2+2,

Please be advised that a phishing scam is being perpetrated against targeted very high stakes players. The affected players received an email supposedly from Full Tilt Poker Security that contains an executable download link that installs a key-logger onto their computer.

Should you receive an email that instructs you to download a “Full Tilt Security Update” DO NOT click the link to download and install. Full Tilt Poker will never require you to click on a link for a software update – all updates are done server-side and download as needed when you log into the client software. You can always go to fulltiltpoker.com to download and install the latest version of our software.

If you received this email and did click the link and installed the executable, then you should consider your computer infected with a key-logger and take appropriate actions to cleanse your system. You may need to re-format and re-install your OS to preserve the integrity of your passwords and other private information.

Sean

Wow. Has anyone been successfully scammed?

I started the download before realizing that was idiotic and cancelled. It obviously took FTp a day and a half to answer my 4 emails asking if that was a legit upgrade in the email or not, and in the meanwhile I transferred all my online money to various friends.

Very curious as to how the scammers got everybody's email addresses: really scary if somebody working for Full Tilt leaked this info

all,

Allow this to serve as a reminder you should not play on unsecured networks, without up to date virus scanners & spyware checks, etc.

The only real question is where the list of emails came from.

Yea whoever downloaded this needs to Immediately re-format their computer and then change their passwords AFTER they have re-formatted (if it's not too late).

Also I would like to know how the scammers got everyone's e-mail addresses.

Keylogger's aren't specific to online poker. It's really a problem created by people not being up to date on current virus protection software or just being careless about what they install and who it's from.

Keyloggers simply record the keys you press on your keyboard and report them via the internet to some third party. Any account you access through your computer can be compromised by them, not just your poker account.

If you've downloaded this keylogger by accident, you should probably change ALL the passwords you type from your computer.

This legitimate question was asked 2 months ago. Any answers?

FTPSean?

i have a trojan on my computer that avg anti virus can't get rid of, what should i do now?

get different antivirus... try spybot.. or even pcdoctor.. symantec is good too..

in light of the AP superuser case, all info--hole cards, email and IP address--came right from support itself....

someone just requested a HH and got so much more.

If you know someones name it's not hard to find their email, phone # etc in the information age. Especially if there is a buck or 100k in it for the hackers. I'm sure whoever the hackers are know this site very well, and have targeted specific posters who like brag a little too much. (EX: my sn on here is my girlfriends poker sn, not even my mom or my friends know mine.) I dont trust anyone online, you really can't be too careful.

Time for a new computer!

ps. have a nice day

sounds fishy to me considering it was a whole group of players. ftpsean?

Yesterday I received a phishing email from a fake account, support@download-pokertracker.com. It tried getting me to download a "critical security update" which obviously I didn't but I thought it was worth pointing out.

By the way, my theory as to how they got my email address (which apparently quite surprised the PT guys when I emailed them) is that 2 days ago I accepted a facebook friendship from a woman named Lia ******* (last name omitted in case she's innocent). She is a 37 year-old Greek woman who had 31 friends, all of them from Greece so I thought it was odd that she would be friending me. I almost always reject friendships from people I don't know but accepted so I could see why she's friending me. The next day I get this phishing email, so I wouldn't be surprised if this was a fraudulent account that friends people to get their email addresses for these purposes. Anyway, I think most pro poker players would be best served taking their email addresses off of facebook or only accepting friendships from people they know.

tsarrast just got hit
http://forumserver.twoplustwo.com/sh...d.php?t=160558

Me too, trying to deal with it now

This happened to me also. However, the executable download immediately gave me a pop-up saying "cannot be installed on Windows Vista" and did not appear to load. From anyone else's experience, did the executable file actually install or is this just a fake warning to give me some false sense of security?

I just got multiple emails from the same person attempting the same thing.
I obv didn't dl it cuz im not ******ed.

C

Here is the email header from an authentic ftp email.
Delivered-To: xxx@gmail.com
Received: by 10.64.213.17 with SMTP id l17cs155013qbg;
Wed, 12 Mar 2008 22:00:03 -0700 (PDT)
Received: by 10.65.196.2 with SMTP id y2mr19439661qbp.36.1205384403482;
Wed, 12 Mar 2008 22:00:03 -0700 (PDT)
Return-Path: <cashier@fulltiltpoker.com>
Received: from mail01.fulltiltpoker.com (mail01.fulltiltpoker.com [66.212.238.233])
by mx.google.com with ESMTP id f16si12467335qba.26.2008.03.12.22.00.03;
Wed, 12 Mar 2008 22:00:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of cashier@fulltiltpoker.com designates 66.212.238.233 as permitted sender) client-ip=66.212.238.233;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of cashier@fulltiltpoker.com designates 66.212.238.233 as permitted sender) smtp.mail=cashier@fulltiltpoker.com
Received: from casino0 (unknown [10.20.6.10])
by mail01.fulltiltpoker.com (Postfix) with SMTP id A31EC1EB1C3
for <xxx@gmail.com>; Thu, 13 Mar 2008 01:00:02 -0400 (EDT)
Date: Thu, 13 Mar 2008 01:00:02 -0400
Subject: =?ISO-8859-1?B?RnVsbCBUaWx0IFBva2VyIC0gRnVuZHMgVHJhbnNmZXIgUm VxdWVzdA==?=
From: cashier@fulltiltpoker.com
Reply-To: cashier@fulltiltpoker.com
Errors-To: com-cashier-error@fulltiltpoker.com
To: xxx@gmail.com
Message-Id: <20080313050002.A31EC1EB1C3@mail01.fulltiltpoker.c om>

The scammer's email header looks as follow:
Delivered-To: xxx@gmail.com
Received: by 10.64.213.17 with SMTP id l17cs293787qbg;
Tue, 25 Mar 2008 15:11:00 -0700 (PDT)
Received: by 10.141.87.13 with SMTP id p13mr3835688rvl.295.1206483059779;
Tue, 25 Mar 2008 15:10:59 -0700 (PDT)
Return-Path: <generalmail@bravehost.com>
Received: from hostmail2.bravehost.com (hostmail2.bravehost.com [65.39.211.68])
by mx.google.com with ESMTP id c36si6280273rvf.28.2008.03.25.15.10.59;
Tue, 25 Mar 2008 15:10:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of generalmail@bravehost.com designates 65.39.211.68 as permitted sender) client-ip=65.39.211.68;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of generalmail@bravehost.com designates 65.39.211.68 as permitted sender) smtp.mail=generalmail@bravehost.com
Received: from localhost (unknown [127.0.0.1])
by hostmail2.bravehost.com (Postfix) with ESMTP id 3BBA2165389
for <xxx@gmail.com>; Tue, 25 Mar 2008 22:10:59 +0000 (UTC)
Received: from hostmail2.bravehost.com ([65.39.211.68])
by localhost (mungo.vc.bravenet.com [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id kx5ft6HzWL8X for <xxx@gmail.com>;
Tue, 25 Mar 2008 15:10:53 -0700 (PDT)
Received: (from generalmail@bravehost.com)
by neutron.vc.bravenet.com (mini_sendmail/1.3.6 29jun2005);
Tue, 25 Mar 2008 15:10:53 PDT
(sender php@neutron.vc.bravenet.com)
To: xxx@gmail.com
Subject: Important Information About Your Full Tilt Poker Account. Please Read!
X-PHP-Script: enigmasad.bravehost.com/emailsnew.php for 172.173.5.248
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: support@fulltiltpoker.com
Message-Id: <20080325221053.2089B12ED61@localhost.localdomai n>
Date: Tue, 25 Mar 2008 15:10:53 -0700 (PDT)

I just got this, after doing nothing to prompt it from PT


PokerTracker 3 - User Account Registration
Thank you for registering with us at PokerTracker. Once your account is activated, you will have the ability to parctipate in forum discussions, submit secure support messages, view your registration codes and previous order history.

Activate Your Account
Please activate your account now by following the link or copy and pasting the link below into your web browser.

http://www.pokertracker3.com/myaccou...vate.php?code= xxxx

If activation fails, your account may have already been activated. Please try logging into your account. If you are still having trouble, contact PokerTracker Support.

My question is: how did they get these people email in the first place...they must of got into the FTP database to get the addresses. Some strange and shameful **** going on here.

Yeah basically check the email headers by right clicking the email and going to properties. Any email with different headers than it is supposed to have is definitely suspect.

C

Thats the question we should be asking

I am unstickying this thread. It has been atop the forum for 9 months, if you haven't seen the warning by now then this thread being atop the page is not going to help you.

Obviously you should secure your computer at all times and be wary when clicking on links.

Always take necessary precautions because there are people out there who think that high stakes no limit players make easy targets and who are plotting to steal your money.

Maybe your 2+2 profile: Send a message via email to ...