Handling a possible SCAM call
What Happened
Today I got called by 647
number, with a Thomas Hill on the line, who had a Russian/European accent. He claimed that he works for blockchain.com
and is involved in account recovery, which is why I'm supposed to believe that the domain recoveringblockchain.com
is legitimate.
I previously had a coinbase account, and I thought that there could be a chance that this was still legitimate, so I proceeded with extreme caution. "Thomas" asked me if I can share my screen so he can "explain" to me what wallet I was going to recover, and show me how to recover it. I knew that screen sharing is not really a way for someone to access my information or gain control of my system, and I was not going to open my bank account while screen sharing, so I accepted and he emailed me a zoom link. I joined the meeting from a private browser window, and shared only the private browsing window.
Next, he sent a link to a transaction on blockchain.com
. The wallet had a balance of around $50K USD, and I immediately thought that there's no way that this is legitimate. I figured that I would have to pay "account recovery fees" before the funds could be accessed, and the scammers would ghost me after receiving the payment.
Anyways, I insisted on them being straight forward and telling me the next steps. He told me that next they would transfer the funds to a crypto account I own (they have to verify this). I was of course very skeptical, and to be honest I was being very closed off, so he said he'd send me an email and I can verify that it's legitimate.
Well after receiving the email, from the @recoveringblockchain.com
domain, I knew that this was definitely a scam. I looked up the blockchain.com
support page, and it clearly said that they don't call you, and they only send emails from the blockchain.com
apex domain - I knew then that I was being targeted by scammers.
Preventing any Future Damage
Now that I knew who I was up against was malicious, I wanted to introduce roadblocks for them, and at the very least I did the following.
-
-
- Using
whois recoveringblockchain.com
command - Determined to be
namesilo
- Reported to
[email protected]
- Using
-
- Using
dig -tMX recoveringblockchain.com
- Determined to be
titan email
- Reported to
[email protected]
- Using
-