Warning! There seems to be false webmail logon screen hosted on IPFS to phish credentials!

p-kraszewski · July 18, 2022, 8:21pm

Hey! Just caught a spam mail of the usual scam of “Your mail quota exceeded, login here to fix it, bla, bla, bla”

What was not usual is that it apparently pointed it to an IPFS resource (after some Google Translate unwinding)…

hXXps://2mqkxtmdchltk7iv5iq6hdtaw4rk4l4yynb5dgwrhq-ipfs-infura--ipfs-io.translate.goog/?_x_tr_hp=bafybeibvzbuwl6bw&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&#my@email.here

Just a note to let you know.

Jorropo · July 18, 2022, 8:42pm

Discordian · July 18, 2022, 9:35pm

Looks like they may also be using Infura, might be worth notifying them too.

p-kraszewski · July 19, 2022, 7:57am

Thanks for the hint, contacted them both. I’ll keep you posted on findings.

Edit:

After all GTranslate black magic, the final URL is:
hXXps://bafybeibvzbuwl6bw2mqkxtmdchltk7iv5iq6hdtaw4rk4l4yynb5dgwrhq.ipfs.infura-ipfs.io/

It is valid and presents a generic login form to steal credentials.

Topic		Replies	Views
Abuse on IPFS Service Help	7	292	September 2, 2022
Sharing IPFS files via Email & Metamask \| Affordable Pinata Alternative	2	253	October 13, 2022
Where is the abuse or infosec team at IPFS?	12	1139	June 9, 2023
IPFS on AWS and compromise warnings Help	6	308	September 21, 2020
[Academic article using IPFS] IPFS and IPNS protocols as way for controller of botnet: a proof of concept Ecosystem go-ipfs , ipns	2	588	May 18, 2020

Warning! There seems to be false webmail logon screen hosted on IPFS to phish credentials!

Related Topics