Bitcoin Forum
July 18, 2019, 07:52:36 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: phishing emails from bitcointaik.org  (Read 1857 times)
2tights
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250

I like big BITS and I cannot lie.


View Profile WWW
May 08, 2014, 05:54:12 PM
 #1

Please be aware that I received a phishing email from bitcointaik.org


it includes a disguised link... don't click it or follow their password reset instructions as I'm sure it will log and steal your account.


Bitcoin Forum <noreply@bitcointaik.org>
9:24 AM (1 hour ago)

to 2tights

Why is this message in Spam? You clicked "Report phishing" for this message.  Learn more
Dear 2tights,

Due to the OpenSSL heartbleed bug and recent attacks on our website, changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=4981;sa=account

Username: 2tights

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=4981;sa=notification
http://bitcointaIk.org/index.php?action=login;u=4981;sa=pmpref

----------------------------------------------------

WHOIS information for bitcointaik.org:**

[Querying whois.publicinterestregistry.net]
[whois.publicinterestregistry.net]
Domain Name:BITCOINTAIK.ORG
Domain ID: D172552259-LROR
Creation Date: 2014-05-07T21:26:37Z
Updated Date: 2014-05-07T21:37:22Z
Registry Expiry Date: 2015-05-07T21:26:37Z
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Sponsoring Registrar IANA ID: 48
WHOIS Server:
Referral URL:
Domain Status: clientTransferProhibited
Domain Status: serverTransferProhibited
Domain Status: addPeriod
Registrant ID:537e559e0ebc27ea
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City:Panama
Registrant State/Province:Panama
Registrant Postal Code:00000
Registrant Country:PA
Registrant Phone:+507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email:legal@whoisguard.com
Admin ID:537e559e0ebc27ea
Admin Name:WhoisGuard Protected
Admin Organization:WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City:Panama
Admin State/Province:Panama
Admin Postal Code:00000
Admin Country:PA
Admin Phone:+507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email:legal@whoisguard.com
Tech ID:537e559e0ebc27ea
Tech Name:WhoisGuard Protected
Tech Organization:WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City:Panama
Tech State/Province:Panama
Tech Postal Code:00000
Tech Country:PA
Tech Phone:+507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email:legal@whoisguard.com
Name Server:NS1.HIDEMYHOST.COM
Name Server:NS2.HIDEMYHOST.COM
Name Server:NS3.HIDEMYHOST.COM
Name Server:NS4.HIDEMYHOST.COM
1563436356
Hero Member
*
Offline Offline

Posts: 1563436356

View Profile Personal Message (Offline)

Ignore
1563436356
Reply with quote  #2

1563436356
Report to moderator
1563436356
Hero Member
*
Offline Offline

Posts: 1563436356

View Profile Personal Message (Offline)

Ignore
1563436356
Reply with quote  #2

1563436356
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563436356
Hero Member
*
Offline Offline

Posts: 1563436356

View Profile Personal Message (Offline)

Ignore
1563436356
Reply with quote  #2

1563436356
Report to moderator
1563436356
Hero Member
*
Offline Offline

Posts: 1563436356

View Profile Personal Message (Offline)

Ignore
1563436356
Reply with quote  #2

1563436356
Report to moderator
1563436356
Hero Member
*
Offline Offline

Posts: 1563436356

View Profile Personal Message (Offline)

Ignore
1563436356
Reply with quote  #2

1563436356
Report to moderator
BitCoinDream
Legendary
*
Offline Offline

Activity: 1442
Merit: 1012

The revolution will be digital


View Profile
May 08, 2014, 06:11:44 PM
 #2

Registered yesterday and not even using https !!! Cheesy

jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
May 08, 2014, 07:13:16 PM
 #3

How do you think they got your email to begin with?

franky1
Legendary
*
Offline Offline

Activity: 2450
Merit: 1451



View Profile
May 08, 2014, 07:21:40 PM
 #4

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
mktrader
Member
**
Offline Offline

Activity: 84
Merit: 10

Hello World!!!


View Profile
May 08, 2014, 07:30:07 PM
 #5

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'


This is very important information, specially for those new to the Bitcoin community!

Price Poll: bitcointalk.org/index.php?topic=555609
2tights
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250

I like big BITS and I cannot lie.


View Profile WWW
May 08, 2014, 07:32:15 PM
 #6

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.
Injust
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000



View Profile
May 09, 2014, 05:05:45 PM
 #7

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

Got me one of these emails today Smiley

Email below for anybody who's curious.

Code:
                                                                                                                                                                                                                                                               
Delivered-To: [removed]
Received: by 10.52.76.199 with SMTP id m7csp437305vdw;
        Fri, 9 May 2014 08:25:53 -0700 (PDT)
X-Received: by 10.66.150.69 with SMTP id ug5mr21474014pab.55.1399649153451;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Return-Path: <noreply@bitcointaik.org>
Received: from erelay5.ox.registrar-servers.com (erelay5.ox.registrar-servers.com. [192.64.117.65])
        by mx.google.com with ESMTP id tv5si2430744pbc.158.2014.05.09.08.25.53
        for <[removed]>;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of noreply@bitcointaik.org designates 192.64.117.65 as permitted sender) client-ip=192.64.117.65;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of noreply@bitcointaik.org designates 192.64.117.65 as permitted sender) smtp.mail=noreply@bitcointaik.org
Received: from localhost (unknown [127.0.0.1])
by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id EC3412204D16
for <[removed]>; Fri,  9 May 2014 15:25:52 +0000 (UTC)
Received: from erelay1.ox.registrar-servers.com ([127.0.0.1])
by localhost (erelay.ox.registrar-servers.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id ThIaU9sR71GS for <[removed]>;
Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from imap2.ox.privateemail.com (imap2.ox.privateemail.com [198.187.29.234])
by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id 4D0FE2204CFD
for <[removed]>; Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from [192.168.0.50] (unknown [199.47.77.6])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.privateemail.com (Postfix) with ESMTPSA id 06D855A0086
for <[removed]>; Fri,  9 May 2014 11:25:50 -0400 (EDT)
Message-ID: <536BB17E.6040906@bitcointaIk.org>
Date: Thu, 08 May 2014 09:31:58 -0700
From: Bitcoin Forum <noreply@bitcointaIk.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: [removed]
Subject: Changing your forum password is recommended.
X-Enigmail-Draft-Status: 512
Content-Type: multipart/alternative;
 boundary="------------040306080202000204040301"

This is a multi-part message in MIME format.
--------------040306080202000204040301
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Dear Injust,

Due to the OpenSSL heartbleed bug and recent attacks on our website,
changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=8543;sa=account

Username: Injust

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification
http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs


--------------040306080202000204040301
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Dear Injust,<br>
    <br>
    Due to the OpenSSL heartbleed bug and recent attacks on our website,
    changing your forum password is recommended.<br>
    To set a new password click the following link:<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8543;sa=account">http://bitcointaIk.org/index.php?action=login;u=8543;sa=account</a><br>
    <br>
    Username: Injust<br>
    <br>
    Regards,<br>
    The Bitcoin Forum Team.<br>
    <br>
    ------------------<br>
    You are receiving this message because you are a member of the<br>
    Bitcoin Forum. If you do not want to receive further messages, you<br>
    can change your notification preferences here:<br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification">http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification</a><br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs">http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs</a><br>
    <br>
  </body>
</html>

--------------040306080202000204040301--
guybrushthreepwood
Legendary
*
Offline Offline

Activity: 1176
Merit: 1192



View Profile
May 09, 2014, 06:18:45 PM
 #8

I'd reccomend hiding your email addresses if it's not absolutly neccesary to have them on display, but I suppose it might not matter that much if you're weary of any scams that might be sent to it.
Injust
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000



View Profile
May 10, 2014, 12:59:58 AM
 #9

I'd reccomend hiding your email addresses if it's not absolutly neccesary to have them on display, but I suppose it might not matter that much if you're weary of any scams that might be sent to it.

I'm pretty good, AFAIK, against these scams because I use LastPass to store my passwords, thus if it doesn't autologin for me, I know something's off Smiley

And besides, the website had no https so it was pretty evident.
escrow.ms
Legendary
*
Offline Offline

Activity: 1260
Merit: 1004

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
May 10, 2014, 01:03:07 AM
 #10

I've gotten too, made a thread about it yesterday.
https://bitcointalk.org/index.php?topic=601729.0

Please use these website to report this domain.

http://www.google.com/safebrowsing/report_phish/?rd=1
http://www.phishtank.com/
https://submit.symantec.com/antifraud/phish.cgi
http://phishing.eset.com/report
http://toolbar.netcraft.com/report_url
Tammy Chan
Hero Member
*****
Offline Offline

Activity: 821
Merit: 1000



View Profile
May 10, 2014, 07:28:24 AM
 #11

Thanks for the alert.

OP, your email is hidden in your profile page (at least at this moment), so how did the email sender know your email address?  Huh

TradeFortress 🏕
VIP
Legendary
*
Offline Offline

Activity: 1176
Merit: 1023


View Profile
May 10, 2014, 07:58:44 AM
 #12

Thanks for the alert.

OP, your email is hidden in your profile page (at least at this moment), so how did the email sender know your email address?  Huh
He mentioned how earlier:

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

This is a fairly clever attack, surprised it wasn't registered earlier.
Mightycoin
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
May 10, 2014, 08:55:29 AM
 #13

I didn't get emails like that yet but thanks for telling maybe I would of fall for this  Undecided
Icardi09
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250



View Profile
May 12, 2014, 03:44:17 PM
 #14

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info
Injust
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000



View Profile
May 12, 2014, 04:58:22 PM
 #15

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

And what's even clever of them is that they put a capital I Smiley
So with certain fonts, "I" is indistinguishable from "l"
2tights
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250

I like big BITS and I cannot lie.


View Profile WWW
May 14, 2014, 09:22:37 PM
 #16

http://bitcointaik.org/
differ only 1 letter

that's why we need to hide our email address
thanks for your info

yw
KWH
Legendary
*
Offline Offline

Activity: 1904
Merit: 1033

In Collateral I Trust.


View Profile
May 14, 2014, 09:36:03 PM
 #17

How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.


so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'


Winner winner chicken dinner!

When the subject of buying BTC with Paypal comes up, I often remember this: 

Insanity: doing the same thing over and over again and expecting different results.

Albert Einstein
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!