Title: MtGox spoof mail+site Post by: kwukduck on August 27, 2011, 03:31:06 PM Just received an email from 'info@mtgox.com' with the news of 11-08-2011, a link in the message has the text of the mtgox newsletter link but truely links to:
hxxp://mtgox.tk/users/login carefull if you got this email too. Title: Re: MtGox spoof mail+site Post by: EricJ2190 on August 27, 2011, 04:17:22 PM Of interest from the email headers:
Code: Return-Path: <fewfewef@xm33.hostsila.org> I sent off a quick message to the .TK abuse email letting them know about the issue. Title: Re: MtGox spoof mail+site Post by: helloworld on August 27, 2011, 04:18:16 PM hxxp://mtgox.tk/users/login Well, I tried that link just now and it redirects to a Romanian blog site on a .ro domain. hxxp://www.niuzer.ro/Botosani/IMPRESIONANT-Testamentul-Reginiei-Maria-a-Romaniei-2637509.html?utm_source=twitterfeed&utm_medium=twitter Title: Re: MtGox spoof mail+site Post by: Gavin Andresen on August 27, 2011, 10:28:31 PM I got a copy, too. If you use gmail, use the 'Report phishing' function (in the Reply drop-down menu).
Title: Re: MtGox spoof mail+site Post by: indio007 on August 27, 2011, 10:35:43 PM Oops I "accidently" entered a password.
U:Blowme P:Gofuckyourself My not just spam it with bogus account info? Title: Re: MtGox spoof mail+site Post by: NothinG on August 28, 2011, 12:24:44 AM Anyone heard of drive-by's?
Title: Re: MtGox spoof mail+site Post by: dustintrammell on August 28, 2011, 02:18:48 AM Is there any indication that this is a widespread campaign among more than one Mt. Gox user, perhaps using the database leak data from the breach a while back, or are you the only recipient as far as you know? I'm just wondering if this is more targeted spear-phishing or if they're casting a wider net...
Title: Re: MtGox spoof mail+site Post by: Tasty Champa on August 28, 2011, 02:28:27 AM could tell MagicalTux or someone over there about what fake info you reply with,
(just put in legit looking info) then could use that to possibly identify them or at least block the addresses. Title: Re: MtGox spoof mail+site Post by: SomeoneWeird on August 28, 2011, 02:29:57 AM could tell MagicalTux or someone over there about what fake info you reply with, (just put in legit looking info) then could use that to possibly identify them or at least block the addresses. Already told him. Title: Re: MtGox spoof mail+site Post by: theymos on August 28, 2011, 03:26:16 AM I submitted it to PhishTank:
http://www.phishtank.com/phish_detail.php?phish_id=1262006&frame=details Vote for its confirmation if you have a PhishTank account. Title: Re: MtGox spoof mail+site Post by: NothinG on August 28, 2011, 03:28:16 AM I submitted it to PhishTank: http://gyazo.com/5583239bf51ac7f149af3e45e02eaea1.pnghttp://www.phishtank.com/phish_detail.php?phish_id=1262006&frame=details Vote for its confirmation if you have a PhishTank account. Seems they are lurkers... Title: Re: MtGox spoof mail+site Post by: theymos on August 28, 2011, 04:03:02 AM Seems they are lurkers... I think it's just difficult for PhishTank users unfamiliar with Bitcoin to decide whether this is a real site or a phish. Title: Re: MtGox spoof mail+site Post by: NothinG on August 28, 2011, 04:30:06 AM Seems they are lurkers... I think it's just difficult for PhishTank users unfamiliar with Bitcoin to decide whether this is a real site or a phish. Looks like we are winning. Title: Re: MtGox spoof mail+site Post by: EricJ2190 on August 28, 2011, 05:28:29 AM I received a response from the hosting company from which the email originated stating that the account has been closed. Unfortunately, the phishing site itself seems to be hosted elsewhere (fwef33.tmweb.ru.)
Title: Re: MtGox spoof mail+site Post by: Maged on August 28, 2011, 06:52:26 AM Looks like Firefox is blocking it now. :)
Title: Re: MtGox spoof mail+site Post by: helloworld on August 28, 2011, 07:39:10 AM I received a response from the hosting company from which the email originated stating that the account has been closed. Unfortunately, the phishing site itself seems to be hosted elsewhere (fwef33.tmweb.ru.) Am I the only person that got redirected to a Romanian blog? What's the problem if the link no longer goes to the phishing site? |