear about such thing before. If it's really possible, then probably it's not good idea to open these emails.

Is it possible to own a domain name that doesn't have a website, just e-mail hosting?
[/quote]
Yeah, it's possible.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Stalker22
Sr. Member
****
Offline Offline

Activity: 560
Merit: 390



View Profile
December 31, 2020, 03:37:30 PM
 #137

Is it really possible for them to know IP address when you just open email without clicking any links? Because I've never hear about such thing before. If it's really possible, then probably it's not good idea to open these emails.


Yeah, it's possible. It's called Pixel-Tracking. In addition to the IP address, they can also know when you opened the email, how many times, the operating system you use, the email client, the device, and a bunch of other things about you. The easiest way to prevent pixel tracking is to block images from being displayed in your emails, but I'm not sure if it's totally effective.


        ▄▀▀▀▀▀▀   ▄▄
    ▄  ▄▄▀▀▀▀▀▀▀▀▀▄▄▀▀▄
  ▄▀▄▀▀             ▀▀▄▀
 ▄▀▄▀         ▄       ▀▄
  ▄▀         ███       ▀▄▀▄
▄ █   ▀████▄▄███▄       █ █
█ █     ▀▀▀███████▄▄▄▄  █ █
█ █       ██████████▀   █ ▀
▀▄▀▄       ▀▀█████▀    ▄▀
   ▀▄        ▐██▄     ▄▀▄▀
  ▀▄▀▄▄       ███▄  ▄▄▀▄▀
    ▀▄▄▀▀▄▄▄▄▄████▀▀ ▄▀
       ▀   ▄▄▄▄▄▄▄
.
█ █▀█ █▀█ █▀█  ▄  ▄▀▀ █   ▄▀█ ▀█▀ ▄▀▀ ▄███▄
█ █▀█ █ █ █ █ ▀█▀ ▀▀█ █   █ █  █  ▀▀█ ▀███▀
█ █▄█ █▄█ █▄█     ▄▄▀ ▀▄▄ █▄▀  █  ▄▄▀   
                                        █
████████████████████████████████████ 
███▀▀▀▀▀▀██████▀▀▀▀▀▀██████▀▀▀▀▀▀███ 
█▀▄██▀███▄▀██▀▄██▀███▄▀██▀▄██▀███▄▀████▄
█ █ ▀ ▀███ ██ █ ▀ ▀███ ██ █ ▀ ▀███ █████
█ ██    ▄█ ██ ██    ▄█ ██ ██    ▄█ █████
█▄▀██  ▀█▀▄██▄▀██  ▀█▀▄██▄▀██  ▀█▀▄████▀
███▄▄▄▄▄▄██████▄▄▄▄▄▄██████▄▄▄▄▄▄███
████████████████████████████████████
CRYPTO'S FASTEST
GROWING CASINO

‎ ★
█▄             ▄█
██▄         ▄██
▐█████████████████▌
█████████████████

▄█████████████████▄
▀▀
▄▄▄▄    ▄▄▄▄   ▀▀
▀███▀  ▄████▀  ▄██▀

▄▄   ▀█████  ▀▀▄▄
██████████████████
████▀▀▀▀▀▀▀▀▀▀▀▀█████
██████▄▄▄▄▄▄▄▄███████
▀███████████████▀
▀▀██████████▀▀
▄▄█████████▄▄
▄█▀▀  ▀▀███▀▀  ▀▀█▄
▄█▀        █        ██▄
▄█          █         ██▄
▄███       ▄███▄       ███▄
███▀▀█▄▄▄▄███████▄▄▄▄█▀▀███
█▀      ▀█████████▀      ▀█
█        █████████        █
▀█       █████████       █▀
▀█     ▄█       █▄     █▀
▀██████         ██████▀
▀████▄       ▄████▀
▄▄▄█████▀▀███▄▄▄▄▄███▀▀█████▄▄▄
★ ‎
‎ ★
█▀▀▀▀











█▄▄▄▄
.
PLAY NOW
▀▀▀▀█











▄▄▄▄█
Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
January 01, 2021, 11:13:03 AM
 #138

LTU_btc, of course it is possible, with the method described by Stalker22, and there are probably some other tricks used for this purpose. While this may not mean too much for those to whom all data has become public, for those to whom only email addresses have become available it would certainly be a breach of privacy - the address can be linked to the country, and if the ISP does not have adequate protection even locate the user.

After all, all these phishing/advertising emails are more or less the same - when you see one, there is no need to look at the others.

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2859


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
January 01, 2021, 02:56:31 PM
 #139

Yeah, it's possible. It's called Pixel-Tracking.
The good thing about Pixel-Tracking is that you can probably prevent it from getting to your private data by going into the settings of your email client and turning of the option for showing images from the email. And if the mail ends up in your spam folder, I think clients like Hotmail and Yahoo disable the option to display external images by default. I have read about Pixel-Tracking extensions and add-ons as well, but never tested any personally. 

Stalker22
Sr. Member
****
Offline Offline

Activity: 560
Merit: 390



View Profile
January 01, 2021, 05:05:34 PM
Merited by Lucius (1), LTU_btc (1)
 #140

Yeah, it's possible. It's called Pixel-Tracking.
The good thing about Pixel-Tracking is that you can probably prevent it from getting to your private data by going into the settings of your email client and turning of the option for showing images from the email. And if the mail ends up in your spam folder, I think clients like Hotmail and Yahoo disable the option to display external images by default. I have read about Pixel-Tracking extensions and add-ons as well, but never tested any personally.  

Gmail users are also somewhat protected: Google redirects every image request via its own proxy servers (much like bitcointalk does). Tracking pixels will still know when you read their emails, but they can't sniff your location because they can't see your IP address (they see Google's IP instead).

Of course, this doesn't mean I'm in favor of Gmail in terms of privacy. Wink

        ▄▀▀▀▀▀▀   ▄▄
    ▄  ▄▄▀▀▀▀▀▀▀▀▀▄▄▀▀▄
  ▄▀▄▀▀             ▀▀▄▀
 ▄▀▄▀         ▄       ▀▄
  ▄▀         ███       ▀▄▀▄
▄ █   ▀████▄▄███▄       █ █
█ █     ▀▀▀███████▄▄▄▄  █ █
█ █       ██████████▀   █ ▀
▀▄▀▄       ▀▀█████▀    ▄▀
   ▀▄        ▐██▄     ▄▀▄▀
  ▀▄▀▄▄       ███▄  ▄▄▀▄▀
    ▀▄▄▀▀▄▄▄▄▄████▀▀ ▄▀
       ▀   ▄▄▄▄▄▄▄
.
█ █▀█ █▀█ █▀█  ▄  ▄▀▀ █   ▄▀█ ▀█▀ ▄▀▀ ▄███▄
█ █▀█ █ █ █ █ ▀█▀ ▀▀█ █   █ █  █  ▀▀█ ▀███▀
█ █▄█ █▄█ █▄█     ▄▄▀ ▀▄▄ █▄▀  █  ▄▄▀   
                                        █
████████████████████████████████████ 
███▀▀▀▀▀▀██████▀▀▀▀▀▀██████▀▀▀▀▀▀███ 
█▀▄██▀███▄▀██▀▄██▀███▄▀██▀▄██▀███▄▀████▄
█ █ ▀ ▀███ ██ █ ▀ ▀███ ██ █ ▀ ▀███ █████
█ ██    ▄█ ██ ██    ▄█ ██ ██    ▄█ █████
█▄▀██  ▀█▀▄██▄▀██  ▀█▀▄██▄▀██  ▀█▀▄████▀
███▄▄▄▄▄▄██████▄▄▄▄▄▄██████▄▄▄▄▄▄███
████████████████████████████████████
CRYPTO'S FASTEST
GROWING CASINO

‎ ★
█▄             ▄█
██▄         ▄██
▐█████████████████▌
█████████████████

▄█████████████████▄
▀▀
▄▄▄▄    ▄▄▄▄   ▀▀
▀███▀  ▄████▀  ▄██▀

▄▄   ▀█████  ▀▀▄▄
██████████████████
████▀▀▀▀▀▀▀▀▀▀▀▀█████
██████▄▄▄▄▄▄▄▄███████
▀███████████████▀
▀▀██████████▀▀
▄▄█████████▄▄
▄█▀▀  ▀▀███▀▀  ▀▀█▄
▄█▀        █        ██▄
▄█          █         ██▄
▄███       ▄███▄       ███▄
███▀▀█▄▄▄▄███████▄▄▄▄█▀▀███
█▀      ▀█████████▀      ▀█
█        █████████        █
▀█       █████████       █▀
▀█     ▄█       █▄     █▀
▀██████         ██████▀
▀████▄       ▄████▀
▄▄▄█████▀▀███▄▄▄▄▄███▀▀█████▄▄▄
★ ‎
‎ ★
█▀▀▀▀











█▄▄▄▄
.
PLAY NOW
▀▀▀▀█











▄▄▄▄█
Pages: « 1 2 3 4 5 6 [7] 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!