PowerGlove (OP)
|
|
July 16, 2022, 02:53:14 PM Last edit: July 19, 2022, 08:18:33 PM by PowerGlove |
|
Normally I wouldn't share something I've received by PM, but this feels dodgy and I have no idea who this person is: This person didn't participate in that thread and the "link" is some kind of messed up BBCode (which I sanitized before quoting above): [flash=200,200]https://[/flash][url=https://bitcointalk.login-index.php-topic.794551.0.thegermanaccess.com/?u=PowerGlove&l=5406168.0]bitcointalk.oгg/index.php?topic=5406168.0[/url]
Anybody know anything? Edit: Here's an image of the message for anyone still interested: Notice how the link is blue when it should be green. Also, notice the weird underlining that stops short of extending all the way to the left. I've condensed what I learned from other members into a simple guide: Don't get your Bitcointalk account "phished" (Desktop/Laptop). Thanks everybody!
|
|
|
|
OmegaStarScream
Staff
Legendary
Offline
Activity: 3612
Merit: 6335
|
|
July 16, 2022, 02:59:21 PM |
|
Just report the PM. It's a phishing site, that's not the real bitcointalk forum. If you typed your password in there, make sure to change it.
|
|
|
|
crwth
Copper Member
Legendary
Online
Activity: 2898
Merit: 1279
https://linktr.ee/crwthopia
|
|
July 16, 2022, 03:06:43 PM |
|
Be careful with these types of weird messages. It's best to open links in incognito, or better yet, never open them. It's easy to spot, though, if you are used to checking the links before clicking. I have seen some posts, IIRC, that swap out something like that. You can easily spot different links. If you hover your mouse over at the link, verify if it's the same as the one posted. Don't click links is a great motto as well.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
Lucius
Legendary
Offline
Activity: 3374
Merit: 6058
Crypto Swap Exchange🈺
|
|
July 16, 2022, 03:12:25 PM Merited by PowerGlove (1) |
|
After 6 pages of applications to various bounty campaigns and periods of inactivity, this user has obviously come for his perma-ban. Only 1 merit to become a Jr.Member still proves to be a bad decision, because PMs from newbies can at least be blocked.
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3948
Merit: 2677
Join the world-leading crypto sportsbook NOW!
|
|
July 16, 2022, 03:34:46 PM Last edit: July 16, 2022, 03:50:06 PM by hilariousandco Merited by LoyceV (4), Welsh (4), pooya87 (2), PowerGlove (1) |
|
You need to report the PM. After 6 pages of applications to various bounty campaigns and periods of inactivity, this user has obviously come for his perma-ban. Only 1 merit to become a Jr.Member still proves to be a bad decision, because PMs from newbies can at least be blocked.
One merit is still relatively hard to get, especially for a shitposter, but getting merit for this post today is a bit suspicious: #JOIN & #Proof of authentication Facebook URL (personal): https://www.facebook.com/santhosh121081Telegram username: @santhosh1981 ERC20 wallet for token distribution: 0x759b7576f2Ada6cD031A71Dd8070834e69e54DfD I wonder if he bought it? SIXMJ who merited that post is worth looking into. He received 3 merits from dragospirvu75 who has sent merit to the following: June 28, 2022, 01:12:32 AM: 3 to SIXMJ for Re: Want to buys some NFTs, please share your art... June 24, 2022, 12:26:27 AM: 1 to Irinatoken for Re: 🔥BLAZEPROTOCOL 🔥 Official Bounty Program June 12, 2022, 09:25:02 PM: 1 to Pktunnn for Re: 🌎 [BOUNTY]⚡ NOTCH COIN - 💰[100 000 000 NOTCH]💰 REWARD! 🌎 June 11, 2022, 05:39:43 PM: 1 to ewck1442 for [ANN] Bitcoin Protocol - A Protocol to fulfulling Satoshi's Vision April 24, 2022, 02:43:32 PM: 1 to greenzon for Re: 🔥[BOUNTY]PIPSCHAIN - HYBRID EXCHANGE (Fiat & crypto currency in one platform)🔥 April 10, 2022, 04:43:42 AM: 1 to LoyceV for Re: I just began to run full node. Where do I see my contribution? All are banned apart from Loyce. And guess what they're all banned for? Sending the same phishing PM including dragospirvu75. So either they're linked to the phishing or they're involved in selling merit to the phisher.
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1652
Merit: 1900
Amazon Prime Member #7
|
|
July 16, 2022, 10:08:17 PM |
|
This person didn't participate in that thread and the "link" is some kind of messed up BBCode (which I sanitized before quoting above): [flash=200,200]https://[/flash][url=https://bitcointalk.login-index.php-topic.794551.0.thegermanaccess.com/?u=PowerGlove&l=5406168.0]bitcointalk.oгg/index.php?topic=5406168.0[/url]
Anybody know anything? When I try to post the above BB code in a post, the link does not show up as green when I hover over the link. While this is a phishing link, santhosh121081 was not able to beat the anti-phishing measures of the forum.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 16, 2022, 11:19:07 PM |
|
@op did you get a warning on the message that it could be phishing?
You can easily spot different links. If you hover your mouse over at the link, verify if it's the same as the one posted.
You can also copy link text on mobile to copy a link that looks right onto your phone (to paste it in your search bar) or use copy link address and paste it into a notes app to interrogate to see if it's a trusted link - don't paste it into a search bar as you run the risk of accidentally hitting enter or paste and go and you may at the very least denonymise yourself.
Hopefully this gets fixed by admins to make more links return [suspicious link removed]
|
|
|
|
PowerGlove (OP)
|
|
July 17, 2022, 12:20:39 AM |
|
@op did you get a warning on the message that it could be phishing?
There was no warning when I first read the message and it had been sitting in my inbox for about 2 hours by that point. There was also no warning when I opened it a few hours later to click "Report To Admin". There's now (I kept the message) a big red box with "This PM looks like possible phishing: examine links closely!". Hmm, I wonder why that took so long to show up? When I try to post the above BB code in a post, the link does not show up as green when I hover over the link. While this is a phishing link, santhosh121081 was not able to beat the anti-phishing measures of the forum.
That's weird. It was legit-looking and clickable in the PM. Maybe that URL has now been flagged by the system and so won't properly render anymore?
|
|
|
|
Harkorede
|
|
July 17, 2022, 12:39:35 AM |
|
I wonder if he bought it?
All are banned apart from Loyce. And guess what they're all banned for? Sending the same phishing PM including dragospirvu75. So either they're linked to the phishing or they're involved in selling merit to the phisher.
Or could have fell for phishing message ? and the user sending them didn't feel the need to change their password or attempt email changing since they lowly ranked account, so they decided to send send out their smerit and using the victims account to send similar message to potentially get more victims ? because why risk all your alt accounts getting banned once if he indeed owns all of them ?
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1652
Merit: 1900
Amazon Prime Member #7
|
|
July 17, 2022, 05:10:39 AM |
|
@op did you get a warning on the message that it could be phishing?
If I am thinking of the same warning message, that warning is only displayed with newbies send a PM, and it is displayed for all newbies, regardless of PM content. The person who sent the OP the PM is a Junior Member When I try to post the above BB code in a post, the link does not show up as green when I hover over the link. While this is a phishing link, santhosh121081 was not able to beat the anti-phishing measures of the forum.
That's weird. It was legit-looking and clickable in the PM. Maybe that URL has now been flagged by the system and so won't properly render anymore? The URL is clickable, but the forum has implemented a security feature that will display links to the bitcointalk forum as green when the user hovers their mouse over the link, and will display as blue for all other links. The link in question was not to a bitcointalk forum page and was displayed as green
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3444
Merit: 17395
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 17, 2022, 05:47:40 AM |
|
The URL is clickable, but the forum has implemented a security feature that will display links to the bitcointalk forum as green when the user hovers their mouse over the link, and will display as blue for all other links. That "green" is barely noticeable on my screen, and I bet I'm not alone. I'm wondering why the security feature that stops fake links to be labeled "Bitcointalk.org" didn't kick in. Example: http://google.com[url=google.com]bitc ointalk.org[/url] Converting the text to upper case answers it: BITCOINTALK.O ГG.
All are banned apart from Loyce. I dodged the bullet there
|
|
|
|
Lucius
Legendary
Offline
Activity: 3374
Merit: 6058
Crypto Swap Exchange🈺
|
|
July 17, 2022, 09:41:08 AM |
|
One merit is still relatively hard to get, especially for a shitposter, but getting merit for this post today is a bit suspicious:
I don't agree that it's hard, not even for shitposters who will find a way to get it one way or another. It's no secret that there is a black market for merits, and if I'm not mistaken, the price is still 1 merit = $5. Given that a lot of bad things happen through PM, it would be good to think about blocking messages not only from Newbies but also from Jr.Members because I personally don't see any difference between those two ranks.
|
|
|
|
Fivestar4everMVP
Legendary
Offline
Activity: 2380
Merit: 1082
Leading Crypto Sports Betting & Casino Platform
|
|
July 17, 2022, 11:21:30 AM Last edit: December 16, 2023, 06:54:53 PM by Fivestar4everMVP |
|
Normally I wouldn't share something I've received by PM, but this feels dodgy and I have no idea who this person is: I checked the Bitcointalk link i believe the spammer sent you and it seems a genuine Bitcointalk link which actually lead to a thread where a user is asking for help with Blockchain.com, this post is in the Beginners and Help Board. But in as much as the link I quoted above looks genuine, I still did not understand why this user sent you this PM because I can also confirm that he didn't participate in the discussion on the thread, If he did, then maybe we would have given him the benefit of doubt and believe he probably wanted to PM another user but mistook you for that user by not taking notice of your username when he assumed he clicked the profile of the user he wanted to PM. I will join other users to advice you report the PM and maybe block the user if you feel unsafe with your account., On no account should users unnecessarily PM other users on things that makes absolutely no sense, Bitcointalk is not Telagram where spammers have almost no restriction from PMing other random users.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
PowerGlove (OP)
|
|
July 17, 2022, 11:55:56 AM |
|
I checked the Bitcointalk link i believe the spammer sent you and it seems a genuine Bitcointalk link which actually lead to a thread where a user is asking for help with Blockchain.com, this post is in the Beginners and Help Board.
I cleaned the link before posting it, to make it safe for other users to click. It's now a genuine Bitcointalk link, but it was a phishing link before (see BBCode in OP).
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1652
Merit: 1900
Amazon Prime Member #7
|
|
July 17, 2022, 02:03:40 PM |
|
The URL is clickable, but the forum has implemented a security feature that will display links to the bitcointalk forum as green when the user hovers their mouse over the link, and will display as blue for all other links. That "green" is barely noticeable on my screen, and I bet I'm not alone. I am aware of the feature and notice it. The feature may not be all that well known. I'm wondering why the security feature that stops fake links to be labeled "Bitcointalk.org" didn't kick in. Example: http://google.com[url=google.com]bitc ointalk.org[/url] Converting the text to upper case answers it: BITCOINTALK.O ГG. It seems that using the above BB code will result in "google.com" to be displayed, however it will show as "bitcointalk.org" when previewing the post. It seems that saving the post will actually remove the BB code, and will only have the link after the "url=". Probably another good feature
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2366
Merit: 7442
|
|
July 17, 2022, 03:55:32 PM |
|
Anybody know anything? This is a known phishing scam attempt and it happened to me in bitcointalk forum few years ago, by hacked a now banned member kingpin4321. I see this member who sent you message is now also banned, but best way is to report messages like this to moderator right away, and never click on any links you receive. Generally speaking I don't trust any links I receive in forum or by emails and I always double check them.
|
|
|
|
Benkbeny
Newbie
Offline
Activity: 25
Merit: 1
|
|
July 17, 2022, 11:33:51 PM |
|
Anybody know anything? This is a known phishing scam attempt and it happened to me in bitcointalk forum few years ago, by hacked a now banned member kingpin4321. I see this member who sent you message is now also banned, but best way is to report messages like this to moderator right away, and never click on any links you receive. Generally speaking I don't trust any links I receive in forum or by emails and I always double check them. Scammer has gone an extra mile to define mean to trap people by sending just a link to click in and once that is done your IP address display to them and them defines means to track your record and hack your account. Let's all be careful on link we click.
|
|
|
|
NotATether
Legendary
Offline
Activity: 1736
Merit: 7275
In memory of o_e_l_e_o
|
|
July 18, 2022, 03:57:26 AM |
|
Be careful with these types of weird messages. It's best to open links in incognito, or better yet, never open them. It's easy to spot, though, if you are used to checking the links before clicking. I have seen some posts, IIRC, that swap out something like that.
Why have Chrome and Firefox stopped showing the links in big fat text at the bottom of the screen? (instead of the small tiny url cramped into one corner only when loading the page, which is for all practical purposes invisible to most users)?? In lynx for comparison, there is a huge prominent notice at the last terminal line where I can clearly see the URL being loaded. You know what, maybe I'll continue browsing like this, unless I want to see images then maybe I can open Chrome as a guest. It's like PGP-encrypting your account before logging in. SIXMJ who merited that post is worth looking into. He received 3 merits from dragospirvu75 who has sent merit to the following:
June 28, 2022, 01:12:32 AM: 3 to SIXMJ for Re: Want to buys some NFTs, please share your art... June 24, 2022, 12:26:27 AM: 1 to Irinatoken for Re: ð¥BLAZEPROTOCOL ð¥ Official Bounty Program June 12, 2022, 09:25:02 PM: 1 to Pktunnn for Re: ð [BOUNTY]!V! NOTCH COIN - ð°[100 000 000 NOTCH]ð° REWARD! ð June 11, 2022, 05:39:43 PM: 1 to ewck1442 for [ANN] Bitcoin Protocol - A Protocol to fulfulling Satoshi's Vision April 24, 2022, 02:43:32 PM: 1 to greenzon for Re: ð¥[BOUNTY]PIPSCHAIN - HYBRID EXCHANGE (Fiat & crypto currency in one platform)ð¥ April 10, 2022, 04:43:42 AM: 1 to LoyceV for Re: I just began to run full node. Where do I see my contribution?
All are banned apart from Loyce. And guess what they're all banned for? Sending the same phishing PM including dragospirvu75. So either they're linked to the phishing or they're involved in selling merit to the phisher.
I can say that I had no idea that dragospirvu75 was harvesting merit for account farms, as someone who merited quite a few of his less shady posts.
|
|
|
|
PowerGlove (OP)
|
|
July 18, 2022, 04:34:28 AM |
|
Why have Chrome and Firefox stopped showing the links in big fat text at the bottom of the screen? (instead of the small tiny url cramped into one corner only when loading the page, which is for all practical purposes invisible to most users)??
That still works for me in both Firefox and Chrome (Windows and Linux). It is pretty small though. Maybe you have some unusual extension installed?
|
|
|
|
NotATether
Legendary
Offline
Activity: 1736
Merit: 7275
In memory of o_e_l_e_o
|
|
July 18, 2022, 07:07:39 AM |
|
Why have Chrome and Firefox stopped showing the links in big fat text at the bottom of the screen? (instead of the small tiny url cramped into one corner only when loading the page, which is for all practical purposes invisible to most users)??
That still works for me in both Firefox and Chrome (Windows and Linux). It is pretty small though. Maybe you have some unusual extension installed? That box is exactly what I'm talking about, but let me clarify it with some ASCII drawings. Right now, when you are loading a page on Chrome and Firefox, they look like this, with the url in the lower-left status trimmed (unless you move your mouse there, then it moves to the lower-right, and vice versa): ============================================================= # <- -> % |bitcointalk.org.hackers.inc/login.php | : # #-----------------------------------------------------------# # # # # # # # # # # # CONTENT # # # # # # # # # # # # # # # # # # # #------------------------ # #Loading https://hack...| # =============================================================
It's not proportional, the real browser window makes the status bar about half of this size, and slightly more text, but you get the idea. What I believe they should be showing is this: ============================================================= # <- -> % | **hackers.inc** | : # #-----------------------------------------------------------# # # # # # # # # # # # CONTENT # # # # # # # # # # # # # # # # # # # # # #------------------------ # #Loading https://hack...| # =============================================================
There is only the root domain name in bold inside the URL bar (if you click inside the URL bar, then you will be able to see the full URL). The subdomains are hidden, so that less people get fooled. Most people will only look at the left-most part of the URL to see what website they are on, and hackers take advantage of that. They already design it like that on mobile, but IMO this should be on desktop too, ideally with a setting to revert to the old behavior.
|
|
|
|
|