Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

Research is to see what everybody else has seen, and think what nobody else has thought.

computers / news.admin.net-abuse.email / Re: Bitcoin scam via SSH, SMS and registration

SubjectAuthor
* Bitcoin scam via SSH, SMS and registrationAndreas Kohlbach
`- Bitcoin scam via SSH, SMS and registrationDavid Ritz

1
Bitcoin scam via SSH, SMS and registration

<87sfdbxt2w.fsf@usenet.ankman.de>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=452&group=news.admin.net-abuse.email#452

  copy link   Newsgroups: news.admin.net-abuse.email
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: ank@spamfence.net (Andreas Kohlbach)
Newsgroups: news.admin.net-abuse.email
Subject: Bitcoin scam via SSH, SMS and registration
Date: Fri, 07 Apr 2023 17:47:51 -0400
Organization: A noiseless patient Spider
Lines: 37
Message-ID: <87sfdbxt2w.fsf@usenet.ankman.de>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Info: dont-email.me; posting-host="124bdabe15b4a89ae1fd4234a5c1a160";
logging-data="1023141"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19ok4siwgBUU1ruktm++sSG"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:jw360MUv5uG6daxQFW9D7WWi5K8=
sha1:Ru4aFe57TZR1iFMTRfIgDQ0P7nI=
 by: Andreas Kohlbach - Fri, 7 Apr 2023 21:47 UTC

I love exploring spam, especially Bitcoin scam.

A few days ago one scam came which asks you to do a login via SSH, what I
did:

User: neertrektl4
Password :BDWnNB
16.170.239.178

The other via web on orchidcoin dot net with

Id: 97654621
Password: TG22M487.

It claims to has the bitcoin number
bc1q5mdrw6zsnumwk7hsy4vyd2c528tugzdyq3u2sa, although this appears to be
8 digits longer than usual.

In both cases it had to exactly be these credentials (random numbers were
not accepted). Both cases - of course - want you to first donate some
bitcoins before you get your million dollars. Interestingly in case of
the SSH method "your" bitcoin number needs to be (pseudo?) valid. So I
used one from a list of bitcoin scammers I collected, and it went
through.

The web version then wants to send an SMS code to a phone. Again it seems
to be real, because after I entered a random phone number the web page
said it sent a text message to that number, and you now have to enter the
PIN you received. So I stuck here not giving my real number.

Elaborate scam!

While I think I know how this scam works I am especially puzzled of why
using SSH. People knowing and be able to use SSH should have some brains,
thus not falling on this scam.
--
Andreas

Re: Bitcoin scam via SSH, SMS and registration

<82s9o2q6-65so-8r11-p85q-6no44n3sr1q5@zvaqfcevat.pbz>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=453&group=news.admin.net-abuse.email#453

  copy link   Newsgroups: news.admin.net-abuse.email
Path: i2pn2.org!i2pn.org!news.neodome.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: dritz@mindspring.com (David Ritz)
Newsgroups: news.admin.net-abuse.email
Subject: Re: Bitcoin scam via SSH, SMS and registration
Date: Sat, 8 Apr 2023 00:23:40 -0500
Organization: SpamBusters!
Lines: 34
Message-ID: <82s9o2q6-65so-8r11-p85q-6no44n3sr1q5@zvaqfcevat.pbz>
References: <87sfdbxt2w.fsf@usenet.ankman.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Trace: individual.net kQXN1cevRd0plWAIDo21CgGDeBU3z5XUMGtOCiBtVfs6x2jDxn
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:45BTi/O10GZr2DebLkRi96oeM64=
In-Reply-To: <87sfdbxt2w.fsf@usenet.ankman.de>
OpenPGP: id=9CD055375C05466038D2194852BC29991A12DEEB
X-Comment-1: Spam is bad. <http://trillian.mit.edu/~jc/humor/WhatIsSpam.html>
X-Comment-2: LART a spammer for Dobbs.
X-Comment-3: Invalid assumptions tend to produce invalid conclusions.
X-Comment-4: This message is intended to be read with a monospaced font.
X-Meow: yes
 by: David Ritz - Sat, 8 Apr 2023 05:23 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday, 07 April 2023 17:47 -0400,
in article <87sfdbxt2w.fsf@usenet.ankman.de>,
Andreas Kohlbach <ank@spamfence.net> wrote:

> I love exploring spam, especially Bitcoin scam.

[snip detailed description of mutiple hoops through which one must
jump]

> Elaborate scam!

True dat!

> While I think I know how this scam works I am especially puzzled of
> why using SSH. People knowing and be able to use SSH should have
> some brains, thus not falling on this scam.

It's obvious, these scammers never encountered the KISS priniple{*].

[*} https://en.wikipedia.org/wiki/KISS_principle

- --
David Ritz <dritz@mindspring.com>
Be kind to animals; kiss a shark.

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCZDD6XAAKCRBSvCmZGhLe
671+AKCIKZxKJ16pqSMS5lY8g/ywMV/cSACgzAjkm+lTm45Yr6e8qmOWkh4sHJA=
=bdBb
-----END PGP SIGNATURE-----

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor