ElitePrint.ci Bitcoin Phishing Scam Poses as WordPress Login Alert
Phishing Scam Alert: “eliteprint.ci” and the Bitcoin WordPress Bait
If you got an email that looked like a WordPress login reset with your “Bitcoin balance” as a username… congratulations, you’ve met today’s phishing garbage fire.
The Red Flags (In Case the Flaming Dumpster Wasn’t Enough)
- Sender:
[email protected]— definitely not your site. - Subject:
[eliteprint]_Détails de connexion— fancy French won’t make this less suspicious. - “Username”:
www.itfifv.blogspot.my - 1.3421172 BTC— Yeah, okay, very legit… - Phishing Link: https://eliteprint.ci/wp-login.php — don't click it unless you enjoy identity theft.
Where’s it coming from?
The IP address 195.154.87.159 traces back to a hosting provider in France (web12.vename.ci), and it came through without any DKIM or DMARC validation. SPF? Also a no-show. So, in email security terms, this one failed harder than a 1990s pop-up blocker at a malware convention.
What You Should Do
- Do not click any links. Yes, even out of curiosity.
- Mark it as spam/phishing in your email client — this helps everyone.
- If you did click and enter info, change your passwords immediately and enable two-factor authentication. Then scan your system for malware. Then pour yourself a drink (non-alcoholic if you’re diabetic, like me).
Tech Notes for the Nerds
This spam message uses PHPMailer 6.9.2 and fake WordPress headers to imitate a login reset. They pass PTR checks (barely), but their SPF, DKIM, and DMARC settings are nonexistent. Combined with a forged subject and a redirect to a login prompt containing embedded Bitcoin bait, this is classic phishing using psychological manipulation.
Final Thoughts
Remember: WordPress doesn’t email you out of the blue asking you to reset your password for someone else’s blogspot account — especially not with a Bitcoin bribe baked in. Trust your gut, not your inbox.
Stay alert out there. And always hover before you click.
Filed under “wow, they really thought this would work.”
