|
Rampton
|
 |
November 21, 2014, 02:04:14 PM |
|
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.
The biggest issue with this scam is that anyone stupid enough to fall for it likely doesn't have very much BTC. Kind of a waste of time to send thousands of emails just to phish a few guys with .05 BTC in their wallets.
Well the really smart ones will, but most of these scams tend to be from non-english speaking countries and thus have poor language skills. The thing is with these sorts of scams it doesn't take that much effort out to send mass emails and they might get lucky and catch a few big hits. At the end of the day itr's free money for them so anything is a bonus. |
|
|
|
|
MakingMoneyHoney
|
|
November 21, 2014, 02:31:38 PM |
|
Yes, it's a total scam, but creatively done nonetheless....
for one, they recreated a fake site, but when you look at the certificate you should see a certificate error stating that the issued certificate does not match the ip address of the domain. It looks to be some kind of Webinjection exploit. It only servers as a fishing attempt to get your blockchain wallet credentials.
But as it's been said, that fee is ridiculous. It's great to see these things posted about, and people need to be careful. I'm only pointing out that the person may have done a "good job" or been "creative" creating the scam, however they were oblivious that the fee would never be that large and would tip me off immediately... :/ Also, why would you need to check within so many hours or else lose your whole balance? How does that make any sense? |
|
|
|
|
Eisenhower34
Legendary
 Offline
Activity: 906
Merit: 1002
|
|
November 21, 2014, 02:58:54 PM |
|
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet. c) I don't have a blockchain account.
This is the only thing that can save you from future scams and hacks. You might have dodged this one even if you had a blockchain account, but scams get better and blockchain.info can get hacked too. Not having a blockchain account or not storing any BTC there is the only viable option imo. Everything is done on the client side (key creation, key encryption/decryption TX pushing) so as long as you are using their wallet you should be fine. You just need to be sure that you are actually using their wallet and not an imposter; their wallet is open source and is available on github so you could potentially get it from there and run it locally |
|
|
|
|
|
Sutters Mill
|
|
November 21, 2014, 03:34:03 PM |
|
*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.
This is my favorite bit. I wonder where bitcoins go once they are 'reset'? lol. I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet. The best solution is to have the site bookmarked and always check it's the legit site first before you put anything in. 2 factor likely wont help you if you type that in as well but the site might be just hoping you don't have 2-factor set up. |
|
|
|
|
|
e4xit
|
|
November 21, 2014, 03:57:18 PM |
|
I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
In addition to the previous responder, if your attacker had access to an (encrypted) wallet backup then they woudl not need the YubiKey to open the wallet in Blockchain.info and coudl steal your monies! You should keep (even encrypted) backup files very safe. |
Not your keys, not your coins.
CoinJoin, always.
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1011
In Satoshi I Trust
|
 |
November 21, 2014, 03:59:06 PM |
|
c) I don't have a blockchain account.
TREAT AS SUSPECT!
I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone  (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see. i got my $2,031.88 - fools! |
|
|
|
|
onemorebtc
|
|
November 21, 2014, 04:04:16 PM |
|
c) I don't have a blockchain account.
TREAT AS SUSPECT!
I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see. i got my $2,031.88 - fools! lol... do you realize that some stupid folks could now try to follow the scam-link? |
transfer 3 onemorebtc.k1024.de 1
|
|
|
|
Rampton
|
|
November 21, 2014, 04:44:12 PM |
|
c) I don't have a blockchain account.
TREAT AS SUSPECT!
I think merely treating it as a scam/suspect is an understatement. I think you're safe in guaranteeing it's a scam based on C alone (though all three reasons combined should seal the deal). If anyone gets these types of emails they should just load up a bookmark and check their balance on the blockchain instead rather than clicking on links. The beauty of the blockchain is you don't even need to log in to see your balance as it's all there for anyone to see. i got my $2,031.88 - fools! lol... do you realize that some stupid folks could now try to follow the scam-link? LOL, or leave him negative feedback from promoting a scam  (though if anyone lost money because of a joke/sarcasm it's probably their own fault). |
|
|
|
pooya87
Legendary
Offline
Activity: 3486
Merit: 10648
|
|
November 21, 2014, 05:39:30 PM |
|
I've just received an e-mail from no-reply@blokchains.info titled "Bitcoin Payment Recieved" claiming that I've received $2,031.88 Of course it's asking my to log on to my blockchain account. I'm treating it as a scam because a) mispelling in title b) e-mail is NOT from blockchain address, and c) I don't have a blockchain account. TREAT AS SUSPECT! i suggest doing a couple of things: 1) enabling 2FA 2) bookmarking the real address and using it every time 3) in email you can add filters that move specific emails from senders to specific folders that you create, that way any other email that is just similar will go into "inbox" and real emails from the real sender in this case blockchain.info will go inside that folder |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
scarsbergholden
|
|
November 24, 2014, 12:02:06 AM |
|
*Top Tip*
If within 48 hours we do not receive your confirmation, your wallet will
be erased and all their bitcoins will be reset.
This is my favorite bit. I wonder where bitcoins go once they are 'reset'? lol. I recently activated my yubikey for blockchain.info.
So, I am wondering, if I would have fallen for that, would I have a problem?
Yes. You would enter your identifier/password into the phishing site along with your yubikey code then the attacker could instantly enter the same information into blockchain.info and have access to your wallet. The best solution is to have the site bookmarked and always check it's the legit site first before you put anything in. 2 factor likely wont help you if you type that in as well but the site might be just hoping you don't have 2-factor set up. 2FA with blockchain.info wallets is really nothing more then a false sense of security and they really should disable it. All it does is delay an attacker from being able to log into your identifier without our 2FA device however they can potentially get past this via social engineering blockchain support and/or getting a backup of your encrypted wallet file and importing it into their own identifier with the same password(s) that your identifier has |
|
|
|
e1ghtSpace
Legendary
Offline
Activity: 1526
Merit: 1001
Crypto since 2014
|
|
November 24, 2014, 06:15:46 AM |
|
You would think that if someone is going to send thousands of spam emails they'll at least check their spelling.
I heard somewhere that they purposely spell their emails wrong to weed out all of the smart people and are left with the stupid people. |
|
|
|
|
iGotSpots
Legendary
Offline
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
|
|
November 24, 2014, 08:24:52 AM |
|
Your paste of the email shows where the link really leads
|
|
|
|
Tual02
Newbie
Offline
Activity: 27
Merit: 0
|
|
November 25, 2014, 08:57:17 AM |
|
Fishing letter ???Please be careful with it.
|
|
|
|
|
|
