[BEWARE!] Bitcoin Credentials Phishing Attempts -- Targeting Collectibles
⭐ Merited by krogothmanhattan (15) ,NotATether (10) ,LoyceV (6) ,Coolcryptovator (4) ,seek3r (4) ,EFS (4) ,DdmrDdmr (3) ,ABCbits (3) ,minerjones (2) ,ETFbitcoin (2) ,Halab (2) ,o_e_l_e_o (2) ,Heisenberg_Hunter (2) ,vapourminer (2) ,Daniel91 (2) ,haloxon (1) ,tweetious (1) ,hd49728 (1) ,Lafu (1) ,DroomieChikito (1) ,acroman08 (1) ,Rikafip (1) ,Bthd (1) ,GazetaBitcoin (1) ,Pmalek (1) ,dkbit98 (1) ,shield132 (1)
Forum friends,
I want to make everyone aware of a new tactic that scammers are employing to phish Bitcointalk forum credentials from those who frequent the Collectibles section. These credentials can then be used to forcibly take over the account, and use then account to facilitate scams.
Stage 1 of the attack:
PM to the user with a link that appears to be a valid page on the forum (hint, it's not -- see stage 2)
Stage 2:
User is redirected to a malicious domain controlled by the threat actors; note the domain is actually raiciegodesign[.]com and the username is tracked in the URL
https://bitcointalk[.]org.topic-index.php-5329455.0.raiciegodesign[.]com/index.php?u=blucepheus&l=5338607.60
Upon entering credentials, the page will simply refresh, and guess what? Your credentials are now posted to the threat actors' server, and they can instantly take over your account.
It appears the scammers have expanded past Telegram and are now using PMs as a medium to phish credentials, and likely use those stolen credentials to facilitate scams. For a long time, we have acted under the assumption that a PM from a trusted user on the forum is enough to validate. This proves it is not.
Stay safe and remain vigilant.
-bc
I want to make everyone aware of a new tactic that scammers are employing to phish Bitcointalk forum credentials from those who frequent the Collectibles section. These credentials can then be used to forcibly take over the account, and use then account to facilitate scams.
Stage 1 of the attack:
PM to the user with a link that appears to be a valid page on the forum (hint, it's not -- see stage 2)
Stage 2:
User is redirected to a malicious domain controlled by the threat actors; note the domain is actually raiciegodesign[.]com and the username is tracked in the URL
https://bitcointalk[.]org.topic-index.php-5329455.0.raiciegodesign[.]com/index.php?u=blucepheus&l=5338607.60
Upon entering credentials, the page will simply refresh, and guess what? Your credentials are now posted to the threat actors' server, and they can instantly take over your account.
It appears the scammers have expanded past Telegram and are now using PMs as a medium to phish credentials, and likely use those stolen credentials to facilitate scams. For a long time, we have acted under the assumption that a PM from a trusted user on the forum is enough to validate. This proves it is not.
Stay safe and remain vigilant.
-bc