

Bitcoin phishing attempt - aaronpk
http://pastebin.com/uYThB3qh

======
Cthulhu_
I'm invincible to these schemes, I play Eve Online. Go into a random trade hub
and you get people shouting SEND ME E-MONEY AND I'LL DOUBLE IT!

They link to a 'public' API showing that player's financial transactions over
time, giving 'proof' that what he claims is legit. And for low quantities, it
works too - to build trust, of course. But when the scammed sends over a large
quantity of money, the scammer will add that to the 'API page' and claim the
user's trying to scam him or there's supposedly a technical problem, or
something.

In this case, the scammer could improve by linking to a 'transaction log'
online, and by offering to double someone's small amounts of bitcoin. With the
current rates, that'd have to be like 0.01 BTC ($7). Those would be used to
lure people in, going OMG IT WORKS, until they transfer, say, 10 BTC, after
which the scammer simply doesn't return the money.

------
joebo
Can someone elaborate on how this could even work? If someone asked me to give
them a dollar and I'd get 3 dollars back in one hour, I'd want to know what
they are doing with my dollar. I assume the subtext is "we have some
guaranteed way to arbitrage bit coins at a 300% return - send us your money
and we'll give you at least that much back". I realize it's a scam. I just
don't understand how the scam could work.

~~~
hmottestad
It could very well be money laundering.

Send a legit bitcoin and they send you back 3 stolen bitcoins from one of the
mt.gox hacks.

~~~
nullymcnull
At the current exchange rate, they would be losing ~$1400 USD to 'clean' $700.
Nobody launders money at such a drastic loss.

Given that they say their minimum 'deposit' is 1 BTC, even finding a handful
of extremely gullible marks will be quite lucrative for them. That's all the
motive necessary. It goes without saying that no one who sends BTC to this
address is going to see anything back.

~~~
Tenoke
>At the current exchange rate, they would be losing ~$1400 USD to 'clean'
$700.

This is valid at any exchange rate, not just the current one.

------
wlk
How can any bitcoin miner be that naive?

As you can see for now none fell for that (assuming they have one address for
all "investments"):
[https://blockchain.info/address/18PyfH1AqV2DbEweh6USf1HYg7D9...](https://blockchain.info/address/18PyfH1AqV2DbEweh6USf1HYg7D9HuC2Uf)

~~~
hn12394871023
Yes, the intersection of the 'able to send bitcoin somewhere' and 'dumb enough
to fall for this' populations is probably zero.

------
dpacmittal
Excuse me for being pedantic but how is this a "phishing" attempt?

~~~
hatu
I thought phishing meant fishing for usernames and passwords. This just seems
like a run of the mill stupid scam attempt that happens to say Bitcoin instead
of dollars.

------
SomeoneWeird
This happens all the time, it's nothing special. Normally targeting known btc
users, using emails from leaked DBs (eg. gox)

------
smoyer
Bitcoin needs to make it much further into the non-techie markets before this
yields enough to make it worthwhile. Of course if this con is run by a pro,
they'll actually profile each mark and return the amount promised during the
first round, hoping for a much bigger score on the second round.

------
calvintennant
Heh:
[https://blockchain.info/address/18PyfH1AqV2DbEweh6USf1HYg7D9...](https://blockchain.info/address/18PyfH1AqV2DbEweh6USf1HYg7D9HuC2Uf)

No transactions found for this address, it has probably not been used on the
network yet.

------
welder
I also got this email and noticed it's from a bogus mail server:

Received-SPF: softfail (google.com: domain of transitioning
noreply@bitcoin.org does not designate 62.149.157.234 as permitted sender)

Wonder why Google's spam filtering didn't catch it...

~~~
benedikt
Did the email you got contain the same "investment address"?

~~~
welder
Yes

------
bpeel
1 BTC is a really high minimum investment. Maybe they'd have a better chance
of scamming people if they started a bit lower.

~~~
showsover
They might be A/B testing it.

------
aaronpk
I'm curious if the emails other people got have the same bitcoin address or if
they used unique addresses per email.

~~~
josu
Judging by the blockchain info [0] they are either using unique addresses or
the scam isn't very successful.

[0]
[https://blockchain.info/address/18PyfH1AqV2DbEweh6USf1HYg7D9...](https://blockchain.info/address/18PyfH1AqV2DbEweh6USf1HYg7D9HuC2Uf)

------
jacobr
I got it as well, I wonder how they chose their targets?

~~~
nadaviv
Did they use the same Bitcoin address as in the pastebin?

It seems like no one paid them anything yet [1], but they might be using a
unique address per email.

[1]
[http://blockchain.info/address/18PyfH1AqV2DbEweh6USf1HYg7D9H...](http://blockchain.info/address/18PyfH1AqV2DbEweh6USf1HYg7D9HuC2Uf)

