I Almost Got Scammed by the Alleged Coindesk

13

Yes, another Bitcoin scam story, but this one has a twist and a lesson to be learned.

A little over 2 weeks agoI received the following email:

coindesk phishing email

At first glance this seems to be a normal email blast sent out by Coindesk looking for advertisers. As you can see from the recipient line it was sent to the admin address of 99Bitcoins ([email protected]). The thing is, we don’t have an admin address, it was just captured in our inbox since all email directed to 99bitcoins.com are captured.

What was suspicious about the email

  • The sender’s name – Shakil Khan. I knew who he was, he was the founder of Coindesk, this is his LinkedIn profile. Why would the founder of a 15 people company be sending out cold marketing emails ? Don’t they have at least a VP marketing or someone else not so high up ?
  • The email was sent from [email protected] – I assume that Coindesk wouldn’t be sending out emails from their own domain name and not using a general Gmail address.

What was convincing about the email

  • The advertising spots available were actually pretty convincing. First, the email stated specific daily impressions count. Second, the date at which the banner will be available matched what was advertised at Coindesk. If you were to visit Coindesk at the time the email was sent you would see there was an ad there for Coinsummit that was set to expire on the 6th of July.
  • The Facebook URL was also pretty convincing – why would someone be stating a Facebook page that wasn’t their own ? I mean if this was a scam this may lower their success rate.

I decided to place an order

Since we’re thinking of incorporating ads in 99Bitcoins I decided to at least inquire about the prices Coindesk charges so I will have a reference. At this point I still didn’t realize this is a scam. After a very short waiting period I got a reply that it costs 2BTC to advertise on the large banner and 1.5BTC to advertise on the smaller one.

This seemed pretty low for advertising on one of the most highly visited website about Bitcoin and I thought to myself maybe I should go for it but it was still too expensive. When I turned down the offer politely “Shakil Khan” told me since they do not have a lot of advertisers he can give me the spot for 1.5BTC.

After some more negotiations I was convinced that this is a good deal and was about to send my Bitcoins, until I got the final response from the scammer:

last response coindesk

The grammar mistakes finally aroused my suspicion and I decided to investigate further.

Contacting the REAL Coindesk

I sent out 2 emails to Coindesk’s chief editor and marketing manager – I knew these were their actual addresses since I spoke with them before. I told them about the story and got the following response:

Real Coindesk response
Apparently Coindesk has known about this issue for some time now and have actually created a page for this on their website. It seems that this specific email isn’t the only way these scammers try to cheat people out of their money. Some emails even have an actual Coindesk domain “from” address but if you look at the “reply to” address you see it’s the same Gmail address.

coindesk phishing email no.2

How scammers used CAPS to manipulate users

The final thing I found out  is that the Facebook page was also a scam. Instead of pointing to Coindesk’s actual FB page, the phishing email points to COLNDESK – but if you don’t write the letter “L” in caps it looks like a capital “I”. It seems that this fake Facebook page has more than 14,000 likes (probably most of them fake) which come from Croatia. The oldest post on this page is from June 2014 which proves that this is a new phishing trick that was just put into play.

What can you learn from this ?

Luck was the only thing that prevented me from losing 1.5BTC in this case. But I think I’ve learned a much more valuable lesson – and that’s how easy it just became for scammers to take your money. You see, until Bitcoin was introduced scammers had to overcome complicated barriers when they wanted someone to send them money. They needed to persuade people to wire them the money or send a check which is an action that requires more effort than clicking a button and therefor probably had a much lower success rate.

But with Bitcoin cash just became digital, and scam success rates are bound to rise because of it. Now all they have to do is convince me to click a button. Also, unlike wire transfer or checks I don’t know who they are, not even their aliases.

I think what I personally take from this story is to make sure I can positively verify the person that I’m sending money to before actually sending it. This can be done through the use of PGP signatures, which are digital signatures embedded in the email message. If someone who is not the actual sender tries to verify his identity he will fail. Remember, with Bitcoin – what’s done is done, and absurdly enough I almost didn’t follow my #1 rule for sending out Bitcoins.

Update – Scammers are using BitcoinTalk as well

As I was getting ready to publish this post I got another email, this time from the alleged “BitcoinTalk” forum. As you can see below, the same techniques are used here – a Gmail address, stating exact banner sizes etc.

BitcoinTalk phishing emailAnd of course after I replied I got a really detailed email about the ad slots. I’ve posted this on BitcoinTalk and confirmed my suspicion this is actually a scam. This should be a warning to us all to look twice before sending Bitcoins to strangers…good luck.

Bitcointalk scam email

 

Find the best exchange to buy Bitcoins


Ofir Beigel

Owner at 99 Coins ltd.
Blogger and owner of 99Bitcoins. I've been dealing with Bitcoin since the beginning of 2013 and it taught me a lesson in finance that I couldn't get anywhere else on the planet. I'm not a techie, I don't understand "Hashes" and "Protocols", I designed this website with people like myself in mind. My expertise is online marketing and I've dedicated a large portion of 99Bitcoins to Bitcoin marketing.

13 Comments

  1. Jar_of_Farts on

    That original email smells exactly like a phishing attempt, or at least it looks totally bogus. There are so many spelling/grammatical/layout errors (at least 10 that I can see) that I don’t know how a web-savvy person could possibly be taken in. Even without the reams of errors in it, it was sent from a Gmail account. A GMAIL account! Isn’t that enough to immediately hit delete? I’m baffled by this article.

    • Well I guess the fact that I’m not a native English speaker caused me not to notice the grammatical error etc. Regarding the Gmail account – you’re absolutely right, just like I stated in the post – that’s one of the things that made me more suspicious.
      Nevertheless I guess the offer appealed to me so much I was almost blinded by these facts.

  2. I was thinking the same thing. I’ve been reading a lot about how it’s not safe storing bitcoin on a wired computer. It’s safer to keep them on an external hard drive. It’s sort of like keeping your money under the mattress.

  3. Melissa5555 on

    Scamming in the digital age is pretty scary. Throw Bitcoin into the mix, and it’s a brave new world. Isn’t there some kind of fail safe or precautions they can take? I mean get that it’s digital and one click, but couldn’t they give each bitcoin a traceable signature or something like that, or do I have no idea what I’m talking about?

  4. Woah, dodged a bullet, Ofir! So did you confront those guys after you learned it was a scam? If so, did they respond?

  5. That’s crazy Ofir, lucky that scammer played hooky in grammar school, or you’d be out some bitcoin!

Leave A Reply