It seems that slightly more effort went into this one than the usual scatter-gun spam emails or cold-calling remote access scams.
First up was an SMS to my phone, addressing me by name, so they’ve got some of my details – firstname and phone number.
Adrian I saw this story and thought about you: http://pigso.co/coXYZ123
A bit sus, perhaps it was someone I knew, so I messaged back. Of course there was no reply.
Lets have a look at that URL1 then….
curl -v http://pigso.co/coXYZ123 | tee sus.txt : > GET /coXYZ123 HTTP/1.1 > Host: pigso.co > User-Agent: curl/7.68.0 > Accept: */* : < HTTP/1.1 302 Found < Date: Wed, 19 Aug 2020 11:21:50 GMT < Content-Type: text/html; charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < Set-Cookie: __cfduid=7cb94476a6ab4618a2d663e3f7c04d22; expires=Fri, 18-Sep-20 11:21:53 GMT; path=/; domain=.pigso.co; HttpOnly; SameSite=Lax < X-Powered-By: PHP/7.2.32 < Location: https://abc.voyage/aussie-ato-stunned-by-excessive-payouts?source=tb&gi=352&ad_id=347&fname=Adrian&lname=Tritschler&phone=%2B61408XXXXXX&aff_sub=5f3c7NNNNNNN < CF-Cache-Status: DYNAMIC < cf-request-id: 3d2c14ecfb684835897d102fc1f28761 < Server: cloudflare < CF-RAY: 9da6bb92eeba3eda-MEL <
Lets take a look at that one, “https://abc.voyage/”, a cheesey fake copy of the ABC news website, every single article on it a reference to bitcoin from one scammy broker site…. and the URL to go there includes my firstname and lastname, my mobile phone number and an “aff_sub” so presumably the affiliate who launched the scam campaign gets some credit.
All the links on the page reference bitcoinsupreme dot cash
Nothing much more to do here except report it to https://scamwatch.gov.au/report-a-scam and out of interest, let the local ABC know about it, perhaps they can unleash a takedown order for the use of their logos.
1 I changed a few of the digits and names as I went, they may or may not have received a query from a name similiar to a member of parliament with a phone number like 12345678