Watchout, spam phishing forum emails are going out!

[gweedo]

Code:

                                                                                                                                                                                                                                                               
Delivered-To: gweedobtc@gmail.com
Received: by 10.182.207.9 with SMTP id ls9csp34688obc;
        Fri, 9 May 2014 06:04:38 -0700 (PDT)
X-Received: by 10.66.172.167 with SMTP id bd7mr14062993pac.72.1399640677739;
        Fri, 09 May 2014 06:04:37 -0700 (PDT)
Return-Path: <noreply@bitcointaik.org>
Received: from erelay5.ox.registrar-servers.com (erelay5.ox.registrar-servers.com. [192.64.117.65])
        by mx.google.com with ESMTP id dh1si2232009pbc.284.2014.05.09.06.04.37
        for <gweedobtc@gmail.com>;
        Fri, 09 May 2014 06:04:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of noreply@bitcointaik.org designates 192.64.117.65 as permitted sender) client-ip=192.64.117.65;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of noreply@bitcointaik.org designates 192.64.117.65 as permitted sender) smtp.mail=noreply@bitcointaik.org
Received: from localhost (unknown [127.0.0.1])
	by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id 27B0F2204942
	for <gweedobtc@gmail.com>; Fri,  9 May 2014 13:04:37 +0000 (UTC)
Received: from erelay1.ox.registrar-servers.com ([127.0.0.1])
	by localhost (erelay.ox.registrar-servers.com [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id QeiY8KVoGKxv for <gweedobtc@gmail.com>;
	Fri,  9 May 2014 09:04:36 -0400 (EDT)
Received: from imap3-2.ox.privateemail.com (imap3-2.ox.privateemail.com [192.64.116.197])
	by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id 77BA32204A35
	for <gweedobtc@gmail.com>; Fri,  9 May 2014 09:04:36 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by mail.privateemail.com (Postfix) with ESMTP id 45F322A008F
	for <gweedobtc@gmail.com>; Fri,  9 May 2014 09:04:36 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at imap3.ox.privateemail.com
Received: from mail.privateemail.com ([127.0.0.1])
	by localhost (imap3.ox.privateemail.com [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id zpNI0haeLW8d for <gweedobtc@gmail.com>;
	Fri,  9 May 2014 09:04:36 -0400 (EDT)
Received: from [192.168.0.50] (bolobolo1.torservers.net [96.47.226.20])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.privateemail.com (Postfix) with ESMTPSA id 1C6132A0090
	for <gweedobtc@gmail.com>; Fri,  9 May 2014 09:04:33 -0400 (EDT)
Message-ID: <536BB146.60306@bitcointaIk.org>
Date: Thu, 08 May 2014 09:31:02 -0700
From: Bitcoin Forum <noreply@bitcointaIk.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: gweedobtc@gmail.com
Subject: Changing your forum password is recommended.
X-Enigmail-Draft-Status: 512
Content-Type: multipart/alternative;
 boundary="------------000707060004020602040504"

This is a multi-part message in MIME format.
--------------000707060004020602040504
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Dear gweedo,

Due to the OpenSSL heartbleed bug and recent attacks on our website,
changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=8079;sa=account

Username: gweedo

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=8079;sa=notification
http://bitcointaIk.org/index.php?action=login;u=8079;sa=pmprefs


--------------000707060004020602040504
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Dear gweedo,<br>
    <br>
    Due to the OpenSSL heartbleed bug and recent attacks on our website,
    changing your forum password is recommended.<br>
    To set a new password click the following link:<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8079;sa=account">http://bitcointaIk.org/index.php?action=login;u=8079;sa=account</a><br>
    <br>
    Username: gweedo<br>
    <br>
    Regards,<br>
    The Bitcoin Forum Team.<br>
    <br>
    ------------------<br>
    You are receiving this message because you are a member of the<br>
    Bitcoin Forum. If you do not want to receive further messages, you<br>
    can change your notification preferences here:<br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8079;sa=notification">http://bitcointaIk.org/index.php?action=login;u=8079;sa=notification</a><br>
    <a class="moz-txt-link-freetext" href="http://bitcointaIk.org/index.php?action=login;u=8079;sa=pmprefs">http://bitcointaIk.org/index.php?action=login;u=8079;sa=pmprefs</a><br>
    <br>
  </body>
</html>

--------------000707060004020602040504--

[b!z]

http://bitcointaik.org/cgi-sys/suspendedpage.cgi

[umair127]

I suggest people should change passwords twice a month with long passwords.  If they are getting ur email you should also hide your email to remain hidden unless hackers are hacking site and they are able to get people emails

[devthedev]

http://bitcointaik.org/cgi-sys/suspendedpage.cgi

Wow, and they were using a free hosting service -_-

[DeathAndTaxes]

A good rule of thumb is to simply never click on links in emails for site which may be important.   It is easy to be careless one time and not notice a misspelled url and it only takes one one mistake.  So if you get an email like this (and ironically it is good advice) and even if you believe it is legit.  Open a browser manually, go to bitcointalk, login as normal.

[Lauda]

I suggest people should change passwords twice a month with long passwords.  If they are getting ur email you should also hide your email to remain hidden unless hackers are hacking site and they are able to get people emails

Why would someone with a 20+ char password change it twice a month or often that is? The main thing that I'm waiting for is 2FA but that will come in the new forum I believe. One should never click these links in emails, related to anything.

[umair127]

A good rule of thumb is to simply never click on links in emails for site which may be important.   It is easy to be careless one time and not notice a misspelled url and it only takes one one mistake.  So if you get an email like this (and ironically it is good advice) and even if you believe it is legit.  Open a browser manually, go to bitcointalk, login as normal.

you wanna know what I do when I get these emails I click the link and write my password and cursethem out with the password, they never had responded back from me, I was thinking all you would have to do is put a hidden link tracker in the email and then if they are doing it with ebay im sure they can be prosecuted no?

[guybrushthreepwood]

I suggest people should change passwords twice a month with long passwords.  If they are getting ur email you should also hide your email to remain hidden unless hackers are hacking site and they are able to get people emails

You're probably more likely to get phished if you change your password frequently, or at least forget it. If you stay logged in all the time you dont have to input your password, but if you have a keylogger and then log out and chnage your password the virus will know it. Just stick with a fairly strong password but one you can remember and don't re-use it or at least limit the amount of places you use it.

[Crossbow376]

Just stick with a fairly strong password but one you can remember and don't re-use it or at least limit the amount of places you use it.

And for those who find it hard to remember a strong password for each individual site, they could use password management software like 1Password, LastPass and KeePass (open source).