Bitcoin Forum
December 04, 2016, 12:02:02 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: mtgoxx.tk phishing scam - Hold on to your Bitcoins!  (Read 1072 times)
Mr.Bitcoin
Jr. Member
*
Offline Offline

Activity: 34


MrBitcoin.com


View Profile WWW
August 30, 2011, 07:27:38 PM
 #1

Maybe there's another post about this on the forum, but I couldn't find one.

I got this in an email:
Quote
Dear Mt.Gox user,

Your account will be blocked for violating the rules of exchange.
Details: https://www.mtgox.com/users/blocked

Thanks,
The Mt.Gox team

Really? I haven't traded anything on MtGox yet. Maybe Not trading is a violation!

From line reads: info@mtgox.com via xm33.hostsila.org
That's tip #1 it is a scam

Click the link in the email and it takes you to http://mtgooxx.tk/users/blocked
Big tip off #2... Really? TLD for Tokelau? Two xx's? Lame sauce.

Anyway, enter your account details and watch your Bitcoins disappear.
Mr. Btc.

0100110101110010010000100110100101110100010000110110111101101001011011100010111 0011000110110111101101101
1480809722
Hero Member
*
Offline Offline

Posts: 1480809722

View Profile Personal Message (Offline)

Ignore
1480809722
Reply with quote  #2

1480809722
Report to moderator
1480809722
Hero Member
*
Offline Offline

Posts: 1480809722

View Profile Personal Message (Offline)

Ignore
1480809722
Reply with quote  #2

1480809722
Report to moderator
1480809722
Hero Member
*
Offline Offline

Posts: 1480809722

View Profile Personal Message (Offline)

Ignore
1480809722
Reply with quote  #2

1480809722
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480809722
Hero Member
*
Offline Offline

Posts: 1480809722

View Profile Personal Message (Offline)

Ignore
1480809722
Reply with quote  #2

1480809722
Report to moderator
1480809722
Hero Member
*
Offline Offline

Posts: 1480809722

View Profile Personal Message (Offline)

Ignore
1480809722
Reply with quote  #2

1480809722
Report to moderator
1480809722
Hero Member
*
Offline Offline

Posts: 1480809722

View Profile Personal Message (Offline)

Ignore
1480809722
Reply with quote  #2

1480809722
Report to moderator
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
August 30, 2011, 07:31:14 PM
 #2

Several of these have been going around with different destination URLs.
ErgoOne
Full Member
***
Offline Offline

Activity: 126


View Profile
August 31, 2011, 01:57:55 AM
 #3

I also got what I *think* was a legitimate warning about phishes from Mt. Gox.  Unfortunately I was sent from an IP that I couldn't connect via SPF, DKIM or rDNS to mtgox.com (the legitimate Mt. Gox domain).  If this was sent by Mt. Gox, they need to set up their outgoing email properly.  If not, then people need to be aware that some phishes do appear to be warnings about phishing sent by your bank or financial institution.  I didn't check this email carefully for a phish URL.

m0w3r
Full Member
***
Offline Offline

Activity: 132


View Profile
August 31, 2011, 02:54:06 AM
 #4

Can they get through the yubikey protection through phishing (i.e. even if I hypothetically foolishly enter my mtgox password)?
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
August 31, 2011, 03:04:56 AM
 #5

Can they get through the yubikey protection through phishing (i.e. even if I hypothetically foolishly enter my mtgox password)?

I would guess so, if you also enter the Yubikey code. (I am not very familiar with Yubikey's operation, though.)

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
ErgoOne
Full Member
***
Offline Offline

Activity: 126


View Profile
August 31, 2011, 03:13:36 AM
 #6

If Yubikey works anything like RSA SecureID does, then no, they couldn't break in without the key itself.  (At least not unless the whole Yubikey infrastructure had been compromised, which as best anyone knows, it has not.)

<security rant> 

HOWEVER....  You should *never* click a link in any email sent by any business to access their web site.   Unless you're technically sophisticated enough to check the source of an email (most people who don't run their own mail servers are not), you won't always be able to tell a phish from the real thing.  Instead, go to their home page from the URL you saved in your bookmarks, or type the web site URL into your browser's address box. 

You should also not discuss your financial information with somebody who calls you on the phone, even if that person claims to be from a bank, financial institution, or business you use unless you know the caller personally and can recognize their voice on the phone.  Instead, get their name, hang up, call 411 or look up the main phone number to that bank, call it, and ask for them.  When you call them, you know you're talking with somebody at the business and not some scammer who stole a database and got your private information. :/

</security rant>

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
August 31, 2011, 03:27:46 AM
 #7

Here's a PhishTank submission again:
http://www.phishtank.com/phish_detail.php?phish_id=1264644

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!