Bitcoin Forum
October 17, 2018, 02:05:41 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Beware: Coinbase Phishing scam "Review Our New User Agreement"  (Read 3647 times)
Elwar
Legendary
*
Offline Offline

Activity: 2618
Merit: 1257


www.varyon.io


View Profile WWW
November 09, 2014, 08:26:39 AM
 #1

Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------

                     ▄▓▓▓▓    ▄▓█▓▄
                  ▄▓██████    ██████▓▄
                ▐████████▓    ▓████████▌
            ▄▓▓▄ ▀██▓▀▀▀         ▀▀▓██▓ ▄▓▓▄
         ▄▓█████▌ ▄▄▓▓██▓▌     ▓██▓▓▄▄ ▐█████▓▄
       ▓███████▀▄▓███████▌    ▐███████▓▄▀▓██████▓
       ▓█████▓ ▓█████████▌     █████████▓ ▓█████▓
               ▀▓████████      █████████▓
     ▄▄             ▀▀▀▀▀       ▀▀▀▀             ▄▄
    ▓████▓▓                                  ▄▓█████
    ▐██████ ▄▓█▓▓▄▄                   ▄▄▓▓▓▓ ██████▌
     ▓█████ ████████▓▓            ▄▓████████ █████▓
      ▓███▓ █████████▓            ▓█████████ ▓████
            ▀███████▀               ▓██████▀
        ▓███▓ ▓███▓      ▄▓██▓▄      ▓███▓ ▓███▓
        ▓█████▄        ▄▓██████▓▄        ▄▓████▓
         ██████▓      ▓██████████▓      ▐██████
         ▐████▓       ▀▓████████▓▀       ▓████▌
           ▀▀▀    ▄▓██▓▓▄▄ ▀▀ ▄▄▓▓███▓     ▀▀▀
                 ▓█████████  ██████████▄
                 ▓▓██████▓▓  ▀▓██████▓▓
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.......Social Media.......
██▄▓█████████████████████▓▓▄
▓██████████████████████████▌
███████████████████▓▓▀  ▓██▌
██████████████▓▀▀       ▓██▌
████████▓▀▀      ▄█    ▐███▌
███▓▀        ▄▄▓▀      ▓███▌
███▓▄▄▄   ▄▓█▓         ████▌
████████▓ ▓▌          ▓████▌
█████████▓    ▄       █████▌
██████████▌ ▄▓██▓▄   ▐█████▌
███████████████████▓▓██████▌
▐██████████████████████████
  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄███████████████████▄
██████████████████████▌
██████████████████████▌
████████████     █▀███▌
███   █████        ▐██▌
███               ▐███▌
███               ████▌
████             █████▌
█████▄▄         ██████▌
████         ▄████████▌
██████████████████████▌
██████████████████████▌
██
██
██
██
██
██
██
██
1539741941
Hero Member
*
Offline Offline

Posts: 1539741941

View Profile Personal Message (Offline)

Ignore
1539741941
Reply with quote  #2

1539741941
Report to moderator
1539741941
Hero Member
*
Offline Offline

Posts: 1539741941

View Profile Personal Message (Offline)

Ignore
1539741941
Reply with quote  #2

1539741941
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Jamie_Boulder
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile WWW
November 09, 2014, 10:19:32 AM
 #2

Thanks for sharing Elwar.

Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1764
Merit: 1001

Reverse engineer from time to time


View Profile
November 09, 2014, 10:21:49 AM
 #3

Wow...this is a serious flaw in coinbase, it allows an attacker to arbitrarily redirect people by disguising the link(and actually using coinbase itself).

EDIT: Oh, it didn't redirect?

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Elwar
Legendary
*
Offline Offline

Activity: 2618
Merit: 1257


www.varyon.io


View Profile WWW
November 09, 2014, 02:21:54 PM
 #4

EDIT: Oh, it didn't redirect?
[/quote

I don't believe so, but I'm not trying the link again to find out.

                     ▄▓▓▓▓    ▄▓█▓▄
                  ▄▓██████    ██████▓▄
                ▐████████▓    ▓████████▌
            ▄▓▓▄ ▀██▓▀▀▀         ▀▀▓██▓ ▄▓▓▄
         ▄▓█████▌ ▄▄▓▓██▓▌     ▓██▓▓▄▄ ▐█████▓▄
       ▓███████▀▄▓███████▌    ▐███████▓▄▀▓██████▓
       ▓█████▓ ▓█████████▌     █████████▓ ▓█████▓
               ▀▓████████      █████████▓
     ▄▄             ▀▀▀▀▀       ▀▀▀▀             ▄▄
    ▓████▓▓                                  ▄▓█████
    ▐██████ ▄▓█▓▓▄▄                   ▄▄▓▓▓▓ ██████▌
     ▓█████ ████████▓▓            ▄▓████████ █████▓
      ▓███▓ █████████▓            ▓█████████ ▓████
            ▀███████▀               ▓██████▀
        ▓███▓ ▓███▓      ▄▓██▓▄      ▓███▓ ▓███▓
        ▓█████▄        ▄▓██████▓▄        ▄▓████▓
         ██████▓      ▓██████████▓      ▐██████
         ▐████▓       ▀▓████████▓▀       ▓████▌
           ▀▀▀    ▄▓██▓▓▄▄ ▀▀ ▄▄▓▓███▓     ▀▀▀
                 ▓█████████  ██████████▄
                 ▓▓██████▓▓  ▀▓██████▓▓
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.......Social Media.......
██▄▓█████████████████████▓▓▄
▓██████████████████████████▌
███████████████████▓▓▀  ▓██▌
██████████████▓▀▀       ▓██▌
████████▓▀▀      ▄█    ▐███▌
███▓▀        ▄▄▓▀      ▓███▌
███▓▄▄▄   ▄▓█▓         ████▌
████████▓ ▓▌          ▓████▌
█████████▓    ▄       █████▌
██████████▌ ▄▓██▓▄   ▐█████▌
███████████████████▓▓██████▌
▐██████████████████████████
  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄███████████████████▄
██████████████████████▌
██████████████████████▌
████████████     █▀███▌
███   █████        ▐██▌
███               ▐███▌
███               ████▌
████             █████▌
█████▄▄         ██████▌
████         ▄████████▌
██████████████████████▌
██████████████████████▌
██
██
██
██
██
██
██
██
The Tipping Point
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
November 09, 2014, 03:11:40 PM
 #5

Did you receive a email with this link in or was in on a google search?
Elwar
Legendary
*
Offline Offline

Activity: 2618
Merit: 1257


www.varyon.io


View Profile WWW
November 09, 2014, 03:21:01 PM
 #6

Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.

                     ▄▓▓▓▓    ▄▓█▓▄
                  ▄▓██████    ██████▓▄
                ▐████████▓    ▓████████▌
            ▄▓▓▄ ▀██▓▀▀▀         ▀▀▓██▓ ▄▓▓▄
         ▄▓█████▌ ▄▄▓▓██▓▌     ▓██▓▓▄▄ ▐█████▓▄
       ▓███████▀▄▓███████▌    ▐███████▓▄▀▓██████▓
       ▓█████▓ ▓█████████▌     █████████▓ ▓█████▓
               ▀▓████████      █████████▓
     ▄▄             ▀▀▀▀▀       ▀▀▀▀             ▄▄
    ▓████▓▓                                  ▄▓█████
    ▐██████ ▄▓█▓▓▄▄                   ▄▄▓▓▓▓ ██████▌
     ▓█████ ████████▓▓            ▄▓████████ █████▓
      ▓███▓ █████████▓            ▓█████████ ▓████
            ▀███████▀               ▓██████▀
        ▓███▓ ▓███▓      ▄▓██▓▄      ▓███▓ ▓███▓
        ▓█████▄        ▄▓██████▓▄        ▄▓████▓
         ██████▓      ▓██████████▓      ▐██████
         ▐████▓       ▀▓████████▓▀       ▓████▌
           ▀▀▀    ▄▓██▓▓▄▄ ▀▀ ▄▄▓▓███▓     ▀▀▀
                 ▓█████████  ██████████▄
                 ▓▓██████▓▓  ▀▓██████▓▓
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.......Social Media.......
██▄▓█████████████████████▓▓▄
▓██████████████████████████▌
███████████████████▓▓▀  ▓██▌
██████████████▓▀▀       ▓██▌
████████▓▀▀      ▄█    ▐███▌
███▓▀        ▄▄▓▀      ▓███▌
███▓▄▄▄   ▄▓█▓         ████▌
████████▓ ▓▌          ▓████▌
█████████▓    ▄       █████▌
██████████▌ ▄▓██▓▄   ▐█████▌
███████████████████▓▓██████▌
▐██████████████████████████
  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄███████████████████▄
██████████████████████▌
██████████████████████▌
████████████     █▀███▌
███   █████        ▐██▌
███               ▐███▌
███               ████▌
████             █████▌
█████▄▄         ██████▌
████         ▄████████▌
██████████████████████▌
██████████████████████▌
██
██
██
██
██
██
██
██
RobertDJ
Full Member
***
Offline Offline

Activity: 155
Merit: 100


View Profile
November 09, 2014, 06:46:37 PM
 #7

Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.
They probably found your email address from some database of email addresses that are associated with bitcoin and sent emails to them all.

Another possibility is that they attempted to sign up with many email addresses and sent emails to accounts that they received an error message saying that an account already exists with that email
Elwar
Legendary
*
Offline Offline

Activity: 2618
Merit: 1257


www.varyon.io


View Profile WWW
November 09, 2014, 09:18:17 PM
 #8

Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.
They probably found your email address from some database of email addresses that are associated with bitcoin and sent emails to them all.

Another possibility is that they attempted to sign up with many email addresses and sent emails to accounts that they received an error message saying that an account already exists with that email

Probably from one of the many hacked sites...Bitcoinica, Mt Gox, and others.

I had 2 factor authentication set up anyway so they could not access my account either way.

                     ▄▓▓▓▓    ▄▓█▓▄
                  ▄▓██████    ██████▓▄
                ▐████████▓    ▓████████▌
            ▄▓▓▄ ▀██▓▀▀▀         ▀▀▓██▓ ▄▓▓▄
         ▄▓█████▌ ▄▄▓▓██▓▌     ▓██▓▓▄▄ ▐█████▓▄
       ▓███████▀▄▓███████▌    ▐███████▓▄▀▓██████▓
       ▓█████▓ ▓█████████▌     █████████▓ ▓█████▓
               ▀▓████████      █████████▓
     ▄▄             ▀▀▀▀▀       ▀▀▀▀             ▄▄
    ▓████▓▓                                  ▄▓█████
    ▐██████ ▄▓█▓▓▄▄                   ▄▄▓▓▓▓ ██████▌
     ▓█████ ████████▓▓            ▄▓████████ █████▓
      ▓███▓ █████████▓            ▓█████████ ▓████
            ▀███████▀               ▓██████▀
        ▓███▓ ▓███▓      ▄▓██▓▄      ▓███▓ ▓███▓
        ▓█████▄        ▄▓██████▓▄        ▄▓████▓
         ██████▓      ▓██████████▓      ▐██████
         ▐████▓       ▀▓████████▓▀       ▓████▌
           ▀▀▀    ▄▓██▓▓▄▄ ▀▀ ▄▄▓▓███▓     ▀▀▀
                 ▓█████████  ██████████▄
                 ▓▓██████▓▓  ▀▓██████▓▓
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.......Social Media.......
██▄▓█████████████████████▓▓▄
▓██████████████████████████▌
███████████████████▓▓▀  ▓██▌
██████████████▓▀▀       ▓██▌
████████▓▀▀      ▄█    ▐███▌
███▓▀        ▄▄▓▀      ▓███▌
███▓▄▄▄   ▄▓█▓         ████▌
████████▓ ▓▌          ▓████▌
█████████▓    ▄       █████▌
██████████▌ ▄▓██▓▄   ▐█████▌
███████████████████▓▓██████▌
▐██████████████████████████
  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄███████████████████▄
██████████████████████▌
██████████████████████▌
████████████     █▀███▌
███   █████        ▐██▌
███               ▐███▌
███               ████▌
████             █████▌
█████▄▄         ██████▌
████         ▄████████▌
██████████████████████▌
██████████████████████▌
██
██
██
██
██
██
██
██
dontCAREhair
Full Member
***
Offline Offline

Activity: 120
Merit: 100


View Profile
November 09, 2014, 11:56:39 PM
 #9

EDIT: Oh, it didn't redirect?

I don't believe so, but I'm not trying the link again to find out.
If you have access/the ability to run a VM, I would suggest visiting the URL from a VM to see what happens and to investigate for sure if it is actually a coinbase page or not when you load the URL.

Also I would suggest editing your post so it is more obvious that the link is a potential phishing link.
vtrac
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile WWW
November 10, 2014, 01:43:15 AM
 #10

Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------

You can't just change your password immediately. You need to remove all 3rd party API access now in coinbase now. This is a huge flaw in coinbase: http://www.reddit.com/r/Bitcoin/comments/2lt76n/warning_coinbase_oauth_phishing_attack_allows/
dontCAREhair
Full Member
***
Offline Offline

Activity: 120
Merit: 100


View Profile
November 10, 2014, 01:59:04 AM
 #11

Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------

You can't just change your password immediately. You need to remove all 3rd party API access now in coinbase now. This is a huge flaw in coinbase: http://www.reddit.com/r/Bitcoin/comments/2lt76n/warning_coinbase_oauth_phishing_attack_allows/
This is true for most sites that allow API access as all that you need to access the site is the API key associated with your account. It is an overall security risk for any site that you enable API access to when the API can make any kind of financial decisions for you
Singlebyte
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1000



View Profile
December 12, 2015, 05:25:55 PM
 #12

I know this is is an old thread but just wanted to point out that the Phishers are at it again......

Just received a boat load of fake emails pretending to be coinbase.  Be Aware!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!