Bitcoin Forum
November 17, 2024, 04:50:11 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: New Gox Spam Heads Up  (Read 1050 times)
phorensic (OP)
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
April 20, 2012, 03:45:10 PM
 #1

Just received some spam, though I would alert the community.  Fake links inside the e-mail, spoofed address relayed via a crappy mail host.

Quote
info@mtgox.com via km22.hostsila.org
7:48 AM (53 minutes ago)

to me
Dear Mt.Gox user,

Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:

Security Measures Explained

“Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.

In order to apply for the “Verified” account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or driver’s license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.

Thanks,
The Mt.Gox team

Here is the source so you can see the fake links:

Code:
Delivered-To: matt.a.mead@gmail.com
Received: by 10.229.239.199 with SMTP id kx7csp76445qcb;
        Fri, 20 Apr 2012 07:48:36 -0700 (PDT)
Received: by 10.216.133.234 with SMTP id q84mr4032106wei.102.1334933315270;
        Fri, 20 Apr 2012 07:48:35 -0700 (PDT)
Return-Path: <goxgoxgo@km22.hostsila.org>
Received: from km22.hostsila.org (km22.hostsila.org. [194.28.84.12])
        by mx.google.com with ESMTPS id g9si6384055wee.68.2012.04.20.07.48.34
        (version=TLSv1/SSLv3 cipher=OTHER);
        Fri, 20 Apr 2012 07:48:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of goxgoxgo@km22.hostsila.org designates 194.28.84.12 as permitted sender) client-ip=194.28.84.12;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of goxgoxgo@km22.hostsila.org designates 194.28.84.12 as permitted sender) smtp.mail=goxgoxgo@km22.hostsila.org
Received: from goxgoxgo by km22.hostsila.org with local (Exim 4.69)
(envelope-from <goxgoxgo@km22.hostsila.org>)
id 1SLF8S-0008Ps-HA
for matt.a.mead@gmail.com; Fri, 20 Apr 2012 17:48:32 +0300
To: matt.a.mead@gmail.com
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: goxgoxgox5.tk/index2.php for 88.196.63.57, 88.196.63.57
From:info@mtgox.com
Reply-To:info@mtgox.com
MIME-Version:1.0
Content-Type: text/html;
Message-Id: <E1SLF8S-0008Ps-HA@km22.hostsila.org>
Date: Fri, 20 Apr 2012 17:48:32 +0300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - km22.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [808 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - km22.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php
X-Source-Dir: goxgoxgox5.tk:/public_html

<HTML>Dear Mt.Gox user,<br>
<br>
Your account is currently pending review, please visit <a href='http://rgy543.tmweb.ru/'>https://mtgox.com/forms/verification</a><br>
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:<br>
<br>
<a href='http://rgy543.tmweb.ru/'>Security Measures Explained</a><br>
<br>
“Verified†Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.<br>
<br>
In order to apply for the “Verified†account status please attach a copy of the following documents:<br>
- Your government issued photo ID (passport, permanent residence card or driver’s license) and<br>
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.<br>
<br>
Thanks, <br>
The Mt.Gox team
</HTML>

Yes, my e-mail was leaked during the great Gox hack of 2011, so I get stuff like this every once in a while.
Mousepotato
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000


Seal Cub Clubbing Club


View Profile
April 20, 2012, 03:59:28 PM
 #2

I got this one.  IIRC, the URL in the body of the message points to a .ru domain.

Mousepotato
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
April 20, 2012, 04:53:53 PM
 #3

I got this one.  IIRC, the URL in the body of the message points to a .ru domain.
An .ru domain, what a shocker. Roll Eyes

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!