Bitcoin Forum
December 15, 2017, 11:17:08 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Beware: Coinbase Phishing scam "Review Our New User Agreement"  (Read 3641 times)
Elwar
Legendary
*
Offline Offline

Activity: 2310


www.bitpools.com


View Profile WWW
November 09, 2014, 08:26:39 AM
 #1

Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513336628
Hero Member
*
Offline Offline

Posts: 1513336628

View Profile Personal Message (Offline)

Ignore
1513336628
Reply with quote  #2

1513336628
Report to moderator
Jamie_Boulder
Sr. Member
****
Offline Offline

Activity: 378


View Profile WWW
November 09, 2014, 10:19:32 AM
 #2

Thanks for sharing Elwar.

Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1610

Reverse engineer from time to time


View Profile
November 09, 2014, 10:21:49 AM
 #3

Wow...this is a serious flaw in coinbase, it allows an attacker to arbitrarily redirect people by disguising the link(and actually using coinbase itself).

EDIT: Oh, it didn't redirect?

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Elwar
Legendary
*
Offline Offline

Activity: 2310


www.bitpools.com


View Profile WWW
November 09, 2014, 02:21:54 PM
 #4

EDIT: Oh, it didn't redirect?
[/quote

I don't believe so, but I'm not trying the link again to find out.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
The Tipping Point
Newbie
*
Offline Offline

Activity: 3


View Profile
November 09, 2014, 03:11:40 PM
 #5

Did you receive a email with this link in or was in on a google search?
Elwar
Legendary
*
Offline Offline

Activity: 2310


www.bitpools.com


View Profile WWW
November 09, 2014, 03:21:01 PM
 #6

Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
RobertDJ
Full Member
***
Offline Offline

Activity: 155


View Profile
November 09, 2014, 06:46:37 PM
 #7

Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.
They probably found your email address from some database of email addresses that are associated with bitcoin and sent emails to them all.

Another possibility is that they attempted to sign up with many email addresses and sent emails to accounts that they received an error message saying that an account already exists with that email
Elwar
Legendary
*
Offline Offline

Activity: 2310


www.bitpools.com


View Profile WWW
November 09, 2014, 09:18:17 PM
 #8

Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.
They probably found your email address from some database of email addresses that are associated with bitcoin and sent emails to them all.

Another possibility is that they attempted to sign up with many email addresses and sent emails to accounts that they received an error message saying that an account already exists with that email

Probably from one of the many hacked sites...Bitcoinica, Mt Gox, and others.

I had 2 factor authentication set up anyway so they could not access my account either way.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
dontCAREhair
Full Member
***
Offline Offline

Activity: 120


View Profile
November 09, 2014, 11:56:39 PM
 #9

EDIT: Oh, it didn't redirect?

I don't believe so, but I'm not trying the link again to find out.
If you have access/the ability to run a VM, I would suggest visiting the URL from a VM to see what happens and to investigate for sure if it is actually a coinbase page or not when you load the URL.

Also I would suggest editing your post so it is more obvious that the link is a potential phishing link.
vtrac
Newbie
*
Offline Offline

Activity: 6


View Profile WWW
November 10, 2014, 01:43:15 AM
 #10

Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------

You can't just change your password immediately. You need to remove all 3rd party API access now in coinbase now. This is a huge flaw in coinbase: http://www.reddit.com/r/Bitcoin/comments/2lt76n/warning_coinbase_oauth_phishing_attack_allows/

CoinSpy.io - Get alerts on Bitcoin transactions for any address
dontCAREhair
Full Member
***
Offline Offline

Activity: 120


View Profile
November 10, 2014, 01:59:04 AM
 #11

Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------

You can't just change your password immediately. You need to remove all 3rd party API access now in coinbase now. This is a huge flaw in coinbase: http://www.reddit.com/r/Bitcoin/comments/2lt76n/warning_coinbase_oauth_phishing_attack_allows/
This is true for most sites that allow API access as all that you need to access the site is the API key associated with your account. It is an overall security risk for any site that you enable API access to when the API can make any kind of financial decisions for you
Singlebyte
Hero Member
*****
Offline Offline

Activity: 854



View Profile
December 12, 2015, 05:25:55 PM
 #12

I know this is is an old thread but just wanted to point out that the Phishers are at it again......

Just received a boat load of fake emails pretending to be coinbase.  Be Aware!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!