Knowledgebase:
Beware of phishing email messages
Posted by MT Support 3, Last modified by Jango A on 04 May 2017 06:06 PM

Dear Users!

Before reading this article, make sure you have enabled 2-factor authorization and added a trusted IP address into the IP address white list (only if you have a static IP). These two options are the most effective protection for your account.

Hackers are using increasingly sophisticated methods of social approach in the hope of stealing user data. As a rule, it all boils down to the use of phishing attacks on users. The main goal of such attacks is the theft of personal information by sending fake emails posing as official emails from BTC-E, BTC-e customer support or from other BTC-e users. These messages may contain virus-infected attachments or links to phishing sites where the user is prompted to enter their data.

BTC-e NEVER SENDS DOCUMENTS OR OTHER FILES attached to emails. No matter how urgent or trustworthy the headline appears to you, do not rush into clicking the links in the letter! Do not open or save the attached documents!

In this article we will show how to distinguish letters sent by the BTC-e from phishing emails (using Gmail email accessed via a web-browser as an example).

An actual email from BTC-E.
BTC-e uses the the address [email protected] to send out login notifications, withdrawal confirmations and other types of notifications and confirmations about the user actions. To check, whether the email is from BTC-E, follow these steps:
1. Open the email.
2. Read the text paying SPECIAL attention to the sender address 1 (Figure 1)
Example of letter 1
Figure 1.

3. Open "Details" by clicking the icon below indicator 2, figure 1.
4. Read the information carefully, paying particular attention to the parameters shown in Figure 2 under indicator 3

of FIG. 2.

5. If you want to go deeper, you can view the full title of the message. To do this, in the open email message, go to the Advanced options by clicking Icon 4 and moving to "Show original" under Indicator 5 of Figure 3.

Figure. 3.

In the window that appears, you'll see the header containing short but sufficient information about the full message header, Figure 4.

Figure. 4.

Pay particulat attention to p.1, which contains the return address, [email protected]. Paragraphs 2 and 3 must start with the word PASS .

The following block contains the full header of the message. If you are qualified, and you can further analyze it. But in this article we omit the analysis of this block.
----------------------------------------------------------------------------------------------------------------------------

An actual email from BTC-e Customer Support.

BTC-E provides support to its users through the Web application (https://support.btc-e1.com/), as well as through e-mail from [email protected].

1. Figure 5 shows an actual email from BTC-e support.


Figure. 5.


2. Additional information about the email appears as shown in Figure 6.


Figure. 6.
Pay particular attention to the sender's address in the From and reply-to fields. The specified fields must contain [email protected] or [email protected].

3. The short title of the email is shown in Figure 7. Paragraphs 2 and 3 must begin with the word PASS.

Figure. 7.


-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Phishing (Fake) Emails.
You may receive an email posing as a message from another BTC-e user. The message may inform you that:
1. you are eligible for a reward,
2. you received a BTC-e code,
3. your account is at risk, locked, hacked, and so on.
Such email may contain links or attachments.
DO NOT CLICK THE LINKS IN SUCH EMAILS!
DO NOT SAVE OR OPEN ATTACHED FILES.
Any of these actions may result in the complete loss of funds and control over your BTC-e account!

An actual phishing email is shown in Figure. 8.


Figure. 8.

Analysis of the phishing email:
1. This message is not from BTC-E, it is a phishing email.
2. The message addresses the user by name - this is an element of social engineering, to increase the user's trust in the letter.
3. The letter encourages the recipient to make an urgent decision - also a social engineering element.
4.5. The email contains a password-protected attached file (most likely is is a Word document infected with malicious script or containing phishing links). Password encryption prevents this file from being scanned by anti-virus software.
Based on the results of this analysis, this letter should be deleted without reading!

------------------------------------------------------------------------------------------------

What you should do if you are not sure if a particular emailo is from BTC-E.

1. If an email tells you that your account has been blocked, but you realize that nothing like this was supposed to happen, go to the BTC-e site using a trusted link (not from the letter you received), use Favorites or your favorite method - typing the address manually. Try to sign in to your BTC-e account. If everything goes well, simply delete the message you received to avoid accidentally clicking the link in it. If you receive a message that your account is locked out, submit a ticket via our support portal.
2. To avoid the security breach of your account simply delete the letter.

-------------------------------------------------------------------------------------------------------------------

Additional Information.

How to view mail properties in other mail services (full version on Yandex Rus Eng.)

Яндекс.Почта
when viewing the message, click the button
, and then Email Properties.
Mail.ru

Open the email and select in the Advanced Menu the option More and then Service Headers.

QIP.ru (pochta.ru)

Open the email, go to the Advanced menu and select More > Source text of the mesage.


Rambler

Open the email, and then click the button.


Ukr.Net

Open a email, go to the Advanced menu and then select Download Letter from the More menu.


Outlook.com

If you are using Outlook.com, Hotmail, or Live.com, open a message and select View Source text from the Actions menu.


Yahoo

Open the message and select the Full header option from the Actions menu.




Best Regards,
BTC-e Support Team!
(6 vote(s))
Helpful
Not helpful