Bitcoin Forum

I just googled bitcoin price (on wife's phone) and the sponsored link/ad at the top said it was to mtgox.com...only it wasn't, it was too mtgoox.com. The site looked like mtgox.com (even offered to switch to mobile like the real gox site does).

Does Google permit this kind of fishing?

*edit-- updated thread title

Ads related to bitcoin price
Mt.Gox exchange - mtgox.com‎
www.mtgox.com/‎
Mt.Gox is the world's most exchange exchange bitcoins to dollars

This is the goole search result and there is no any site with mtgoox

I just tried and got the result you did.  This definitely needs to be fixed.  Folks should always use 2fa and just to be safe, type in the full address when accessing their account:  https://mtgox.com

Edit:  It actually went to mtgoox.org

correct me if im wrong but from my side the site seems to already be down or at least not responding. Yeah, 2fa all day everyday, case and point.

I don't think 2fa is enough to protect you from a mitm attack as they can accept your otp and replay it through to the real site.

Further more they could prompt you again pretending a timeout and use the second otp entry to execute a withdrawal.
only real protection is 2fa with a cpu to sign the actual activity with a private key.


cheers

If this is actually going on, I have a feeling that it constitutes a form of fraud and Google would remove it on complaint.

Of course, as with banking--avoid links, type it in directly to the bar. When it doubt, check the crypto auth seal. It's not going to be perfect against all forms of phishing; but it could greatly reduce the chances of accidentally exposing information.

Obviously people squatting something like mtgoox.com are also looking for typos to lead people there. Doesn't look like "mtgoox.com" resolves for me; but "mtgoox.org" appears to be a fake MtGox phishing site.

With a mtgox yubikey, you press and hold the key for 1 second to login and press and hold the key for 3-4 seconds to issue a different OTP for withdrawals.  Im not sure exactly how this works, but the withdrawal OTP looks completely different than the login OTP.  That is why I prefer yubikey over other 2fa such as Google Authenticator.  Although anything can happen, this should reduce the risk of a MITM.

Terrible attempt at a phishing name - mtgoox.org - how bad is that ;)

Same when i tried.
2fs is suggested in all your crypto account

Not sure this phishing site is that sophisticated.

My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most...

Google should not allow this...

Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it.

Google cannot control every phishing site ............ be your own "police", take responsibility for every URL you visit.

I suggest everyone reports it here: http://www.google.com/safebrowsing/report_phish/

Someone built a phishing site of primedice and it was eventually removed after tons of submits to google.

To underscore the obvious: google took money to create a deceitful ad. That's poor form -- and it's trivial for them to prevent abuse of this form by enforcing link titles to match destination urls...

Imagine if everyone in the world adopted the attitude you suggest...you wouldn't want paramedics duping people in an emergency :) everyone is vulnerable to some degree in some situation.