Official-looking email scam, beware

[eltito]

Hi everyone,

I just received an official-ish looking email appearing to be from "server@darkcointalk"

Edit: Propulsion has looked into this - the source that the scammer is using is not darkcointalk.org. User data is secure on this site. The scammer probably picked up user data from another Darkcoin-related site (my guess would be a pool) and sent out emails appearing to be from darkcointalk.org because they know it is a trusted community resource. There is bound to be overlap between the users of the hacked source and users of darkcointalk.org.

Hello eltito,

We're happy to announce that RC4 v2 Windows Release is now available for download.

This mandatory update includes a complete rewrite of the Darksend protocol, which vastly improves transaction privacy and removes the 10 DRK limit for Darksend transactions.


10.12.31 (RC) Binaries: Includes Darksend - Masternode Operators

Windows .exe

https://dl.dropboxusercontent.com/s/..............zip



A huge thanks goes out to all of the users that helped us perfect this release on testnet. There were countless users who sent wallets and debug logs which helped the debug process tremendously. We couldn’t have done it without all of you.

Thanks,

The Darkcoin Team

SHOULD YOU RECEIVE A SIMILAR EMAIL, DO NOT DOWNLOAD THE LINKED FILE!! We believe this person is either phishing or trying to push out a virus.

The latest version of the Darkcoin software is 9.12.30 (stable) or 10.12.30 (RC).

I am in contact with Evan and Propulsion and we are looking into it.

 

[wmr1988]

I got the same email. Though the funny thing is this phishing email is what made me aware of the rc4 release as i clicked the darkcoin link at the corner.

 

[Propulsion]

When you receive an email from this site, it will state the above in details.

The Important thing to note is:
mailed by: darkcointalk.org
signed by: darkcointalk.org.

If not, it's not genuine.

 

[canibalbranco]

I received this email also.
This means that someone had access to user data on the server.
Nothing good.

 

[Propulsion]

Also note the sending name.

Delivered-To: [email protected]
Received: by 10.66.77.99 with SMTP id r3csp62760paw;
Fri, 15 Aug 2014 15:14:07 -0700 (PDT)
X-Received: by 10.112.105.168 with SMTP id gn8mr6954019lbb.77.1408140846729;
Fri, 15 Aug 2014 15:14:06 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mout.kundenserver.de (mout.kundenserver.de. [212.227.126.131])
by mx.google.com with ESMTPS id p9si14479720lah.48.2014.08.15.15.14.06
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 15 Aug 2014 15:14:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 212.227.126.131 as permitted sender) client-ip=212.227.126.131;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of cgi-mailer-bounces-384797580 @kundenserver.de designates 212.227.126.131 as permitted sender) smtp.mail=cgi-mailer-bounces-384797580 @kundenserver.de
Received: from icpu1072.kundenserver.de (infong1026.kundenserver.de [212.227.29.130])
by mrelayeu.kundenserver.de (node=mreue005) with ESMTP (Nemesis)
id 0LaHLm-1WWT0l2Rkk-00m5TH; Sat, 16 Aug 2014 00:14:05 +0200
Received: from 46.165.208.194 (IP may be forged by CGI script)
by icpu1072.kundenserver.de with HTTP
id 4A8oSY-1WfVZK2CQZ-00dY54; Sat, 16 Aug 2014 00:14:05 +0200
X-Sender-Info: <384797580@ icpu1072.kundenserver.de>
Precedence: bulk
To: [email protected]
Subject: RC4 - Darksend protocol mandatory update
Date: Sat, 16 Aug 2014 00:14:05 +0200
From: DarkcoinTalk <server@darkcointalk>
Message-ID: <822ee2717e5b7c234aebeb4867d7fc32@wohnmobileunited.de>
X-Priority: 3
X-Mailer: PHPMailer 5.2.6 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_822ee2717e5b7c234aebeb4867d7fc32"
Content-Transfer-Encoding: 8bit
X-Provags-ID: V02:K0:c6xVcwnZm/HjFXt2GFTvqFsBQiH1SL0dHn85+/NbKdX
q0EfdULt0Ycx5AqL7P4sv/vRIfqpTflFwepBjhPvzzOig2hynh
B3Y7tf1fSvCfj1yUId7p21Z1olR2g0Pn8Ofkzr9fXc9KGHQLEa
A+MvYXaVEXvmxd71XhKqNvYoDhToBCJ+gHY2NeSu8Ze5K5m5BZ
IhL8ziaS0UMzqGIha3dRLuFVNZppD9WTMlZ/abEeDXQg24PL0T
3A06yyQx/Kydb8zkiA+2GuhlTNOUbD7jjsLgR0FAp1kJLdN3Do
3EUVlBw4BELuz2PYPhEjvXGgjGC6xXKoJsMIhktv++wHTepxd1
yOb80Z4IKZzNcujdEPiXP+H953ZmbbsOJGJ/NRgWlbfq9SZgf1
nLW6QgBz2+2DASFCn5Ze6IxRut0/hQYQX9uk64TWb51uqycqH+
mFUCy
X-UI-Out-Filterresults: notjunk:1;

--b1_822ee2717e5b7c234aebeb4867d7fc32
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

DarkcoinTalk
Hello abngeek,

We're happy to announce that RC4 v2 Windows Release is now available for download.

This mandatory update includes a complete rewrite of the Darksend protocol, which vastly improves transaction privacy and removes the 10 DRK limit for Darksend transactions.


10.12.31 (RC) Binaries: Includes Darksend - Masternode Operators

Windows .exe: https://dl.dropboxusercontent.com/s/RETRACTED/darkcoin-0.10.12.31-win.zip

A huge thanks goes out to all of the users that helped us perfect this release on testnet. There were countless users who sent wallets and debug logs which helped the debug process tremendously. We couldn&rsquo;t have done it without all of you.

Thanks,

The Darkcoin Team
https://DarkcoinTalk.org/


--b1_822ee2717e5b7c234aebeb4867d7fc32
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

<html lang="en-US" dir="LTR">
<head>
<body dir="LTR" text="#141414" bgcolor="#F0F0F0" link="#176093" alink="#176093" vlink="#176093" style="padding: 10px">
<table cellpadding="0" cellspacing="0" border="0" dir="LTR" style="background-color: #F0F7FC;border: 1px solid #A5CAE4;border-radius: 5px;direction: LTR;">
<tr><td style="background-color: #D7EDFC;padding: 5px 10px;border-bottom: 1px solid #A5CAE4;border-top-left-radius: 4px;border-top-right-radius: 4px;font-family: 'Trebuchet MS', Helvetica, Arial, sans-serif;font-size:11px;line-height: 1.231;"><a href="https://DarkcoinTalk.org/" style="color: #176093; text-decoration:none">DarkcoinTalk</a></td></tr>
<tr><td style="background-color: #FCFCFF;padding: 1em;color: #141414;font-family: 'Trebuchet MS', Helvetica, Arial, sans-serif;font-size: 13px;line-height: 1.231;"><p style="margin-top: 0">Hello abngeek,<br>
<br>
We're happy to announce that RC4 v2 Windows Release is now available for download.<br>
<br>
This mandatory update includes a complete rewrite of the Darksend protocol, which vastly improves transaction privacy and removes the 10 DRK limit for Darksend transactions.<br />
<br />
<br />
<a href="https://dl.dropboxusercontent.com/s/RETRACTED/darkcoin-0.10.12.31-win.zip" target="_blank" style="text-align: center; font-size: 11px; font-family: arial, sans=
-serif; color: white; font-weight: bold; border-color: #3079ed; background-color: #4d90fe; background-image: linear-gradient(top,#4d90fe,#4787ed); text-decoration: none; display:inline-block; height: 27px; padding-left: 8px; padding-right: 8px; line-height: 27px; border-radius: 2px; border-width: 1px;"> <span style="color: white;"> 10.12.31 (RC) Binaries: Includes Darksend - Masternode Operators </span> </a> <br>
<br>
<b>Windows .exe:</b> <h4><a href="https://dl.dropboxusercontent.com/s/RETRACTED/darkcoin-0.10.12.31-win.zip" target="_blank">https://dl.dropboxusercontent.com/s/RETRACTED/darkcoin-0.10.12.31-win.zip</a></h4><br />
<br />
A huge thanks goes out to all of the users that helped us perfect this release on testnet. There were countless users who sent wallets and debug logs which helped the debug process tremendously. We couldn&rsquo;t have done it without all of you.<br>
<br>
Thanks,<br>
<br>
The Darkcoin Team</p></td></tr>
<tr><td style="background-color: #F0F7FC;padding: 5px 10px;border-top: 1px solid #D7EDFC;border-bottom-left-radius: 4px;border-bottom-right-radius: 4px;text-align: right;font-family: 'Trebuchet MS', Helvetica, Arial, sans-serif;font-size: 11px;line-height: 1.231;"><a href="https://DarkcoinTalk.org/" style="color: #176093; text-decoration: none">https://DarkcoinTalk.org/</a></td></tr>
</table>
</body>
</html>



--b1_822ee2717e5b7c234aebeb4867d7fc32--

Note the red. This message is not genuine at all.

 

[iHeartSmartArt]

There are tweets about this already.
Is it safe to say every darkcointalk account will get this?
Gee wiz

 

[Propulsion]

I received this email also.
This means that someone had access to user data on the server.
Nothing good.

Not necessarily. I don't believe that any emails were leaked. Also, if someone did have access to this server, they wouldn't have to impersonate the email account. They would have direct access.

A couple of questions:

• Have you signed up for the mailing list for updates?
• Have you ever shared the email account with any other site?
• Have you ever signed up with the mining pool either the old darkcoin.io one or the darkcointalk one?
• Are you signed up with any other darkcoin related service i.e. g+, facebook, twitter?
• Even more important, did you sign up with the same username as BitcoinTalk and have your email exposed from there?

Secondly, for you specifically canibalbranco i just typed in your username and bitcointalk in google. I now have your email account.

Also wmr1988 your email account is posted outside this site.

Unless specifically hiding your account on BitcoinTalk and you used the same username here, you might be targeted for phishing.

 

[CHAOSiTEC]

i did not recieve an email with those statements, so its safe to assume, they have gathered just a few emails in regard to darkcointalk / bitcointalk users

 

[canibalbranco]

Not necessarily. I don't believe that any emails were leaked. Also, if someone did have access to this server, they wouldn't have to impersonate the email account. They would have direct access.

A couple of questions:

• Have you signed up for the mailing list for updates?
• Have you ever shared the email account with any other site?
• Have you ever signed up with the mining pool either the old darkcoin.io one or the darkcointalk one?
• Are you signed up with any other darkcoin related service i.e. g+, facebook, twitter?
• Even more important, did you sign up with the same username as BitcoinTalk and have your email exposed from there?

Secondly, for you specifically canibalbranco i just typed in your username and bitcointalk in google. I now have your email account.

Unless specifically hiding your account on BitcoinTalk and you used the same username here, you might be targeted for phishing.

My concern is with the password.
Someone could post something with my name or even Evan.
Is it possible or not?

 

[Propulsion]

My concern is with the password.
Someone could post something with my name or even Evan.
Is it possible or not?

The emails were not sent from this server. At the moment, there is no indication that anyone has access to it.

As far as your passwords, they are stored in the database salted and hashed.

 

[canibalbranco]

The emails were not sent from this server. At the moment, there is no indication that anyone has access to it.

As far as your passwords, they are stored in the database salted and hashed.

That's good!
Propulsion, thanks for your explanation!

 

[Propulsion]

wmr1988 Your email is actually on a word list.

 

[canibalbranco]

I also hope that no one has installed this fake update!

 

[Propulsion]

I also hope that no one has installed this fake update!

What fake update? Edit: n/m I'm assuming you're talking about the dropbox link.

Always check the email signatures! Especially if it involves downloading anything.

 

[flare]

[...]

That's what sent me!!

Please remove the links from your post, they're scam.

 

[canibalbranco]

Please remove the links from your post, they're scam.

my apologies!

 

[Light]

Not necessarily. I don't believe that any emails were leaked. Also, if someone did have access to this server, they wouldn't have to impersonate the email account. They would have direct access.

A couple of questions:

• Have you signed up for the mailing list for updates?
• Have you ever shared the email account with any other site?
• Have you ever signed up with the mining pool either the old darkcoin.io one or the darkcointalk one?
• Are you signed up with any other darkcoin related service i.e. g+, facebook, twitter?
• Even more important, did you sign up with the same username as BitcoinTalk and have your email exposed from there?

Secondly, for you specifically canibalbranco i just typed in your username and bitcointalk in google. I now have your email account.

Also wmr1988 your email account is posted outside this site.

Unless specifically hiding your account on BitcoinTalk and you used the same username here, you might be targeted for phishing.

I didn't receive any scam email. This must be isolated cases.

 

[vertoe]

E-Mail is such a crap and unfixable protocol.

It's time we abondon e-mail and look out for real solutions, signed, end-to-end-encrypted, decentralized peer-2-peer, .... bitmessage, keyhotee, ...?

 

[fernando]

I didn't receive that email and I use my email address everywhere.

If we want to track the origin, we need information. I've created a google sheet to try to help. Please write any number in the first column so you can know which row is the one you filled (don't write your user name to avoid giving more information), say if you received the email in the second column and put an x in the services you have signed up with the same email address. I've done columns only for the services I've signed up, feel free to add columns. We should find the overlap quite fast if enough of us fill the data.

https://docs.google.com/spreadsheets/d/1agXdu3BuYgKap9sB8tBVSoEi4F_1OF_BykYhRQxvvrE/edit?usp=sharing

 

[tungfa]

i honestly believe they cross checked usernames between darkcointalk and bitcointalk , and if users do not hide their email address (in bitcointalk) they get spammed !
everybody should hide their email in bitcointalk !!!!