Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


⚠️ Attention: Fake Emails from "LowEndTalk.cc" ⚠️
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

⚠️ Attention: Fake Emails from "LowEndTalk.cc" ⚠️

jbilohjbiloh Administrator, Veteran
edited April 2022 in General

We have received a report from a helpful LowEndTalk user who received an email claiming to be from LowEndTalk, sent from "lowendtalk.cc" asking the user to verify their credentials. It is possible that more than one user was sent this phishing email.

Such emails are not legitimate. They were not sent from LowEndTalk.

Example of the phishing email:

Please do not act on the email. This is a phishing attempt to harm the security of your account.

Is My LowEndTalk account secure?
Yes. At this time we do not believe there has been any security event at LowEndTalk that would have resulted in email addresses being exposed, though we are tracking this issue closely and carefully.

I entered my details at the phishing site, now what?
If you received a phishing email and filled out the form by providing your username and password there is no reason to panic. Simply request a password reset from LowEndTalk and provide a new, secure, password. If you utilized the same password for other websites we recommend changing those. You may contact our support department here: https://support.lowendtalk.com

I received a phishing email. How can I send it to LowEndTalk?
Please contact our support department here: https://support.lowendtalk.com

Thanked by 2JasonM msallak1
«13

Comments

  • shit weasel

  • edited April 2022

    How do you think they got the username? Maybe the user's email is hacked?

  • bulbasaurbulbasaur Member
    edited April 2022

    If @jbiloh or anyone else has the complete raw source of the email, please forward via PM.

    @jbiloh said: At this time we do not believe there has been any security event at LowEndTalk that would have resulted in email addresses being exposed, though we are tracking this issue closely and carefully.

    There is a "vuln" in Vanilla though, that it uses a deterministic process to obtain the avatar from the email address and I believe tinyweasel is exploiting that. See also: https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/

  • Where does the URL lead to? It may contain clues.

  • jbilohjbiloh Administrator, Veteran

    @dahartigan said:
    Where does the URL lead to? It may contain clues.

    I will PM it to you.

  • @jbiloh said:

    @dahartigan said:
    Where does the URL lead to? It may contain clues.

    I will PM it to you.

    Thanks, received.

  • jbilohjbiloh Administrator, Veteran

    @stevewatson301 said:
    If @jbiloh or anyone else has the complete raw source of the email, please forward via PM.

    @jbiloh said: At this time we do not believe there has been any security event at LowEndTalk that would have resulted in email addresses being exposed, though we are tracking this issue closely and carefully.

    @Offshore_Solutions said: How do you think they get Raymov's username?

    There is a "vuln" in Vanilla though, that it uses a deterministic process to obtain the avatar from the email address and I believe tinyweasel is exploiting that. See also: https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/

    Will investigate.

    Meanwhile I've sent you the raw source via PM.

  • I just uploaded the contents to termbin if anyone else would like to see it without clicking the dodgy link: https://termbin.com/sfgq

    Thanked by 1JasonM
  • yoursunnyyoursunny Member, IPv6 Advocate

    @dahartigan said:
    I just uploaded the contents to termbin if anyone else would like to see it without clicking the dodgy link: https://termbin.com/sfgq

    The page references multiple CSS and JavaScript resources from lowendtalk.com domain.
    One of these resources can be modified to cause a warning displayed if someone clicks the phishing email.

  • @yoursunny said:

    @dahartigan said:
    I just uploaded the contents to termbin if anyone else would like to see it without clicking the dodgy link: https://termbin.com/sfgq

    The page references multiple CSS and JavaScript resources from lowendtalk.com domain.
    One of these resources can be modified to cause a warning displayed if someone clicks the phishing email.

    You will win a nobel prize one day

  • dosaidosai Member

    Can you post email headers?

    Thanked by 2bruh21 dahartigan
  • DPDP Administrator, The Domain Guy

  • jbilohjbiloh Administrator, Veteran

    I've updated the original post to include some additional details and to make sure it grabs everyone's attention.

    Thanks for the suggestions, @DP! :)

    Thanked by 1dahartigan
  • kevindskevinds Member, LIR

    I received a phishing email. How can I send it to LowEndTalk?
    Please contact our support department here: https://support.lowendtalk.com

    Do you want more copies of this one? I received two, two hours ago.

  • jbilohjbiloh Administrator, Veteran

    @kevinds said:
    I received a phishing email. How can I send it to LowEndTalk?
    Please contact our support department here: https://support.lowendtalk.com

    Do you want more copies of this one? I received two, two hours ago.

    Sure, please send it over to us for inspection. Thanks for your help!

  • yoursunnyyoursunny Member, IPv6 Advocate

    @dahartigan said:

    @yoursunny said:

    @dahartigan said:
    I just uploaded the contents to termbin if anyone else would like to see it without clicking the dodgy link: https://termbin.com/sfgq

    The page references multiple CSS and JavaScript resources from lowendtalk.com domain.
    One of these resources can be modified to cause a warning displayed if someone clicks the phishing email.

    You will win a nobel prize one day

    That ain't happening.

    计算机专业是大坑。
    我读了计算机相关专业(信息安全),现在到了研究所。
    研究所的墙上、光荣榜里挂着诺贝尔奖获得者的名字,爸爸来参观时就问我什么时候可以得诺贝尔奖。
    我去查了,诺贝尔奖根本没有计算机的!
    所以,我当时应该去读化学,才有机会获得诺贝尔奖。

    Computer Science has no future.
    I majored in Information Security, a subject closely related to computer science.
    When my father visited me in a research lab where I am working at, he pointed to the Nobel Prize winners in the awards gallery and asked when I would win a Nobel Prize.
    I checked the qualifications and realized that there isn't a Nobel Prize category for computer science.
    Hence, I should have chosen chemistry major in order to have an opportunity of winning the Nobel Prize.

  • FalzoFalzo Member

    Implement proper CSP headers for css and js.

    Thanked by 1Erisa
  • @yoursunny said:

    @dahartigan said:

    @yoursunny said:

    @dahartigan said:
    I just uploaded the contents to termbin if anyone else would like to see it without clicking the dodgy link: https://termbin.com/sfgq

    The page references multiple CSS and JavaScript resources from lowendtalk.com domain.
    One of these resources can be modified to cause a warning displayed if someone clicks the phishing email.

    You will win a nobel prize one day

    That ain't happening.

    计算机专业是大坑。
    我读了计算机相关专业(信息安全),现在到了研究所。
    研究所的墙上、光荣榜里挂着诺贝尔奖获得者的名字,爸爸来参观时就问我什么时候可以得诺贝尔奖。
    我去查了,诺贝尔奖根本没有计算机的!
    所以,我当时应该去读化学,才有机会获得诺贝尔奖。

    Computer Science has no future.
    I majored in Information Security, a subject closely related to computer science.
    When my father visited me in a research lab where I am working at, he pointed to the Nobel Prize winners in the awards gallery and asked when I would win a Nobel Prize.
    I checked the qualifications and realized that there isn't a Nobel Prize category for computer science.
    Hence, I should have chosen chemistry major in order to have an opportunity of winning the Nobel Prize.

    you might win Guinness world records for most pushups videos made + served

  • dahartigandahartigan Member
    edited April 2022

    Getting the same thing from a lowendspirit.us domain now.

    https://pastebin.com/zyLvRs5R

    One of the interesting things from the headers is this: (may be unrelated after a quick google)

    Received: from weasel.birch.relay.mailchannels.net (weasel.birch.relay.mailchannels.net. [23.83.209.247])

    It appears to be sent from RackNerd's shared hosting @dustinc FYI

  • dustincdustinc Member, Patron Provider, Top Host

    @dahartigan said:
    Getting the same thing from a lowendspirit.us domain now.

    https://pastebin.com/zyLvRs5R

    One of the interesting things from the headers is this: (may be unrelated after a quick google)

    Received: from weasel.birch.relay.mailchannels.net (weasel.birch.relay.mailchannels.net. [23.83.209.247])

    It appears to be sent from RackNerd's shared hosting @dustinc FYI

    We'll be investigating this with the information we have available, and most likely, no further public updates will be provided.

    Thanked by 1dahartigan
  • bulbasaurbulbasaur Member
    edited April 2022

    @dahartigan said: Getting the same thing from a lowendspirit.us domain now.

    @MikeA would you be so kind to add SPF, DKIM and DMARC records on your domain? It's being used to send phishing email, which isn't so nice.

  • WolfWolf Member

    Wait.

    Fake Phishing Emails?

    So... they are indeed legit and not real phishing eMails?

  • @stevewatson301 said: @MikeA would you be so kind to add SPF, DKIM and DMARC records on your domain? It's being used to send phishing email, which isn't so nice.

    My bad, this is lowendspirit.us, not lowendtalk.us. Apologies.

  • @Wolf said:
    Wait.

    Fake Phishing Emails?

    So... they are indeed legit and not real phishing eMails?

    Thought exactly the same:
    fake phishing == legit? :lol:

  • Looks like one account compromised already (check post history, it's an aged account)

    Thanked by 1AlwaysSkint
  • @dahartigan said:
    Looks like one account compromised already (check post history, it's an aged account)

    It's the second one compromised. The other one was @aj6828.

    Also, hi weasel. It's good to know you're having success.

  • Well, that was a fast ban.

  • devpdevp Member
    edited April 2022

    @yoursunny said:

    @dahartigan said:

    @yoursunny said:

    @dahartigan said:
    I just uploaded the contents to termbin if anyone else would like to see it without clicking the dodgy link: https://termbin.com/sfgq

    The page references multiple CSS and JavaScript resources from lowendtalk.com domain.
    One of these resources can be modified to cause a warning displayed if someone clicks the phishing email.

    You will win a nobel prize one day

    That ain't happening.

    计算机专业是大坑。
    我读了计算机相关专业(信息安全),现在到了研究所。
    研究所的墙上、光荣榜里挂着诺贝尔奖获得者的名字,爸爸来参观时就问我什么时候可以得诺贝尔奖。
    我去查了,诺贝尔奖根本没有计算机的!
    所以,我当时应该去读化学,才有机会获得诺贝尔奖。

    Computer Science has no future.
    I majored in Information Security, a subject closely related to computer science.
    When my father visited me in a research lab where I am working at, he pointed to the Nobel Prize winners in the awards gallery and asked when I would win a Nobel Prize.
    I checked the qualifications and realized that there isn't a Nobel Prize category for computer science.
    Hence, I should have chosen chemistry major in order to have an opportunity of winning the Nobel Prize.

    Here is a list of references focusing on explanations:

    References:

Sign In or Register to comment.