bg002h (OP)
Donator
Legendary
 Offline
Activity: 1466
Merit: 1048
I outlived my lifetime membership:)
|
 |
December 26, 2013, 11:37:42 PM
Last edit: December 27, 2013, 03:06:49 AM by bg002h |
|
I just googled bitcoin price (on wife's phone) and the sponsored link/ad at the top said it was to mtgox.com...only it wasn't, it was too mtgoox.com. The site looked like mtgox.com (even offered to switch to mobile like the real gox site does).
Does Google permit this kind of fishing?
*edit-- updated thread title
|
|
|
|
|
undeadbitcoiner
|
|
December 26, 2013, 11:46:25 PM |
|
Ads related to bitcoin price Mt.Gox exchange - mtgox.com www.mtgox.com/Mt.Gox is the world's most exchange exchange bitcoins to dollars This is the goole search result and there is no any site with mtgoox |
|
|
|
|
HeliKopterBen
|
|
December 26, 2013, 11:49:29 PM |
|
I just tried and got the result you did. This definitely needs to be fixed. Folks should always use 2fa and just to be safe, type in the full address when accessing their account: https://mtgox.comEdit: It actually went to mtgoox.org |
Counterfeit: made in imitation of something else with intent to deceive: merriam-webster
|
|
|
mobile
Sr. Member
Offline
Activity: 400
Merit: 250
the sun is shining, but the ice is still slippery
|
|
December 27, 2013, 12:13:47 AM |
|
correct me if im wrong but from my side the site seems to already be down or at least not responding. Yeah, 2fa all day everyday, case and point.
|
1 MoBi1eNbqh8QMuvtZjYzQGV8NEckJJYcT rep| GnuPG <3 CLAM <3 |
|
|
nolocimes
Newbie
Offline
Activity: 16
Merit: 0
|
|
December 27, 2013, 12:59:17 AM |
|
I don't think 2fa is enough to protect you from a mitm attack as they can accept your otp and replay it through to the real site.
Further more they could prompt you again pretending a timeout and use the second otp entry to execute a withdrawal.
only real protection is 2fa with a cpu to sign the actual activity with a private key.
cheers
|
|
|
|
|
|
Kyt Dotson
|
|
December 27, 2013, 01:10:30 AM |
|
If this is actually going on, I have a feeling that it constitutes a form of fraud and Google would remove it on complaint.
Of course, as with banking--avoid links, type it in directly to the bar. When it doubt, check the crypto auth seal. It's not going to be perfect against all forms of phishing; but it could greatly reduce the chances of accidentally exposing information.
Obviously people squatting something like mtgoox.com are also looking for typos to lead people there. Doesn't look like "mtgoox.com" resolves for me; but "mtgoox.org" appears to be a fake MtGox phishing site.
|
|
|
|
|
HeliKopterBen
|
|
December 27, 2013, 01:11:45 AM |
|
I don't think 2fa is enough to protect you from a mitm attack as they can accept your otp and replay it through to the real site.
Further more they could prompt you again pretending a timeout and use the second otp entry to execute a withdrawal.
only real protection is 2fa with a cpu to sign the actual activity with a private key.
cheers
With a mtgox yubikey, you press and hold the key for 1 second to login and press and hold the key for 3-4 seconds to issue a different OTP for withdrawals. Im not sure exactly how this works, but the withdrawal OTP looks completely different than the login OTP. That is why I prefer yubikey over other 2fa such as Google Authenticator. Although anything can happen, this should reduce the risk of a MITM. |
Counterfeit: made in imitation of something else with intent to deceive: merriam-webster
|
|
|
|
empoweoqwj
|
|
December 27, 2013, 01:11:59 AM |
|
If this is actually going on, I have a feeling that it constitutes a form of fraud and Google would remove it on complaint.
Of course, as with banking--avoid links, type it in directly to the bar. When it doubt, check the crypto auth seal. It's not going to be perfect against all forms of phishing; but it could greatly reduce the chances of accidentally exposing information.
Obviously people squatting something like mtgoox.com are also looking for typos to lead people there. Doesn't look like "mtgoox.com" resolves for me; but "mtgoox.org" appears to be a fake MtGox phishing site.
Terrible attempt at a phishing name - mtgoox.org - how bad is that  |
|
|
|
|
|
undeadbitcoiner
|
|
December 27, 2013, 01:58:10 AM |
|
correct me if im wrong but from my side the site seems to already be down or at least not responding. Yeah, 2fa all day everyday, case and point.
Same when i tried. 2fs is suggested in all your crypto account |
|
|
|
|
empoweoqwj
|
|
December 27, 2013, 02:00:00 AM |
|
I don't think 2fa is enough to protect you from a mitm attack as they can accept your otp and replay it through to the real site.
Further more they could prompt you again pretending a timeout and use the second otp entry to execute a withdrawal.
only real protection is 2fa with a cpu to sign the actual activity with a private key.
cheers
Not sure this phishing site is that sophisticated. |
|
|
|
|
bg002h (OP)
Donator
Legendary
Offline
Activity: 1466
Merit: 1048
I outlived my lifetime membership:)
|
|
December 27, 2013, 02:44:26 AM |
|
My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most... Google should not allow this... Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it. |
|
|
|
|
empoweoqwj
|
|
December 27, 2013, 03:51:16 AM |
|
My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most... Google should not allow this... Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it. Google cannot control every phishing site ............ be your own "police", take responsibility for every URL you visit. |
|
|
|
|
Stunna
Legendary
Offline
Activity: 3192
Merit: 1279
Primedice.com, Stake.com
|
|
December 27, 2013, 07:50:44 AM |
|
My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most... Google should not allow this... Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it. Google cannot control every phishing site ............ be your own "police", take responsibility for every URL you visit. I suggest everyone reports it here: http://www.google.com/safebrowsing/report_phish/Someone built a phishing site of primedice and it was eventually removed after tons of submits to google. |
|
|
|
bg002h (OP)
Donator
Legendary
Offline
Activity: 1466
Merit: 1048
I outlived my lifetime membership:)
|
|
December 27, 2013, 04:07:47 PM |
|
My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most... Google should not allow this... Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it. Google cannot control every phishing site ............ be your own "police", take responsibility for every URL you visit. To underscore the obvious: google took money to create a deceitful ad. That's poor form -- and it's trivial for them to prevent abuse of this form by enforcing link titles to match destination urls... Imagine if everyone in the world adopted the attitude you suggest...you wouldn't want paramedics duping people in an emergency  everyone is vulnerable to some degree in some situation. |
|
|
|
|
