Received Scam Mail Storj Smart Contract upgrade

I received this email an hour ago. It had storj@substack.com as sender.

7 Likes

Wow slick. Thanks for posting.

havent been any announsment here can be fishing? i do not got any email about this.

yeah me neither, it’s a scam.

Im sure the scammer is on this forum to.

@jocelyn can you comment situation, is it some true information?

This is the last thing she said Minimum Threshold for Storage Node Operator Payouts
Seems like someone has planned this based on this post.

No one in the right mind would send there storj to a strange wallet to pay fees ontop of getting scammed.

Can you post the headers of the email?

redact your email address and your local IP address.

However, the headers should show if the email was forged and maybe the originating IP address… which is probably fake anyway, but might be useful.

Delivered-To: ###
Received: by 2002:a05:7110:6030:b029:2f:f17a:5ac0 with SMTP id d16csp178713geb;
        Thu, 14 Jan 2021 07:39:42 -0800 (PST)
X-Google-Smtp-Source: ABdhPJy9cWA/Ujt61+8iLC9YKZdSRhEFgcNdnChlDwp6+SOWcUREweJOB8Ycayb3Y11Xw6GaCKEf
X-Received: by 2002:a63:5304:: with SMTP id h4mr8056425pgb.199.1610638782610;
        Thu, 14 Jan 2021 07:39:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1610638782; cv=none;
        d=google.com; s=arc-20160816;
        b=zw9q8+dHs1kS3slXGikHRNnMCiyGeSRmkB0DX7MTe1EutsB353+gyOq8ziwpMSzOjY
         lMPc9znLXmtqX3SaS1pxjQbb+wMPKh2eeQ+m/VmzjPW73m6AP+rB8OUGyzmdhGw1VUr1
         iI1iXyy0jzo5aLrJROskptvlnBKGfb/QzQRjvMdqk3w9O5jtFQsqRBgthaJ7if8LaxdB
         yIk84RVZvejbFXZqdqnizpsTJPf6WNBxdBiudMdulTKpuHQX9gPjj/GCgZXKsov7NKIE
         tTs6OFpJi9Z/TVfY3ROW2aktkBvUPQiC3MvvUL6lY6iSMApce2WzuPFafDbFFeF9S2yh
         OYUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:subject:from:to:list-id:in-reply-to:reply-to:date
         :list-post:message-id:list-unsubscribe:sender:list-owner:list-url
         :list-archive:references:list-unsubscribe-post:dkim-signature;
        bh=WUuhM3ruy1wOCYwtVpy6LRoYRoH6tdBGzRlI1qsC7x0=;
        b=gnZlQONUGZVsuS/gOQqjor4mHy6Rlz3serPXU+fm5BgQfe3yjXVIbacdm0H6+3svVg
         u8cIPrd9gAq3/ncP3ij29Ckh6G6Bc0iWe2Dij2lVlzNWDAGKmIJJnq/XYg1ESMoqMy4a
         Nk4sqcBw6J9XVJ/zekFCgIazJMFk9ntI7ekA6YMKnt0Nz9k6nuAx9KFFVpzl0p7Rb3QY
         DgGV0ITNSuCuW0qx+Okcsrad9YRLEMbdwnmN/6curEewCMTWhc9HRfikBxw2hVYoULDu
         jnxydnF06CWxQsdHYNyQUPIuslMdN81WyD4NC+iWpWJBKQXoKqH2s/jola5nsQ8+QYJV
         CxSw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@mg2.substack.com header.s=mailo header.b=R+sVjA1A;
       spf=pass (google.com: domain of bounce+9dce3a.4d1858-####=googlemail.com@mg2.substack.com designates 161.38.202.253 as permitted sender) smtp.mailfrom="bounce+9dce3a.4d1858-####=googlemail.com@mg2.substack.com";
       dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=substack.com
Return-Path: <bounce+9dce3a.4d1858-####=googlemail.com@mg2.substack.com>
Received: from mg-202-253.substack.com (mg-202-253.substack.com. [161.38.202.253])
        by mx.google.com with UTF8SMTPS id q5si7094518pgg.392.2021.01.14.07.39.30
        for <####>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 14 Jan 2021 07:39:42 -0800 (PST)
Received-SPF: pass (google.com: domain of bounce+9dce3a.4d1858-####=googlemail.com@mg2.substack.com designates 161.38.202.253 as permitted sender) client-ip=161.38.202.253;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mg2.substack.com header.s=mailo header.b=R+sVjA1A;
       spf=pass (google.com: domain of bounce+9dce3a.4d1858-####=googlemail.com@mg2.substack.com designates 161.38.202.253 as permitted sender) smtp.mailfrom="bounce+9dce3a.4d1858-####=googlemail.com@mg2.substack.com";
       dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=substack.com
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg2.substack.com; q=dns/txt; s=mailo; t=1610638782; h=Content-Type: Mime-Version: Subject: From: To: List-Id: In-Reply-To: Reply-To: Date: List-Post: Message-Id: List-Unsubscribe: Sender: List-Owner: List-Archive: References: List-Unsubscribe-Post; bh=WUuhM3ruy1wOCYwtVpy6LRoYRoH6tdBGzRlI1qsC7x0=; b=R+sVjA1AHqNq5N3Y++JP64E7aA4+/v0ZIBIPHNqJomMozP85lQa2S2CEzb4Ewq4pAZVdU1HM XTm21zx9ErP5bmCnfxNajxucTTnn0lQ6AMhVVOIwtqMDd2MD8JSqJeP9gmuOsgWM1qLsrgfo s/tF7kyrJ9xJs2LVGfGps+wIUY0=
X-Mailgun-Sending-Ip: 161.38.202.253
X-Mailgun-Sid: WyJmMGZmZCIsICJ0eWxrb21hdEBnb29nbGVtYWlsLmNvbSIsICI0ZDE4NTgiXQ==
X-Mailgun-Batch-Id: 600065a2415a6293c5388b9a
Received: by luna.mailgun.net with HTTP; Thu, 14 Jan 2021 15:39:14 +0000
X-Mailgun-Variables: {"category": "post", "email_generated_at": "1610638752803", "is_freemail": "true", "publication_id": "254463", "post_audience": "everyone", "post_id": "31326718", "pub_community_enabled": "true", "user_id": "23943214", "post_type": "newsletter", "subdomain": "storj"}
List-Unsubscribe-Post: List-Unsubscribe=One-Click
References: <post-31326718@substack.com>
List-Archive: <https://storj.substack.com/archive>
List-Url: <https://storj.substack.com/>
List-Owner: <mailto:storj@substack.com>
Sender: Storj <storj@substack.com>
List-Unsubscribe: <###>
Message-Id: <20210114153912.1.lgl90k61ure@mg2.substack.com>
List-Post: <https://storj.substack.com/p/storj-smart-contract-upgrade>
Date: Thu, 14 Jan 2021 15:39:12 +0000
Reply-To: Storj <reply+infum&e96pa&&2e32839e3044502fec6ef219b62112db790f95742d9357ddf98f09ea278e200e@mg1.substack.com>
In-Reply-To: <post-31326718@substack.com>
List-Id: <storj.substack.com>
X-Mailgun-Tag: post
To: ###
From: Storj <storj@substack.com>
Subject: Storj Smart Contract Upgrade
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="ee453a9878ba4eac8c7f280e591448db"

Don’t click this link, but https://storj.substack.com/ is not us. This is an impressive scam, but we are absolutely not upgrading our smart contract. I’m going to report this Substack account for fraud.

-JT (Storj CTO, in case that helps) :slight_smile:

10 Likes

The email looks like a legitimate substack email. The group is probably a hoax though.

This line in the header:

can be used by substack to locate the email in their server logs.

The content of the e-mail is really impressive! Scams are usually waaaay less elaborated! oO
That’s dangerous, many could fall for it :confused:

I don’t really get why Storj would be the target of scams where a lot of time is needed to set it up though.
I mean, I don’t feel like Storj is “big enough” (no offense intended).

1 Like

Interestingly I received this email not on an address that I use in this forum or with storj itself. I wonder how that relation was drawn.

2 Likes

Good, looks like they put a lot of time and effort into this, and it will almost certainly be entirely wasted!

Thumbs up for the team to get both the contract address as a scam and had the website removed!

3 Likes

Hi folks I was out of the office, but it looks like JT already addressed it. Thank you JT!

1 Like

and @tylkomat thank you for your good citizenship!

4 Likes

I bielieve someone was scraping forum names and added @gmail.com for this.

Pro Tip: Many providers support aliasing your mail address with +, i.e. instead of tylkomat@example.com you can create an alias for each website you enter your mail: tylkomat+storj-forum@example.com. Then you at least know where it was taken from.

3 Likes