Protonmail warning message

I agree with @pixiechic that you can continue to use protonmail, but don't be surprised if they ask you to make a tutanota account.  Emails between tutanota accounts are end-to-end encrypted just like emails between Protonmail accounts. 

Also heads up a new "VERIFY YOUR PHONE NUMBER" phishing email just popped up in Protonmail.  PLEASE IGNORE THIS!!

 
Last edited by a moderator:
@DoomKitty  I didn't know that pr0ton emails sent to non pr0tonmail addresses weren't automatically encrypted. Thank you so much for posting about that!! Very important and I feel so dumb that I didn't know! 
Here's a link for instructions to encrypt an email that is going to someone at a different email server than pr0ton.
Thanks again, DoomKitty!! ❤️
https://protonmail.com/support/knowledge-base/encrypt-for-outside-users/

 
Last edited by a moderator:
@DoomKitty Will the free account work okay or would I be better off paying the monthly fee?  I would only be emailing 1 or 2 people at most, if this helps at all?  Thank you!

 
@pixiechic Thanks so much for posting that link! Yes i should have said “automatically encrypted” between users as you can encrypt to outside users if you use a password!! And no need to feel dumb this shit gets convoluted and confusing quick!!!

@sweetmelissa589 a free account is fine!! both protonmail and tutanota offer free emails  

 
Last edited by a moderator:
DoomKitty said:
I agree with @pixiechic that you can continue to use protonmail, but don't be surprised if they ask you to make a tutanota account.  Emails between tutanota accounts are end-to-end encrypted just like emails between Protonmail accounts. 

Also heads up a new "VERIFY YOUR PHONE NUMBER" phishing email just popped up in Protonmail.  PLEASE IGNORE THIS!!
Click to expand...
I haven't seen this one yet.I know when you create a account straight from the proton.com website it does ask to verify your a human by email or phone .Your not talking about that are you ? Or is it a mass email being sent out right now to current accounts?

 
I made the switch.. no more proton for me!  Thanks for the advice @DoomKitty .. I ran of likes and thank you's or I'd give more.  Tomorrow I will!  Appreciate all the advice everyone!

 
@DoomKitty I got the same one. Unfortunately people do fall for this crap, which is why we're in this mess that shows no sign of letting up. 

Be careful out there brothers and sisters. Check every detail of your comms with vendors. If you have any doubts, don't be afraid to ask the vendor for additional verification. You can't be too careful at the moment. And obviously, don't click on any links or open any attachments unless you're 100% sure the email is legit.

 
@pixiechic Also remember: the subject line in Protonmail emails is NEVER encrypted!  So many vendors demand everyone use protonmail for E2E encryption only to have subject lines like "C0k3 on sale now and Oxee half off!" SMH.  But it's just some thing a lot of people just aren't made aware of...

 
DoomKitty said:
@pixiechic Also remember: the subject line in Protonmail emails is NEVER encrypted!  So many vendors demand everyone use protonmail for E2E encryption only to have subject lines like "C0k3 on sale now and Oxee half off!" SMH.  But it's just some thing a lot of people just aren't made aware of...
Click to expand...
I did know that part, but yes I agree- there are some subject lines that leave nothing to the imagination!!  Definitely important that people know this, thanks for the reminder!!

 
Just got one of these "Verify your phone number" emails. Reading the headers, the email seems to have originated in Lagos Nigeria. I previewed the tinyurl destination before visiting, and as before, it takes you to a phishing site designed to look like the Proton authentication page--this time with a different host name and provider. And, as before, they're linking to some content on Proton's site to make it all look legitimate.

image.png

I'm tempted to create a dummy Proton account and feed the credentials into the phishing site to gather additional information. I might be able to tell how they're exploiting the accounts.

 
Important update.

The scammer is now accepting CIM as well as bitcoins. Do not send money to Malaysia!

Check every communication from the vendor to make sure it's coming from the correct address.

 
A couple vendors want me to tell everyone that Protonmail is safe. This infection or whatever you want to call it does originate on Protonmail, but after that it doesn't matter what email is used. One is no safer than another. 

Even if a vendor changes emails as soon as an infected customer contacts him it's on again. So regardless of what email the customer or vendor is using you must make sure that their emails to you are not being generated by a copycat email that is almost the same. 

This is still a changing situation as yesterday I received a email from a vendor giving me the scam wallet and stating CIM was not available. Today they replied to a customer with a CIM address so let's assume they are going to adapt to using different methods.

Lastly, yes, some vendors are not happy with this warning, but our first duty is to protect our members. I have fully admitted that I am not a security or technical expert and I can only try to relay whatever information comes to me.

 
Hmmm, hadn't seen this thread.
Like others I got multiple phishing attempts beginning Jan 16, I just check the senders' email and of course don't open links without 100% certainty that it is from protonmail; legitimate messages from protonmail always have a star.
I also got the DHL one, upgrade mailbox one, and lockandload from tutanova. Each had obvious signs of fraud intent, even the senders' names were BS.
 

 
Last edited:
Ive got the obvious fraud emails we all got and i can handle them ok. My worry is that from what i read here it seems like this scammer has access to vendors emails and then sits there reading your convo and after you confirm order the scammer quickly sends you his btc address from a similar email?

I doubt thats happening really but it seems like thats what the warning is saying. I.e this scammer can somehow jump into your reply thread with a vendor and send a different wallet address?

 
I still lean towards keywords being the cause of them "jumping in". It's an awful lot of emails to be reading one by one. I have been misspelling and finding creative wording in case this theory is correct.

I want to ask the community for help by spreading the word. If your vendor isn't telling you to be sure and make sure their emails are coming from the right address then inform them or ask them to contact me. If you have friends who might not be aware of the problem do the same. If anyone has important information that hasn't been covered yet, please post it.

 
@Mushy it does seem hard to believe, but that is exactly what happened to me!!!

Their email address was one letter off from the vendor’s. Instead of an “m” they had used “rn”, for me that looks the same unless I magnify it. 
I didn’t even catch the difference! The vendor did when, to his credit, he was working with me to find out what happened!

super sneaky!  Very disheartening in more ways than one! If my vendor wasn’t the kinda guy he is I would be out more $ than I care to admit! 
All because of one letter!

unbelievable!
 

 
@milex that is precisely what happened during my order at the time of payment, or maybe an email before. And yes I was on IOS app. It is the only way I access protonmail and this forum. 
I don’t know what that means, but it must be significant based on your previous comment.

 
You must log in or register to reply here.
Drugbuyersguide Shoutbox
  1. B @ bigblueallda: @drjimmy1964 lol I am actually surprised it is a real ID. I needed those documents because my license had been expired for over a year and I had to start all over. Nothing was in the system. It was a huge mess. I had no clue I was signing up for Real ID. They asked me for the exact same documents that I needed for a State ID Card.
  2. P @ psychedpsych: Whew, long night of giving rides. How's y'all's night go? Im debating driving for 2 more rides to hit my goal, should I keep going?
  3. P @ psychedpsych: Whew, long night of giving rides. How's y'all's night go? Im debating driving for 2 more rides to hit my goal, should I keep going?
  4. S @ soupson: bless your heart buddy. no sense of grammar or proper insults/jokes. you need this place in ways i can’t comprehend
  5. drjimmy1964 @ drjimmy1964: Sweet Ol' Me asked about Real ID, Stoup. Are you responsive to emails ? LMAO
  6. drjimmy1964 @ drjimmy1964: I smell some Stoup. Is Stoup's on ?
  7. drjimmy1964 @ drjimmy1964: @bigblueallda You win. I am lost. Thought you were surprised your license was a Real ID, now you say you provided those items.
  8. drjimmy1964 @ drjimmy1964: @bigblueallda I was under the impression that you'd need all of the points to get a real ID . I'd check it's validity if you're gonna fly domestic any time soon, just to make sure. Not to tell you what to do, sorry -
  9. B @ bigblueallda: @drjimmy1964 In my state to get a Real ID, I need SS card, Birth Certificate and two proofs of residency. Which I am positive I had to provide to get a new ID when it had been expired.
  10. drjimmy1964 @ drjimmy1964: @Turbo259 advertising - putting in writing for example an negative action to show they are guilty prior to taking action.
  11. B @ bigblueallda: I haven't flown in an airplane in 20 years lol. Can't recall the last government building I have been in either. According to the symbol it tells me I should have on my ID to make it a Real ID I do have one in my state
  12. Gracie5 @ Gracie5: Hey @CuCeltic99!
  13. drjimmy1964 @ drjimmy1964: @Turbo259 advertising - putting in writing for example an negative action to show they are guilty prior to taking action.
  14. drjimmy1964 @ drjimmy1964: @bigblueallda are you sure you have a Real ID ? I mean , they really want 6 points of proof and 1 for your addy and 1 for your SSN. Did you maybe get it done and forgot and flew out of the country or something ?
  15. drjimmy1964 @ drjimmy1964: @bigblueallda are you sure you have a Real ID ? I mean , they really want 6 points of proof and 1 for your addy and 1 for your SSN. Did you maybe get it done and forgot and flew out of the country or something ?
  16. S @ soupson: did anyone ask about real id or is sweet ol jimmy just rambling
  17. T @ Turbo259: @drjimmy1964 what did you mean by advertise? not gettin the verbiage, DM works if anything, just didnt understand
  18. B @ bigblueallda: {Visit your local Driver Service Bureau with the necessary documents: original birth certificate, Social Security card, and two proofs of your state's residency. } I definitely provided this when I had to get a new ID when i let mine go expired too long maybe I unknowingly got one but I think it is pretty standard here.
  19. B @ bigblueallda: Well it was a state id renewal. Before that there was a mixup and I had lost my birth certficate and social security number. After a couple of weeks and finally getting several documents in order I was able to get a state ID. It had been expired previously for a little too long and they wanted all kinds of proof. It was a mess. But nah I looked up what to look for an my state's ID to see if it is a Real Id or not and my card as the symbol it is supposed to have. I'll take a closer look though
  20. drjimmy1964 @ drjimmy1964: @bigblueallda are you sure you have a Real ID ? I mean , they really want 6 points of proof and 1 for your addy and 1 for your SSN. Did you maybe get it done and forgot and flew out of the country or something ?
Back
Top