Print Page - New Gox Spam Heads Up

Just received some spam, though I would alert the community. Fake links inside the e-mail, spoofed address relayed via a crappy mail host.

Quote

info@mtgox.com via km22.hostsila.org
7:48 AM (53 minutes ago)

to me
Dear Mt.Gox user,

Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:

Security Measures Explained

“Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.

In order to apply for the “Verified” account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or driver’s license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.

Thanks,
The Mt.Gox team

Here is the source so you can see the fake links:

Code:

Delivered-To: matt.a.mead@gmail.com
Received: by 10.229.239.199 with SMTP id kx7csp76445qcb;
        Fri, 20 Apr 2012 07:48:36 -0700 (PDT)
Received: by 10.216.133.234 with SMTP id q84mr4032106wei.102.1334933315270;
        Fri, 20 Apr 2012 07:48:35 -0700 (PDT)
Return-Path: <goxgoxgo@km22.hostsila.org>
Received: from km22.hostsila.org (km22.hostsila.org. [194.28.84.12])
        by mx.google.com with ESMTPS id g9si6384055wee.68.2012.04.20.07.48.34
        (version=TLSv1/SSLv3 cipher=OTHER);
        Fri, 20 Apr 2012 07:48:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of goxgoxgo@km22.hostsila.org designates 194.28.84.12 as permitted sender) client-ip=194.28.84.12;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of goxgoxgo@km22.hostsila.org designates 194.28.84.12 as permitted sender) smtp.mail=goxgoxgo@km22.hostsila.org
Received: from goxgoxgo by km22.hostsila.org with local (Exim 4.69)
	(envelope-from <goxgoxgo@km22.hostsila.org>)
	id 1SLF8S-0008Ps-HA
	for matt.a.mead@gmail.com; Fri, 20 Apr 2012 17:48:32 +0300
To: matt.a.mead@gmail.com
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: goxgoxgox5.tk/index2.php for 88.196.63.57, 88.196.63.57
From:info@mtgox.com
Reply-To:info@mtgox.com
MIME-Version:1.0
Content-Type: text/html;
Message-Id: <E1SLF8S-0008Ps-HA@km22.hostsila.org>
Date: Fri, 20 Apr 2012 17:48:32 +0300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - km22.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [808 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - km22.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php 
X-Source-Dir: goxgoxgox5.tk:/public_html

<HTML>Dear Mt.Gox user,<br>
<br>
Your account is currently pending review, please visit <a href='http://rgy543.tmweb.ru/'>https://mtgox.com/forms/verification</a><br>
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:<br>
<br>
<a href='http://rgy543.tmweb.ru/'>Security Measures Explained</a><br>
<br>
â€œVerifiedâ€ Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.<br>
<br>
In order to apply for the â€œVerifiedâ€ account status please attach a copy of the following documents:<br>
- Your government issued photo ID (passport, permanent residence card or driverâ€™s license) and<br>
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.<br>
<br>
Thanks, <br>
The Mt.Gox team
</HTML>

Yes, my e-mail was leaked during the great Gox hack of 2011, so I get stuff like this every once in a while.

Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: phorensic on April 20, 2012, 03:45:10 PM