Protonmail warning message

aenima1336 said:
@Mushy

I've never had contact with olart in any way, though I got the scam mails. After this, I've made myself a new account and only informed one vend from here and got the same mails again. 

So I guess this has to be someone of "us" who has access to the vendor threads and email-addresses, no? But wow and especially 'why' the person is doing this is another question. 

But I think it actually is deeper than we think.
Click to expand...
You mean different emails you got the standard phjishing emails to get your login so did i. But people have been getting fake btc wallet addresses in email chains from suppliers

 
I can't edit my suggestion post above, but obviously always update your computer/phone and browser and do not run a operating system that doesn't have current updates/security patches available for it.  That ESPECIALLY goes for all you PC users both because they are infinitely more vulnerable and also seeing as Windows 7 just got obsoleted....

Apparently this method of attack by compromising a machine and then inserting replies in pre-existing email threads is quite common:

https://www.cyberscoop.com/hacking-hijack-palo-alto-networks-spearphishing/

https://www.zdnet.com/article/this-sneaky-phishing-attack-hijacks-your-chats-to-spread-malware/

https://healthitsecurity.com/news/emotet-trojan-resurfaces-hijacking-email-content-from-victims

 
Last edited by a moderator:
Mushy said:
The domain olatpharrna does not exist. So its clearly a spoofed email. Have you got the headers for that email?

What does the reply to header say?
Click to expand...
I have the full headers to all the phishing emails I received, can post to pastebin or where ever you like. If you can DM me that's fine too.
TL;DR is that the return path for all are protonmail addresses.

 
Last edited:
Looks like Protonmail finally got around to sending out a "Your email was part of a phishing attack" email!!  Link to their blog posting about preventing phishing attacks: Prevention.

 
With any end-to-end encrypted email service you have to accept that security can't be as robust as commercial email services. For example, Gmail logs the shit out of everything you do, including every IP address you use plus every device and browser. This way they can warn you if your account is accessed from a new device or a suspicious IP address. ProtonMail and other end-to-end encrypted email services don't do this, and rightfully so. Anonymity is a bigger priority, so they log as little about you as possible making phishing attacks much more difficult to detect. As long as you have the correct username and password, nothing else matters. They can't check and warn you if your account is logged in from a new device or a suspicious IP because they don't log that stuff in the first place, it's a compromise you just have to accept for wanting to remain anonymous. However, 2FA is something that, IMO, ProtonMail should enable by default on all accounts. It would have prevented all the recent phishing attacks and in-keeping with anonymity, ProtonMail don't require a mobile phone number, they use third party 2FA apps like Authy or Google Authenticator to generate 2FA codes. It's essential that anyone using end-to-end encrypted email also use 2FA, ProtonMail or otherwise. 

 
delawaredrew said:
I have the full headers to all the phishing emails I received, can post to pastebin or where ever you like. If you can DM me that's fine too.
TL;DR is that the return path for all are protonmail addresses.
Click to expand...
It depends i dont need the headers for the phishing emails its more the enail in the screeshot above where the scammer seems to jump into the middle of an email chain with his own spoofed email that interested me

 
sweetmelissa589 said:
@tellme   Is this really true?  I never heard of the p0lic3 being able to spy on prot0n and tut@nota?
Click to expand...
There's no legal requirement for companies operating under a MLAT to comply with a government agency to create a backdoor in an end-to-end encrypted service. Rumours of open source platforms (which both ProtonMail and Tutanota are) installing secret backdoor's are just that, rumours.

 
milex said:
There's no legal requirement for companies operating under a MLAT to comply with a government agency to create a backdoor in an end-to-end encrypted service. Rumours of open source platforms (which both ProtonMail and Tutanota are) installing secret backdoor's are just that, rumours.
Click to expand...
No. A German court forced Tutanota to providing a back door for authorities, as explained in this (unfurtunately German) news artice: https://www.sueddeutsche.de/digital/tutanota-verschluesselung-e-mail-ueberwachung-polizei-1.4676988

You a right that Switzerland handles this differently. No backdoors but ProtonMail is forced to provide police with mail box content of users if demanded  by a court. Also, ProtonMail are obliged to provide police real-time access to mailboxes if a court demands it.

MLAT means that a foreign country can ask for that and that a Swiss court will approve that. See ProtonMails trsparency report, it proves that Switzerland has become a cooperative country: https://protonmail.com/blog/transparency-report/

Legisltion in Iceland still values privacy and is be the best place for anonymous mail and web hosting, To give an example: Iceland did not sign any MLAT treatiy, and while e.g. Tutanota must keep deleted emails stored for six months, in Iceland, if an email was deleted, it is immediately gone.

The times, they are changing...

 
Last edited:
Wow, just wow. So bout 2 weeks ago after a sketch back n forth with eu i preempteviley deleted permanently my prtnmail and simultanously my device gave up the ghost so was not on here ... fast fwd to now having magazine show up and vendor apparently gone ... gonna have to consider myself somewhat burned even though it came through and a bit uneasy about diving into the reading materials without independent testing... luckily i think i am all set for a while and can wait for testing 

Tl;dr went away and came back to this shitstorm ... damn

 
Last edited by a moderator:
HEY GUYS - -Either my HPPD has finally driven me psychotic, or I just had a couple of emails from the scammer pretending to be a vendor I had contacted!
 

I posted in the respective vendor’s thread, but he’s in the private section so I will post here too. In the morning, I will give the details on what made me think it’s the scammer, but the main part is the language style didn’t match. 

 
Scammer is at it again

Received email 'lockandload"

Pretending to be a reputable vendor here

Beware!

 
bud said:
Scammer is at it again

Received email 'lockandload"

Pretending to be a reputable vendor here

Beware!
Click to expand...
likewise, just came here to post this exact same thing. also received a second one from "support team" wanting to verify a phone number that obviously isn't mine. stay safe out there.

 
Mushy said:
I got another scam email too from olart but with a fake email and a confirm my number email
Click to expand...
I have a feeling this is gonna go on for awhile so everyone make sure you dot your i's and cross your t's when dealing with any vendor .Myself I deleted my proton email and started fresh with a new one .I am using this one as a test email to see if I get any open scams from vendors here .I am going to start to contact everyone to try and find out who is compromised. I started a new proton because my old one did get compromised.

Stay safe everyone

 
You must log in or register to reply here.
Drugbuyersguide Shoutbox
  1. xenxra @ xenxra: Mesh on my face 'cause I'm faceless
  2. P @ psychedpsych: Have good day people, and I hate texting messages lol
  3. B @ bigblueallda: @drjimmy1964 lol I am actually surprised it is a real ID. I needed those documents because my license had been expired for over a year and I had to start all over. Nothing was in the system. It was a huge mess. I had no clue I was signing up for Real ID. They asked me for the exact same documents that I needed for a State ID Card.
  4. S @ soupson: bless your heart buddy. no sense of grammar or proper insults/jokes. you need this place in ways i can’t comprehend
  5. drjimmy1964 @ drjimmy1964: Sweet Ol' Me asked about Real ID, Stoup. Are you responsive to emails ? LMAO
  6. drjimmy1964 @ drjimmy1964: I smell some Stoup. Is Stoup's on ?
  7. drjimmy1964 @ drjimmy1964: @bigblueallda You win. I am lost. Thought you were surprised your license was a Real ID, now you say you provided those items.
  8. drjimmy1964 @ drjimmy1964: @bigblueallda I was under the impression that you'd need all of the points to get a real ID . I'd check it's validity if you're gonna fly domestic any time soon, just to make sure. Not to tell you what to do, sorry -
  9. B @ bigblueallda: @drjimmy1964 In my state to get a Real ID, I need SS card, Birth Certificate and two proofs of residency. Which I am positive I had to provide to get a new ID when it had been expired.
  10. drjimmy1964 @ drjimmy1964: @Turbo259 advertising - putting in writing for example an negative action to show they are guilty prior to taking action.
  11. B @ bigblueallda: I haven't flown in an airplane in 20 years lol. Can't recall the last government building I have been in either. According to the symbol it tells me I should have on my ID to make it a Real ID I do have one in my state
  12. Gracie5 @ Gracie5: Hey @CuCeltic99!
  13. drjimmy1964 @ drjimmy1964: @Turbo259 advertising - putting in writing for example an negative action to show they are guilty prior to taking action.
  14. drjimmy1964 @ drjimmy1964: @bigblueallda are you sure you have a Real ID ? I mean , they really want 6 points of proof and 1 for your addy and 1 for your SSN. Did you maybe get it done and forgot and flew out of the country or something ?
  15. drjimmy1964 @ drjimmy1964: @bigblueallda are you sure you have a Real ID ? I mean , they really want 6 points of proof and 1 for your addy and 1 for your SSN. Did you maybe get it done and forgot and flew out of the country or something ?
  16. S @ soupson: did anyone ask about real id or is sweet ol jimmy just rambling
  17. T @ Turbo259: @drjimmy1964 what did you mean by advertise? not gettin the verbiage, DM works if anything, just didnt understand
  18. B @ bigblueallda: {Visit your local Driver Service Bureau with the necessary documents: original birth certificate, Social Security card, and two proofs of your state's residency. } I definitely provided this when I had to get a new ID when i let mine go expired too long maybe I unknowingly got one but I think it is pretty standard here.
  19. B @ bigblueallda: Well it was a state id renewal. Before that there was a mixup and I had lost my birth certficate and social security number. After a couple of weeks and finally getting several documents in order I was able to get a state ID. It had been expired previously for a little too long and they wanted all kinds of proof. It was a mess. But nah I looked up what to look for an my state's ID to see if it is a Real Id or not and my card as the symbol it is supposed to have. I'll take a closer look though
  20. drjimmy1964 @ drjimmy1964: @bigblueallda are you sure you have a Real ID ? I mean , they really want 6 points of proof and 1 for your addy and 1 for your SSN. Did you maybe get it done and forgot and flew out of the country or something ?
Back
Top