I was recently contacted on Discord and offered a discounted listing fee, this person claimed to be from the Cryptocurrency exchange Stex. For starters any legitimate exchange is not going to private message people regarding listing a coin, this is something that is carried out through official channels such as ticket or email (see below for email). He or she also offered to send an official email for verification, I decided to humor this person and here is the conversation:
The “Official” Email
The email was indeed sent and showed up to my Gmail account appearing to come from the stex.com domain. Never … ever trust that an email comes from a certain domain or email address, this is easily spoofed. Instead view the email source or headers as this shows the true information. As an example check this screenshot from my Gmail:
A quick look at the source shows this is a spoofed email:
Indicator number one, I would think any exchange would have a properly set SPF that defines their sending IPs, check the screenshot for:
You can lookup a domains SPF record here as well as see the stex.com actual SPF record: https://mxtoolbox.com/SuperTool.aspx?action=spf%3astex.com&run=toolpage
As you can see there the stex.com SPF only defines the IP “18.104.22.168”.
Indicator number two:
“Received” shows just that where the email originated or was received from. hrmmm emkei.cz sure does not look like stex.com, also notice the IP? It matches the spf fail. This is more then enough to say 100% this is not a legitimate email from Stex.
If you visit emkei.cz you land on a page that allows you to send spoofed emails, the email I received had the “From e-mail” set as [email protected], game, set, match! Hopefully this little bit of information will help others avoid scams like this.
Edit: I just noticed this user is still online and active in Discord and most likely continuing to try and scam people. The unique user ID for this person is: 499630673628495883