All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
⚠️ Attention: Fake Emails from "LowEndTalk.cc" ⚠️
We have received a report from a helpful LowEndTalk user who received an email claiming to be from LowEndTalk, sent from "lowendtalk.cc" asking the user to verify their credentials. It is possible that more than one user was sent this phishing email.
Such emails are not legitimate. They were not sent from LowEndTalk.
Example of the phishing email:
Please do not act on the email. This is a phishing attempt to harm the security of your account.
Is My LowEndTalk account secure?
Yes. At this time we do not believe there has been any security event at LowEndTalk that would have resulted in email addresses being exposed, though we are tracking this issue closely and carefully.
I entered my details at the phishing site, now what?
If you received a phishing email and filled out the form by providing your username and password there is no reason to panic. Simply request a password reset from LowEndTalk and provide a new, secure, password. If you utilized the same password for other websites we recommend changing those. You may contact our support department here: https://support.lowendtalk.com
I received a phishing email. How can I send it to LowEndTalk?
Please contact our support department here: https://support.lowendtalk.com
Comments
shit weasel
How do you think they got the username? Maybe the user's email is hacked?
If @jbiloh or anyone else has the complete raw source of the email, please forward via PM.
There is a "vuln" in Vanilla though, that it uses a deterministic process to obtain the avatar from the email address and I believe tinyweasel is exploiting that. See also: https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/
Where does the URL lead to? It may contain clues.
I will PM it to you.
Thanks, received.
Will investigate.
Meanwhile I've sent you the raw source via PM.
I just uploaded the contents to termbin if anyone else would like to see it without clicking the dodgy link: https://termbin.com/sfgq
The page references multiple CSS and JavaScript resources from
lowendtalk.com
domain.One of these resources can be modified to cause a warning displayed if someone clicks the phishing email.
You will win a nobel prize one day
Can you post email headers?
I've updated the original post to include some additional details and to make sure it grabs everyone's attention.
Thanks for the suggestions, @DP!
I received a phishing email. How can I send it to LowEndTalk?
Please contact our support department here: https://support.lowendtalk.com
Do you want more copies of this one? I received two, two hours ago.
Sure, please send it over to us for inspection. Thanks for your help!
That ain't happening.
计算机专业是大坑。
我读了计算机相关专业(信息安全),现在到了研究所。
研究所的墙上、光荣榜里挂着诺贝尔奖获得者的名字,爸爸来参观时就问我什么时候可以得诺贝尔奖。
我去查了,诺贝尔奖根本没有计算机的!
所以,我当时应该去读化学,才有机会获得诺贝尔奖。
Computer Science has no future.
I majored in Information Security, a subject closely related to computer science.
When my father visited me in a research lab where I am working at, he pointed to the Nobel Prize winners in the awards gallery and asked when I would win a Nobel Prize.
I checked the qualifications and realized that there isn't a Nobel Prize category for computer science.
Hence, I should have chosen chemistry major in order to have an opportunity of winning the Nobel Prize.
Implement proper CSP headers for css and js.
you might win Guinness world records for most pushups videos made + served
Hosted on @spectraip
https://who.is/dns/lowendtalk.cc
Getting the same thing from a lowendspirit.us domain now.
https://pastebin.com/zyLvRs5R
One of the interesting things from the headers is this: (may be unrelated after a quick google)
Received: from weasel.birch.relay.mailchannels.net (weasel.birch.relay.mailchannels.net. [23.83.209.247])
It appears to be sent from RackNerd's shared hosting @dustinc FYI
We'll be investigating this with the information we have available, and most likely, no further public updates will be provided.
@MikeA would you be so kind to add SPF, DKIM and DMARC records on your domain? It's being used to send phishing email, which isn't so nice.
Wait.
Fake Phishing Emails?
So... they are indeed legit and not real phishing eMails?
My bad, this is lowendspirit.us, not lowendtalk.us. Apologies.
Thought exactly the same:
fake phishing == legit?
Looks like one account compromised already (check post history, it's an aged account)
@oldestofman @zhujiwiki
It's the second one compromised. The other one was @aj6828.
Also, hi weasel. It's good to know you're having success.
Well, that was a fast ban.
Here is a list of references focusing on explanations:
References: