Silk Road forums

Discussion => Security => Topic started by: Traversis on October 19, 2011, 06:48 pm

Title: What is phishing!? I think i was phished!
Post by: Traversis on October 19, 2011, 06:48 pm
My bitcoins mysteriously disappeared, 42 of them! There was a noteless withdraw. Unless it due to an error with the outage, i think somebody stole them. Anyways, what is this phishing phenomenon that i read about?
Title: Re: What is phishing!? I think i was phished
Post by: happytree on October 19, 2011, 06:59 pm
I'm not sure - but I went to the Tor Directory, which lists a gang of sites, while I'm waiting for the main site to be back up. And I usually go to Social: Talk Masked site to chat anonymously. There, about 5 or 6 links/onions above the TalkMasked site, is one labelled "Phishing Scam" then "Silk Road". It posts a link, which is NOT the same as the one I have bookmarked (which I was told  do in the very beginning to AVOID phishing scams.) The onion (http://dppmfxaacucguzpc.onion/index.php) appears to be the same as the normal SR site, however, since it IS different than the one I normally go to through my bookmarked sites, I won't login.
Title: Re: What is phishing!? I think i was phished
Post by: lvlbrained on October 19, 2011, 07:10 pm
if you ever used a link from hidden wiki to log in you have probably been phished. only use a bookmark or if you must you can find the address on gawker article or something but never use hidden wiki link or any link that is editable by users.
Title: Re: What is phishing!? I think i was phished
Post by: Traversis on October 19, 2011, 07:30 pm
 :-\ Thanksyou, this must be what happened. But what is phishing, how do they do it?
Title: Re: What is phishing!? I think i was phished
Post by: Diamond on October 19, 2011, 07:37 pm
:-\ Thanksyou, this must be what happened. But what is phishing, how do they do it?

Phishing is really just tricking you into giving someone your name and password to a website. There are a dozen different sites that are designed to look like the Silk Road login site, you enter your name and password their, and the owner of that fake site has it and can use it to steal from you.

Never, ever, ever trust the Hidden Wiki to have the right address.
Title: Re: What is phishing!? I think i was phished
Post by: Traversis on October 19, 2011, 07:54 pm
So i just gave my money away, damn. :-* Well lesson learned. Thank you very much, sir.
Title: Re: What is phishing!? I think i was phished
Post by: fisher on October 19, 2011, 07:57 pm
it is really quite simple to build a phishing site, and surprisingly, hundreds of people log into them each day. I see your user id in my phishing database more than any other user traversis, but when I logged in to your account, first there were no bitcoins to be had, but then the following day, there had been coins there, but they had already been taken by another phisher. I will do you a favor. this is the real Silk road address. save this address to a text file and ONLY use this test file to get the link!

http://ianxz6zefk72ulzz.onion/

It is surprising how many people use the hidden wiki to go direct to the store, and not the forum. I think the link to the store should be listed somewhere on the main page of the forum, because people like me never mess with the forum link on the hidden wiki, and if people didn't use our phishing links, we would be forced to try to scam peoples bitcoins from them. (this is more profitable, but also more time consuming) scamming on Silk road has paid off about 10k USD over the course of about two months, but phishing has only made me about $500 this week. unfortunately, I haven't had the time to devote to running scams this week, and the SR outage has slowed the phishing success, but I will be happy to give some help to SR with an idea to help stop phishers like me from being able to take BTC from people too lazy to check their links.
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 08:04 pm
If there were an implementation of a seperate password used for withdraws, and user transfers, and it was either generated by SR and given during registration, unique for each user, and not changeable without approval, even when people like me got a login ID and password, we wouldn't be able to withdraw the bitcoins anywhere. our only option would be to change the login password, and use the account to purchase from the store. then anyone who sold to that user id would have the physical address of the phishers, and that could be used to discourage people from putting up phishing sites unless they were VERY elaborate to be able to harvest the withdraw password
Title: Re: What is phishing!? I think i was phished!
Post by: happytree on October 19, 2011, 08:16 pm
Hey fisher, why don't you go and chomp on some PedoBalls, you fucktard. Imagine the good you could do the world with your intelligence, if only you weren't so self-absorbed and consumed to steal and thieve. You belong right along side Pedos, you useless fuck.
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 08:52 pm
a couple of things In my defence, first, I don't need the money, so 95% of what I get I donate to various charities, second, my phishing site is NOTHING like the actual SR site, and last, I spend alot more time messing up the pedo sites than stealing from silk roaders who don't have the sense to spot a fake. If I had more knowlege of actual hacking, I would gladly lend my services to help bring down the pedo sites completely, but I do what I can (even if that means only changing the hidden wiki links to pedo sites to fbi.gov)

I also will gladly help anyone who needs help with basics like setting up and using pgp, donate btc to anyone who asks, and help people spot scams like mine.  sometimes it takes a thief to stop a thief

also, when I am running a scam, if anyone asks me directly if I am scamming, my answer is always "yes".
Title: Re: What is phishing!? I think i was phished
Post by: Traversis on October 19, 2011, 08:55 pm
Silk road has paid off about 10k USD over the course of about two months, but phishing has only made me about $500 this week. unfortunately, I haven't had the time to devote to running scams this week, and the SR outage has slowed the phishing success

Well I appreciate for the insiders information and yes I will only use that link from now on, thank you. However that's a lot a money that you managed to make; as I have recently lost some may I please have some. I will speak very kindly of you, and it will help your luck in other endeavors. Please and thank you, sir.
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 08:58 pm
as soon as SR is back up, I will send you over some coins. If you dont want to wait till then, go to

https://www.instawallet.org/w/xoyfQOaJeMu2IRJnGZmTng

you can't send the coins to another address until there is 1 network confirmation, so keep an eye on the block chain and transfer it as soon as you can

and there will be some BTC there waiting for you, but get there quick because this is posted on an open forum
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 09:11 pm
last bit of advise is change your passwords often. I personally change my password each time I log in to an account I actually use. also, make your password secure. it doesn't have to be a word or number just some jibberish with symbols like ╖Φ<, etc  and put it in your text file along with the address. then just copy and paste....then change it
Title: Re: What is phishing!? I think i was phished!
Post by: Traversis on October 19, 2011, 09:16 pm
Wow, I wrote that before you posted! Finally some good luck! You are a good man, sir, and thank you for doing everything you can to stop the pedo sites, that is truly noble. I will have to wait for silk to return as I have no wallet yet and don't want to risk waiting to get one, Would you consider the 40 i lost, that would be a very good gift. More or less, thank you in either case.

 Good things to you for you! Let me know if i can help you in any way! Im already going to say good things should the opportuinity arise
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 09:22 pm
well, someone jumped right on that offer, because those BTC are already transfered! if it wasn't you traversis, I will send you some when SR is back up. I don't know how many I have in my SR wallet, but if I can do 40, I will.  A lot of the bitcoins I had last week went to sending food and deodorant to the occupy wallstreet crowd, but I should have enough left to get you back what you lost.
Title: Re: What is phishing!? I think i was phished!
Post by: Traversis on October 19, 2011, 09:27 pm
It wasn't me I looked, said 12 btc, but i didn't have wallet to transfer it to. Thank you so much again, sir!

Please don't judge this person, he's already given btc's to two people!!!!! :-)
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 09:37 pm
I would like to know who took them though. I have no problem telling the whole SR community that I stole them to begin with, but who took them when they were supposed to go to traversis? I would bet that it was one of the "he is so bad for doing that" crowd, but what you've just done is no different than what I have been doing, so just post here that you took them! I will continue to do what I've been doing, regardless, and I will keep my word to you traversis, I just want to know who else is just like me.
Title: Re: What is phishing!? I think i was phished!
Post by: Traversis on October 19, 2011, 09:40 pm
Also he offered before i even asked for them, i wasn't aware before I finished posting. This is actually really heart warming, wow.
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 09:57 pm
hey,
 SR is back up, but I don't have 40 in my SR wallet. if you send me your deposit address, I will send them to you that way
Title: Re: What is phishing!? I think i was phished!
Post by: Traversis on October 19, 2011, 10:05 pm
is it safe here or should i pm you
Title: Re: What is phishing!? I think i was phished!
Post by: maranelloTHCC on October 19, 2011, 10:08 pm
i also lose my BTC 17,6 now i think that was phishing attack ;/ ehh whats a pitty :( so now i dont buy on SR ehh
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 10:10 pm
all anyone can do with it is send you bitcoins, but you can alsways modify your post and remove it in a few minutes
Title: Re: What is phishing!? I think i was phished!
Post by: Traversis on October 19, 2011, 10:11 pm
1QB45EZWhRuncHEbux5hypxKPsW99K81Mb   Just incase of a miracle. Thank you so much man!

Forgive this man! How can we help take down the ped sites!!!
Title: Re: What is phishing!? I think i was phished!
Post by: maranelloTHCC on October 19, 2011, 10:19 pm
person who like ped sites must be sick for me , so we can fight with it :) but fisher is good better  than people which stolen my BTC ehh ;/ i am little dissapointed of my internet security
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 10:26 pm
I've had ethics my whole life, but only been a thief for a few years. like I said earlier, I do not need the money, I find it fun...almost more fun than taking drugs. definately more fun than gambling, and there are people who do need the money and cant raise it. so my thoughts are that if people have enough money to be spending on drugs from anon sources, they could easily donate it to those who are being thrown from their homes, and have lost their jobs.

so yes, I am a thief with ethics
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 10:39 pm
traversis your coins are on their way from 1KgZgcJ75yYY3c7kwFKu5yBqFHB4TYjt3r
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 10:51 pm
sorry you guys feel that way, but my phishing site looks nothing like the real SR, and like I said, when I set up scam products for sale, I only take money from those who either do direct transfers, or release payment early without asking any questions to me. you would be surprised how many people on here see a listing for cocaine, and just buy it, and release funds as soon as I put it "in transit" without so much as a single question to me about the product, quality, "are you a real person" or anything for that matter. I am sure you've heard that a fool and his money are soon parted. be a dumbass and transfer your money to someone without ANY real reason to do it, or log into a silk road page with a different background color than your used to (mine is VERY different than the real SR) and you too will be parted with your money. But if you pay attention to what the fuck your doing here, ask questions, expect proof from sellers (same as I'm sure you would on a street corner) you won't lose any money here. By the way, would you ever walk up to someone on a street corner because you heard he sold drugs, hand him a couple hundred bucks, then wait for him to come back a couple days later with your shit?  I didn't fucking think so.
occupy wallstreet was what I did last week, not because I agree with their cause or anything other than it seemed like a good thing to do. there are two major childrens hospitals that the money usually goes to, because I DO believe in the work they do, and I will take money from anyone stupid enough to give it to me to help their cause


anyway, who took the 12 BTC I put in an instawallet for traversis? I bet it was you shiznit or mrgrey..
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 19, 2011, 11:50 pm
traversis, your 40 BTC should be in your SR account by now
Title: Re: What is phishing!? I think i was phished!
Post by: Addy on October 20, 2011, 12:02 am
I keep Tor websites and some other information in a constantly open .txt so I can just copy/paste whenever I surf the web.
Title: Re: What is phishing!? I think i was phished!
Post by: Dopeboy on October 20, 2011, 12:12 am
fisher do you scam drugs from vendors as well? Your matter of fact way of speaking sounds familiar...
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 20, 2011, 12:53 am
no dopeboy, I don't buy my drugs online. I think it is a potion for disaster stealing from people who might be the same people who are sending you drugs. what if they were to figure it all out, and "spike your punch"
Title: Re: What is phishing!? I think i was phished!
Post by: Grimlock on October 21, 2011, 05:17 pm
You know what, I appreciate your advice fisher. The thing is, I'd rather be scammed on a small time scale, than a large scale one, obviously. And stupidity is a disease, and those with this disease should suffer. If someone takes the time to think, and analyze their actions, and has a bit of common sense, you wouldn't get scammed.

I am appalled at all the hate you all have for fisher, at least he is being honest and divulging information to prevent this from happening, and if you learn from people's mistakes, you're golden.

As for having a phishing site of SR, that I can't agree with. I know people have desires for money and such, but SR fostered people to revolutionize their thinking, and their actions. We are all rebels; hackers, members of SR, those who use drugs, those who question the foundation of our laws and the people who rule over us, and those who fight against the norm.

I just cannot condone that rebels turn on each other, steal from one another, and deceive one another. But my desires are only plausible in a perfect world.

Fisher, keep doing what you're doing, you are a beneficial member of the underground, but I cannot support you in your actions against SR. Even if it is not personal, or specifically against SR, we are all rebels, and it strikes a blow to my heart that rebels would turn on each other.
Title: Re: What is phishing!? I think i was phished!
Post by: ®eptile on October 21, 2011, 05:24 pm
I agree with his withdrawal password idea. I think that would cut down on the phishing sites. hidden wiki shows some 60-70 such sites have been made. if they can't get at the bitcoins, maybe they will stop making the sites!
Title: Re: What is phishing!? I think i was phished!
Post by: mseller on October 21, 2011, 06:10 pm
I agree with his withdrawal password idea. I think that would cut down on the phishing sites. hidden wiki shows some 60-70 such sites have been made. if they can't get at the bitcoins, maybe they will stop making the sites!
I have sent a pm to SR admin few week ago for a feature require PIN (4 digit) number for withdraw or send funds to another member. Each member can set/change that PIN number on his setting page.
Title: Re: What is phishing!? I think i was phished!
Post by: maranelloTHCC on October 23, 2011, 09:45 am
Can you still help me fisher ??
Title: Re: What is phishing!? I think i was phished!
Post by: rosshalde on October 24, 2011, 02:01 pm
Well this thread sure is something unexpected... I must've fucked up too as 77.4 bitcoins took a walk from my account. I think I might distantly remember using a wrong site once a long time ago before I even thought of buying anything. I do remember clearly thinking before depositing anything on my account that I should make a new account before I order but thought I'd just make one quick order with a reliable seller. I guess I can't blame anything but my own lazyness, the product turned out to be bust and the seller canceled the order without me being aware and then a few days later the bitcoins that were given back to my account were mysteriously withdrawn, all the while I was ignorantly waiting for the product to arrive. And a day later it did arrive and the site outages started at the same time so I gathered with my friends to consume lots of pieces of paper while rolling our thumbs around and unable to get to SR to find out what the hell was going on. For a few days I thought the reason I wasn't able to access my account was because of the site outage but then I got the account back from mods. I was hoping I'd at least get the coins back but the only thing that was awaiting me was 0.01btc. It sure was a shitty week, hopefully this one will be better.

Moral of the story: don't be lazy and do go through that extra little bit of security just to be safe.
Title: Re: What is phishing!? I think i was phished!
Post by: golgo13 on October 28, 2011, 04:34 pm
I always use the ianxz6zefk72ulzz.onion address to login, and yet I somehow got phished. The weird thing is the phisher managed to get the seller to cancel an order and two minutes later wiped me out and changed my password. Now I'm locked out with no idea if the one order that is still in progress will go through.

SR, add a pin to Bitcoin withdrawls, add SOMETHING. As much as the owner brags about being on top of security and making the site safe, this problem is widespread enough that security measures need to be taken to prevent it.
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on October 28, 2011, 06:05 pm
does anyone else think that Silk is making his own phishing sites, and running scams himself? It seems funny to me that even when other phishers/ known scammers post ideas to stop this activity from going on, they are ignored. I am a scammer and a phisher! I think that there should be separate withdraw passwords or PINs and I think early finalize should be disabled (by requiring a waiting period). This would slow down people like me from stealing from people like you. I don't know why Silk hasn't implemented either of these things to protect you, so that leads me to conclude that Silk is participating in the phishing and scamming that is going on around here. If anyone has another reason that he hasn't implemented anything to stop people like me, I'd love to hear it.
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on November 15, 2011, 03:50 am
funny thing happened today, maybe it is karma, maybe i was just right about Silk road being a scammer, you decide.  I have a phishing site. I steal logins for Silk road. I think Silk road is a scammer himself. I logged on to one of many buyer accounts I have today, and saw that I had a bitcoin I had forgotten about. I transfered through a few other accounts I hold, while creating feedback for my next seller account (be warned), and after a few transfers, I logged out, but forgot which account I had left the bitcoin in. after trying a couple of my accounts this evening, I found the account that had it, but it had been.....withdrawn.... but not all at once, it took three seperate withdrawals over about 10 minutes. now that is weird, because I am 500% sure that I know the real address for Silk road, and I have only ever logged into one phishing site (mine).

anyway, while I was typing this, I figured it all out. Turns out auto-withdrawal works, but it even withdraws bitcoins that are direct transfered to your username. that is fucked up! at least I figured out what happened, and someone who I phished out of a seller account ended up getting 1 BTC of their money back because I didn't disable auto-withdraw. small price to pay really, but I had fun typing this whole thing up.

BTW Silk, if your reading this, You should replace the register link on the main site with a link to the new wiki, and give instructions on registering (with the real register link) in the wiki.

also, I would be interested in giving my perspective on the wiki if you would be open to it. I don't have a lot of time to commit to it, but I could write a couple of articles that might help people avoid a bit of pain.
Title: Re: What is phishing!? I think i was phished!
Post by: happytree on November 16, 2011, 06:55 pm
You know, Fisher, you sound like a really lonely guy. Coming here to flaunt your phishing and stealing scams. You must have nothing better to do with your life than brag to the very people you steal from  how you do it, and some wacked sense of justification.

At the end of the day, YOU'RE a THIEF. And thiefs and liars will get what's coming to them. Then, as if your pompous attitude couldn't be any uglier, you suggest that Silk Road is a scammer? The guy who trusts people on their word when they've had people like YOURSELF rip them off in hacking scams?

You're truly pathetic. No one wants to hear your opinion, no one wants to hear how you rip them off. It doesn't make you sound smart, it makes you look like what you are, a thief, a liar and an asshole.
Title: Re: What is phishing!? I think i was phished!
Post by: fisher on November 16, 2011, 08:43 pm
first off, people will be better able to avoid being scammed/phished by knowing how people do it.
second, I may be a thief and an asshole, but I haven't lied about anything

last, Silk road COULD be part of the scammer/phisher problem

lets list the things that Silk Road has done to protect buyers from scams and phishers

1. create escrow (but not required).........

am I missing a few?

I as a scammer have suggested requiring escrow
I as a phisher have suggested secondary password for withdrawal
when I find more ways to stop people from being scammed/phished, I will openly suggest them, because I genuinely want this site to succeed, but stopping people from doing what I do is the only way for it to work.

does anyone have an estimate of how much cold hard cash has been stolen by scammers/phishers in the past couple of months?
my esitmate is north of $50k (based on the reports in the forums, feedback about being scammed, and prices listed of the items they were scammed by.
so $50k x Silk road fee of 6.25% is $3125 that Silk has made from scams that have been reported or feedback to back it up.
now I have run scams that the feedback does not reflect, so lets add 25% to make up for that, and Silk Road has made about $4k for doing nothing.

you guys should be DEMANDING that escrow be enforced and withdraw passwords be added. That is why I am here, and that is why I am not going anywhere any time soon.

and lastly, if no one cares about what I have to say, why are you reading my posts?
Title: Re: What is phishing!? I think i was phished!
Post by: feverrey on November 18, 2011, 12:37 am
Well I started reading the post because I wanted to help a new person who may have been phished. When I first started here I lost my first large moneypak-btc order to a phisher who had compromised my security through probably hidden wiki or the like. I'm still reading cause I'm baked and interested. I'm also curious if the OP ever received BTC from you. I am casually considering that the OP could be you, but I don't know you well enough to know if that is worth your time or effort. I don't condone your actions but it's still an interesting read and being phished for $200usd did teach me to be way more careful.