Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Meta
Re: phishing emails from bitcointaik.org
by
Injust
on 09/05/2014, 17:05:45 UTC
Quote from: 2tights on May 08, 2014, 07:32:15 PM
Quote from: franky1 on May 08, 2014, 07:21:40 PM
Quote from: jonald_fyookball on May 08, 2014, 07:13:16 PM
How do you think they got your email to begin with?

they didnt get his email. it was a forum inbox message

these things happen alot. in the past it has been found that scammers prep their list of 'marks' by asking forum topic questions such as:
"how much bitcoin do you own"
"what wallet software do you use"
etc

these info gathering games are what scammers do to target the right people. after all there is no point phishing someone if they only have satoshi dust to their name. and theres no point entering into conversation with them to tempt them to download trojans if the scammers code is not compatible with the victims wallet.

so usually scam emails and private messages are targetted to the victim, because the victim has made some form of admission that he is worthy of being scammed. either admitting wealth, admitting he runs a wallet that is compatable to a certain tojan or the fact that the victim admits to not have 2FA on their other logins or lastly, they have been scammed before so are proving to be an easy 'mark'

This was sent to my email account associated with my bitcointalk account.

I had my email not hidden, so I set it to hidden now. I agree that it was a targetted email, because my email was published and my bitcoin address has a decent balance which is also visible on my account.

Got me one of these emails today Smiley

Email below for anybody who's curious.

Code:
                                                                                                                                                                                                                                                               
Delivered-To: [removed]
Received: by 10.52.76.199 with SMTP id m7csp437305vdw;
        Fri, 9 May 2014 08:25:53 -0700 (PDT)
X-Received: by 10.66.150.69 with SMTP id ug5mr21474014pab.55.1399649153451;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Return-Path:
Received: from erelay5.ox.registrar-servers.com (erelay5.ox.registrar-servers.com. [192.64.117.65])
        by mx.google.com with ESMTP id tv5si2430744pbc.158.2014.05.09.08.25.53
        for <[removed]>;
        Fri, 09 May 2014 08:25:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of noreply@bitcointaik.org designates 192.64.117.65 as permitted sender) client-ip=192.64.117.65;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of noreply@bitcointaik.org designates 192.64.117.65 as permitted sender) smtp.mail=noreply@bitcointaik.org
Received: from localhost (unknown [127.0.0.1])
by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id EC3412204D16
for <[removed]>; Fri,  9 May 2014 15:25:52 +0000 (UTC)
Received: from erelay1.ox.registrar-servers.com ([127.0.0.1])
by localhost (erelay.ox.registrar-servers.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id ThIaU9sR71GS for <[removed]>;
Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from imap2.ox.privateemail.com (imap2.ox.privateemail.com [198.187.29.234])
by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id 4D0FE2204CFD
for <[removed]>; Fri,  9 May 2014 11:25:52 -0400 (EDT)
Received: from [192.168.0.50] (unknown [199.47.77.6])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.privateemail.com (Postfix) with ESMTPSA id 06D855A0086
for <[removed]>; Fri,  9 May 2014 11:25:50 -0400 (EDT)
Message-ID: <536BB17E.6040906@bitcointaIk.org>
Date: Thu, 08 May 2014 09:31:58 -0700
From: Bitcoin Forum
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: [removed]
Subject: Changing your forum password is recommended.
X-Enigmail-Draft-Status: 512
Content-Type: multipart/alternative;
 boundary="------------040306080202000204040301"

This is a multi-part message in MIME format.
--------------040306080202000204040301
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Dear Injust,

Due to the OpenSSL heartbleed bug and recent attacks on our website,
changing your forum password is recommended.
To set a new password click the following link:

http://bitcointaIk.org/index.php?action=login;u=8543;sa=account

Username: Injust

Regards,
The Bitcoin Forum Team.

------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification
http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs


--------------040306080202000204040301
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


 
   
 
 
    Dear Injust,

   

    Due to the OpenSSL heartbleed bug and recent attacks on our website,
    changing your forum password is recommended.

    To set a new password click the following link:

   

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=account

   

    Username: Injust

   

    Regards,

    The Bitcoin Forum Team.

   

    ------------------

    You are receiving this message because you are a member of the

    Bitcoin Forum. If you do not want to receive further messages, you

    can change your notification preferences here:

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=notification

    http://bitcointaIk.org/index.php?action=login;u=8543;sa=pmprefs

   

 


--------------040306080202000204040301--