Jump to content

Welcome to Drugbuyersguide

milex

Protonmail warning message

Recommended Posts

Mushy

Can any of you with a scam email chain take a screenshot and show me what it looks like?

Share this post


Link to post
Share on other sites
Mushy
2 hours ago, 2earls said:

I just tried to  look at the scam emails I received and they are gone. And by scam email I mean the ones where they were sending the fake payment info. Is this happening to everyone else as well?

Maybe yours are missing  ecause they have been reported as scammer and protonmail deleted them?

Share this post


Link to post
Share on other sites
Idaknowbetter

A13017A5-6BB5-4B95-B822-40630414FF2D.thumb.png.828954b257c833bfbaadac567737f52b.png

  • Sad 1

Share this post


Link to post
Share on other sites
Mushy

The domain olatpharrna does not exist. So its clearly a spoofed email. Have you got the headers for that email?

 

What does the reply to header say?

Share this post


Link to post
Share on other sites
Fenrir

Is phishing and spear phishing the same thing, or is spear phishing more like selective scamming?

Share this post


Link to post
Share on other sites
DoomKitty

@2earls Couple ideas: Depending on however the hack is being done they could be taking advantage of Protonmail's "auto-destruct" option (seems likely).  Or if you labelled the suspect email as spam it's possible that it was auto-moved to the spam folder and subsequently deleted somehow by your email provider?  Protonmail will move the email to spam once marked spam or once you click "report phishing" but they can't delete the email except when the spam folder does it's auto-delete which i think is either 7 or 14 days like most emails.  Also possible your email is compromised and the attacker deleted it?

That particular btc address posted above shows about 5800 having been stolen, all then transferred into an address that contains about $233000 worth of btc.......

@Fenrir spear-phishing is just targeted phishing where the fraudulent emails are specific to the group/individual being targeted.  this attack would be called spear-phishing i think

Edited by DoomKitty
  • Like 1

Share this post


Link to post
Share on other sites
Mushy

This hack doesnt seem as scary as forst thought. I was thinking the scammer can inject at will to any protonmail chain.

From what i see

The scammer has access to olart pharmas protonmail probably by fishing or guessing the password.

They sit reading the emails waiting for someone to request payment.

They use any number of email spoofer to send an email from olartpharrna to seem similar.

Whats weird is that they dont reply from olartpharmas account and send the fake wallet. They send from a spoofed address. Which might mean they can only read the email they get.

Maybe a way of remotely viewing olart pharmas screen they use  to view protonmail i.e a trojan.

Or perhaps since they keep using the same address its a pre programmed response.

 

Overall id say olart has been infected by a trojan that sits dorment when it detects a new protonmail email is recieved it forwards the chain to the scammer. Then deletes the email the scammer reads and if its requesting btc address he quickly sends back the forged email  hes been forwarded with the wallet address.

Share this post


Link to post
Share on other sites
aenima1336

@Mushy

I've never had contact with olart in any way, though I got the scam mails. After this, I've made myself a new account and only informed one vend from here and got the same mails again. 

So I guess this has to be someone of "us" who has access to the vendor threads and email-addresses, no? But wow and especially 'why' the person is doing this is another question. 

But I think it actually is deeper than we think.

Share this post


Link to post
Share on other sites
Mushy
1 hour ago, aenima1336 said:

@Mushy

I've never had contact with olart in any way, though I got the scam mails. After this, I've made myself a new account and only informed one vend from here and got the same mails again. 

So I guess this has to be someone of "us" who has access to the vendor threads and email-addresses, no? But wow and especially 'why' the person is doing this is another question. 

But I think it actually is deeper than we think.

You mean different emails you got the standard phjishing emails to get your login so did i. But people have been getting fake btc wallet addresses in email chains from suppliers

Share this post


Link to post
Share on other sites
DoomKitty

I can't edit my suggestion post above, but obviously always update your computer/phone and browser and do not run a operating system that doesn't have current updates/security patches available for it.  That ESPECIALLY goes for all you PC users both because they are infinitely more vulnerable and also seeing as Windows 7 just got obsoleted....

Apparently this method of attack by compromising a machine and then inserting replies in pre-existing email threads is quite common:

https://www.cyberscoop.com/hacking-hijack-palo-alto-networks-spearphishing/

https://www.zdnet.com/article/this-sneaky-phishing-attack-hijacks-your-chats-to-spread-malware/

https://healthitsecurity.com/news/emotet-trojan-resurfaces-hijacking-email-content-from-victims

Edited by DoomKitty
  • Like 2

Share this post


Link to post
Share on other sites
delawaredrew
19 hours ago, Mushy said:

The domain olatpharrna does not exist. So its clearly a spoofed email. Have you got the headers for that email?

 

What does the reply to header say?

I have the full headers to all the phishing emails I received, can post to pastebin or where ever you like. If you can DM me that's fine too.
TL;DR is that the return path for all are protonmail addresses.

Edited by delawaredrew

Share this post


Link to post
Share on other sites
Idaknowbetter

@Mushy hey, sorry bout not sharing email headers; I deleted proton right after I sent the previous screenshot. 

Share this post


Link to post
Share on other sites
DoomKitty

Looks like Protonmail finally got around to sending out a "Your email was part of a phishing attack" email!!  Link to their blog posting about preventing phishing attacks: Prevention.

  • Like 1

Share this post


Link to post
Share on other sites
milex

With any end-to-end encrypted email service you have to accept that security can't be as robust as commercial email services. For example, Gmail logs the shit out of everything you do, including every IP address you use plus every device and browser. This way they can warn you if your account is accessed from a new device or a suspicious IP address. ProtonMail and other end-to-end encrypted email services don't do this, and rightfully so. Anonymity is a bigger priority, so they log as little about you as possible making phishing attacks much more difficult to detect. As long as you have the correct username and password, nothing else matters. They can't check and warn you if your account is logged in from a new device or a suspicious IP because they don't log that stuff in the first place, it's a compromise you just have to accept for wanting to remain anonymous. However, 2FA is something that, IMO, ProtonMail should enable by default on all accounts. It would have prevented all the recent phishing attacks and in-keeping with anonymity, ProtonMail don't require a mobile phone number, they use third party 2FA apps like Authy or Google Authenticator to generate 2FA codes. It's essential that anyone using end-to-end encrypted email also use 2FA, ProtonMail or otherwise. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...