phishing emails from bitcointaik.org

[2tights]

Please be aware that I received a phishing email from bitcointaik.org


it includes a disguised link... don't click it or follow their password reset instructions as I'm sure it will log and steal your account.


Bitcoin Forum <noreply@bitcointaik.org>
9:24 AM (1 hour ago)

to 2tights

Why is this message in Spam? You clicked "Report phishing" for this message.  Learn more
Dear 2tights,

Due to the OpenSSL heartbleed bug and recent attacks on our website, changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=4981;sa=account

Username: 2tights

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=4981;sa=notification
http://bitcointaIk.org/index.php?action=login;u=4981;sa=pmpref

----------------------------------------------------

WHOIS information for bitcointaik.org:**

[Querying whois.publicinterestregistry.net]
[whois.publicinterestregistry.net]
Domain Name:BITCOINTAIK.ORG
Domain ID: D172552259-LROR
Creation Date: 2014-05-07T21:26:37Z
Updated Date: 2014-05-07T21:37:22Z
Registry Expiry Date: 2015-05-07T21:26:37Z
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Sponsoring Registrar IANA ID: 48
WHOIS Server:
Referral URL:
Domain Status: clientTransferProhibited
Domain Status: serverTransferProhibited
Domain Status: addPeriod
Registrant ID:537e559e0ebc27ea
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City:Panama
Registrant State/Province:Panama
Registrant Postal Code:00000
Registrant Country:PA
Registrant Phone:+507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email:legal@whoisguard.com
Admin ID:537e559e0ebc27ea
Admin Name:WhoisGuard Protected
Admin Organization:WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City:Panama
Admin State/Province:Panama
Admin Postal Code:00000
Admin Country:PA
Admin Phone:+507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email:legal@whoisguard.com
Tech ID:537e559e0ebc27ea
Tech Name:WhoisGuard Protected
Tech Organization:WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City:Panama
Tech State/Province:Panama
Tech Postal Code:00000
Tech Country:PA
Tech Phone:+507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email:legal@whoisguard.com
Name Server:NS1.HIDEMYHOST.COM
Name Server:NS2.HIDEMYHOST.COM
Name Server:NS3.HIDEMYHOST.COM
Name Server:NS4.HIDEMYHOST.COM

[1715040917]

1715040917

[BitCoinDream]

Registered yesterday and not even using https !!!

[jonald_fyookball]

How do you think they got your email to begin with?

[franky1]

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

[mktrader]

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This is very important information, specially for those new to the Bitcoin community!

[2tights]

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

[Injust]

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

Got me one of these emails today

Email below for anybody who's curious.

Code:

                                                                                                                                                                                                                                                               
Delivered-To: [removed]
Received: by 10.52.76.199 with SMTP id m7csp437305vdw;
        Fri, 9 May 2014 08:25:53 -0700 (PDT)
X-Received: by 10.66.150.69 with SMTP id ug5mr21474014pab.55.1399649153451;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Return-Path: <noreply@bitcointaik.org>
Received: from erelay5.ox.registrar-servers.com (erelay5.ox.registrar-servers.com. [192.64.117.65])
        by mx.google.com with ESMTP id tv5si2430744pbc.158.2014.05.09.08.25.53
        for <[removed]>;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of noreply@bitcointaik.org designates 192.64.117.65 as permitted sender) client-ip=192.64.117.65;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of noreply@bitcointaik.org designates 192.64.117.65 as permitted sender) smtp.mail=noreply@bitcointaik.org
Received: from localhost (unknown [127.0.0.1])
	by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id EC3412204D16
	for <[removed]>; Fri,  9 May 2014 15:25:52 +0000 (UTC)
Received: from erelay1.ox.registrar-servers.com ([127.0.0.1])
	by localhost (erelay.ox.registrar-servers.com [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id ThIaU9sR71GS for <[removed]>;
	Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from imap2.ox.privateemail.com (imap2.ox.privateemail.com [198.187.29.234])
	by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id 4D0FE2204CFD
	for <[removed]>; Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from [192.168.0.50] (unknown [199.47.77.6])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.privateemail.com (Postfix) with ESMTPSA id 06D855A0086
	for <[removed]>; Fri,  9 May 2014 11:25:50 -0400 (EDT)
Message-ID: <536BB17E.6040906@bitcointaIk.org>
Date: Thu, 08 May 2014 09:31:58 -0700
From: Bitcoin Forum <noreply@bitcointaIk.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: [removed]
Subject: Changing your forum password is recommended.
X-Enigmail-Draft-Status: 512
Content-Type: multipart/alternative;
 boundary="------------040306080202000204040301"

This is a multi-part message in MIME format.
--------------040306080202000204040301
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Dear Injust,

Due to the OpenSSL heartbleed bug and recent attacks on our website,
changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=8543;sa=account

Username: Injust

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification
http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs


--------------040306080202000204040301
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Dear Injust,<br>
    <br>
    Due to the OpenSSL heartbleed bug and recent attacks on our website,
    changing your forum password is recommended.<br>
    To set a new password click the following link:<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8543;sa=account">http://bitcointaIk.org/index.php?action=login;u=8543;sa=account</a><br>
    <br>
    Username: Injust<br>
    <br>
    Regards,<br>
    The Bitcoin Forum Team.<br>
    <br>
    ------------------<br>
    You are receiving this message because you are a member of the<br>
    Bitcoin Forum. If you do not want to receive further messages, you<br>
    can change your notification preferences here:<br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification">http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification</a><br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs">http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs</a><br>
    <br>
  </body>
</html>

--------------040306080202000204040301--

[guybrushthreepwood]

I'd reccomend hiding your email addresses if it's not absolutly neccesary to have them on display, but I suppose it might not matter that much if you're weary of any scams that might be sent to it.

[Injust]

I'd reccomend hiding your email addresses if it's not absolutly neccesary to have them on display, but I suppose it might not matter that much if you're weary of any scams that might be sent to it.

I'm pretty good, AFAIK, against these scams because I use LastPass to store my passwords, thus if it doesn't autologin for me, I know something's off

And besides, the website had no https so it was pretty evident.

[escrow.ms]

I've gotten too, made a thread about it yesterday.
https://bitcointalk.org/index.php?topic=601729.0

Please use these website to report this domain.

http://www.google.com/safebrowsing/report_phish/?rd=1
http://www.phishtank.com/
https://submit.symantec.com/antifraud/phish.cgi
http://phishing.eset.com/report
http://toolbar.netcraft.com/report_url

[Tammy Chan]

Thanks for the alert.

OP, your email is hidden in your profile page (at least at this moment), so how did the email sender know your email address? 

[🏰 TradeFortress 🏰]

Thanks for the alert.

OP, your email is hidden in your profile page (at least at this moment), so how did the email sender know your email address? 

He mentioned how earlier:

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

This is a fairly clever attack, surprised it wasn't registered earlier.

[Mightycoin]

I didn't get emails like that yet but thanks for telling maybe I would of fall for this 

[Icardi09]

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

[Injust]

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

And what's even clever of them is that they put a capital I
So with certain fonts, "I" is indistinguishable from "l"

[2tights]

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

yw

[KWH]

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

Winner winner chicken dinner!