Warning: new scam email - don't click the link!

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
DarkcoinTalk
Hello thelonecrouton,

We're happy to announce that Darkcoin Version 10.15.19 v2 Windows Release is now available for download.

Who Needs To Update?

All Darkcoin users must update their clients.

What’s New?

Part of securing the Darkcoin network is creating a strong and healthy network of full nodes to back it up. These nodes provide many tasks for users such as propagating messages, syncing clients and mixing users funds via Darksend.




Windows .exe:

<link removed>

A huge thanks goes out to all of the users that helped us perfect this release on testnet. There were countless users who sent wallets and debug logs which helped the debug process tremendously. We couldn’t have done it without all of you.

Thanks,

The Darkcoin Team
 
Last edited by a moderator:

flare

Administrator
Dash Core Team
Moderator
May 18, 2014
2,286
2,404
1,183
Germany
Never ever download binaries which are not originating from official website, and check signature of files for authenticity (either the files are signed by me or Evan)

 

fernando

Powered by Dash
Dash Core Team
Moderator
Foundation Member
May 9, 2014
1,527
2,058
283
Can we track from what IP it was sent?
Probably using Tor or a VPN. I was talking about what the user sees in the email, what identity is the scammer faking.
 

fernando

Powered by Dash
Dash Core Team
Moderator
Foundation Member
May 9, 2014
1,527
2,058
283
Can we track from what IP it was sent?
Probably using Tor or a VPN. I was talking about what the user sees in the email, what identity is the scammer faking.
 

flare

Administrator
Dash Core Team
Moderator
May 18, 2014
2,286
2,404
1,183
Germany
Probably using Tor or a VPN. I was talking about what the user sees in the email, what identity is the scammer faking.
I think they are pretending to be "darkcointalk" - Evan will push out a warning via official twitter as well.

Edit: confirmed

Code:
From: DarkcoinTalk <[email protected]>
 
Last edited by a moderator:

splawik21

Moderator
Dash Core Team
Foundation Member
Dash Support Group
Apr 8, 2014
1,936
1,293
1,283
Probably using Tor or a VPN. I was talking about what the user sees in the email, what identity is the scammer faking.
Probably you`re right but meaby he did obvious mistake, sometimes ppl do stupid things in hurry...
 
  • Like
Reactions: fernando

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,840
2,648
1,183
Dash Nation
www.dashnation.com
DarkcoinTalk
Hello thelonecrouton,

We're happy to announce that Darkcoin Version 10.15.19 v2 Windows Release is now available for download.

Who Needs To Update?

All Darkcoin users must update their clients.

What’s New?

Part of securing the Darkcoin network is creating a strong and healthy network of full nodes to back it up. These nodes provide many tasks for users such as propagating messages, syncing clients and mixing users funds via Darksend.




Windows .exe:

<link removed>

A huge thanks goes out to all of the users that helped us perfect this release on testnet. There were countless users who sent wallets and debug logs which helped the debug process tremendously. We couldn’t have done it without all of you.

Thanks,

The Darkcoin Team
Tweeted. Please RT if you're able!
 

tungfa

Grizzled Member
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,902
6,737
1,283
I post it as well ... tx crouton ....>
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
thelonecrouton thanks for posting! Who appears to be sending it?
Here's the full thing:
Code:
Delivered-To: [email protected]
Received: by 10.216.93.70 with SMTP id k48csp58224wef;
  Thu, 6 Nov 2014 06:16:52 -0800 (PST)
X-Received: by 10.194.59.17 with SMTP id v17mr3964291wjq.130.1415283411996;
  Thu, 06 Nov 2014 06:16:51 -0800 (PST)
Return-Path: <[email protected]>
Received: from cg6-p07-ob.smtp.rzone.de (cg6-p07-ob.smtp.rzone.de. [2a01:238:20a:202:5317::1])
  by mx.google.com with ESMTPS id l10si10113194wia.78.2014.11.06.06.16.51
  for <[email protected]>
  (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
  Thu, 06 Nov 2014 06:16:51 -0800 (PST)
Received-SPF: temperror (google.com: error in processing during lookup of [email protected]: DNS timeout) client-ip=2a01:238:20a:202:5317::1;
Authentication-Results: mx.google.com;
  spf=temperror (google.com: error in processing during lookup of [email protected]: DNS timeout) [email protected]
X-RZG-CLASS-ID: cg07
Received: from magpyr.store ([192.168.45.44])
   by joses.store (RZmta 35.10 OK)
   with ESMTP id m01121qA6EGp4yR
   for <[email protected]>;
   Thu, 6 Nov 2014 15:16:51 +0100 (CET)
Received: (from Unknown UID [email protected])
   by post.webmailer.de (8.13.7/8.13.7) id sA6EGpHp016839;
   Thu, 6 Nov 2014 14:16:51 GMT
X-Authentication-Warning: magpyr: Unknown UID 1556244 set sender to [email protected] using -f
To: [email protected]
Subject: Darkcoin Version 10.15.19 v2 Windows Release mandatory update!
Date: Thu, 6 Nov 2014 15:16:51 +0100
From: DarkcoinTalk <[email protected]>
Message-ID: <[email protected]>
X-Priority: 3
X-Mailer: PHPMailer 5.2.6 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary="b1_20b7b6be3e987a4bbca8fc005876ce94"
Content-Transfer-Encoding: 8bit
X-RZG-SCRIPT: :fTVROxP/Na60Tyg037gGl1iFAM9bcnLo1LCqjFJxV2cG7ZseU7BlTV7aTGyUWMytYHZNyotNR351M8HNJMFG9qAewEfVKR5U58yI2mDlIRsAo//FZw==

--b1_20b7b6be3e987a4bbca8fc005876ce94
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

DarkcoinTalk
Hello tlc,
 
We're happy to announce that Darkcoin Version 10.15.19 v2 Windows Release is now available for download.

Who Needs To Update?

All Darkcoin users must update their clients.

What&rsquo;s New?

Part of securing the Darkcoin network is creating a strong and healthy network of full nodes to back it up. These nodes provide many tasks for users such as propagating messages, syncing clients and mixing users funds via Darksend.


  10.15.19 v2 Binaries: Includes Darksend - Masternode Operators 

Windows .exe:  retracted

A huge thanks goes out to all of the users that helped us perfect this release on testnet. There were countless users who sent wallets and debug logs which helped the debug process tremendously. We couldn&rsquo;t have done it without all of you.

Thanks,

The Darkcoin Team
https://DarkcoinTalk.org/


--b1_20b7b6be3e987a4bbca8fc005876ce94
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

<html lang="en-US" dir="LTR">
<head>
<body dir="LTR" text="#141414" bgcolor="#F0F0F0" link="#176093" alink="#176093" vlink="#176093" style="padding: 10px">
<table cellpadding="0" cellspacing="0" border="0" dir="LTR" style="background-color: #F0F7FC;border: 1px solid #A5CAE4;border-radius: 5px;direction: LTR;">
<tr><td style="background-color: #D7EDFC;padding: 5px 10px;border-bottom: 1px solid #A5CAE4;border-top-left-radius: 4px;border-top-right-radius: 4px;font-family: 'Trebuchet MS', Helvetica, Arial, sans-serif;font-size:11px;line-height: 1.231;"><a href="https://DarkcoinTalk.org/" style="color: #176093; text-decoration:none">DarkcoinTalk</a></td></tr>
<tr><td style="background-color: #FCFCFF;padding: 1em;color: #141414;font-family: 'Trebuchet MS', Helvetica, Arial, sans-serif;font-size: 13px;line-height: 1.231;"><p style="margin-top: 0">Hello tlc,<br>
  <br>
We're happy to announce that Darkcoin Version 10.15.19 v2 Windows Release is now available for download.<br>
<br>
<strong>Who Needs To Update?</strong><br>
<br>
All Darkcoin users must update their clients.<br>
<br>
<strong>What&rsquo;s New?</strong><br>
<br>
Part of securing the Darkcoin network is creating a strong and healthy network of full nodes to back it up. These nodes provide many tasks for users such as propagating messages, syncing clients and mixing users funds via Darksend.<br />
<br />
<br />
<a href="retracted" target="_blank" style="text-align: center; font-size: 11px; font-family: arial, sans=
-serif; color: white; font-weight: bold; border-color: #3079ed; background-color: #4d90fe; background-image: linear-gradient(top,#4d90fe,#4787ed); text-decoration: none; display:inline-block; height: 27px; padding-left: 8px; padding-right: 8px; line-height: 27px; border-radius: 2px; border-width: 1px;"> <span style="color: white;"> 10.15.19 v2 Binaries: Includes Darksend - Masternode Operators </span> </a> <br>
<br>
<b>Windows .exe:</b>  <h4><a href="retracted" target="_blank">retracted</a></h4><br />
<br />
A huge thanks goes out to all of the users that helped us perfect this release on testnet. There were countless users who sent wallets and debug logs which helped the debug process tremendously. We couldn&rsquo;t have done it without all of you.<br>
<br>
Thanks,<br>
<br>
The Darkcoin Team</p></td></tr>
<tr><td style="background-color: #F0F7FC;padding: 5px 10px;border-top: 1px solid #D7EDFC;border-bottom-left-radius: 4px;border-bottom-right-radius: 4px;text-align: right;font-family: 'Trebuchet MS', Helvetica, Arial, sans-serif;font-size: 11px;line-height: 1.231;"><a href="https://DarkcoinTalk.org/" style="color: #176093; text-decoration: none">https://DarkcoinTalk.org/</a></td></tr>
</table>
</body>
</html>
 
Last edited by a moderator:
  • Like
Reactions: fernando

tungfa

Grizzled Member
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,902
6,737
1,283
are we being hacker at DCT or something ?!
maybe we should wipe out some history we have stored on the servers !?
i might be paranoid, but i thought before that there are a LOT of communications and information stored here !!
 

fernando

Powered by Dash
Dash Core Team
Moderator
Foundation Member
May 9, 2014
1,527
2,058
283
How are they getting the email addresses to send to?
Some people publish them in their bitcointalk profiles. Or we all sign up for too many services and some may have been hacked. Even Mintpal :)
 

tungfa

Grizzled Member
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,902
6,737
1,283
Some people publish them in their bitcointalk profiles. Or we all sign up for too many services and some may have been hacked. Even Mintpal :)
hahaaa
that is an interesting thought !

how many people actually received the email ?
i did not get anything
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
How are they getting the email addresses to send to?
The dark web probably, paid for with Darkcoin. :D

My gmail account is about as old as gmail accounts get, I take the usual simple precautions, mostly, but I'm not paranoid about it, there's nothing of real value there, it's disposable.
 

spatula

Well-known Member
Foundation Member
Oct 31, 2014
49
39
158
Luckily, I didn't get the email with the account I used to register on DCT.
 

spatula

Well-known Member
Foundation Member
Oct 31, 2014
49
39
158
The dark web probably, paid for with Darkcoin. :D

My gmail account is about as old as gmail accounts get, I take the usual simple precautions, mostly, but I'm not paranoid about it, there's nothing of real value there, it's disposable.
Well we all know your email now!
 

fernando

Powered by Dash
Dash Core Team
Moderator
Foundation Member
May 9, 2014
1,527
2,058
283
me neither, thought that meaby gmail users, but checked mail there too...no mail from the scamer.
TLC I think you`re the chosen one ;D
They know his computer is full of darkcoins :)
 

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
DKIM Sig.png

Always check the signed by. Once again, this site will never send out an email to notify anyone of a wallet update. The phishing email was not sent from this server. The above picture shows a legitimate email and signature. Below is the legitimate email source. Note: that this site's actual email address is : [email protected] Very important to notice the ".org".

Received-SPF: pass (google.com: domain of [email protected] designates 2a00:1450:400c:c00::234 as permitted sender) client-ip=2a00:1450:400c:c00::234;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 2a00:1450:400c:c00::234 as permitted sender) smtp.mail=[email protected];
dkim=pass [email protected]
 

drakee

New Member
Aug 3, 2014
25
13
3
Denver, CO
wolfgirl.bandcamp.com
Since the infected binary was hosted on Dropbox, I emailed Dropbox and asked them to remove the file. They replied:

The email you are reporting is fake and not sent by Dropbox. It contains a link to a file hosted by a Dropbox user, but that file is either spam, malware, or a "phishing" page. Dropbox has disabled the link and banned the user.

In the future, you can email [email protected] with this type of information.

If you receive fake email that includes links to dropbox.com URLs (or dropboxusercontent.com) then please forward the entire email, with complete links, to [email protected]. Screenshots or copy/pasted emails do not contain the information we need to proceed. Just forward the complete email to [email protected]. There is no need to add any comments. You will not receive a reply but the links will be analyzed and taken down in a timely fashion.
So FYI, we can report Dropbox-hosted malicious files and they will both remove the link and ban the user!
 
  • Like
Reactions: splawik21 and flare