oOoOo (OP)
|
|
September 07, 2011, 12:06:35 PM Last edit: September 08, 2011, 04:39:36 PM by oOoOo |
|
EDIT: THIS IS A FISHING ATTEMPT DO NOT FALL FOR IT (like I did )So, after not logging in on Mt Gox for a couple of weeks, suddenly, out of nowhere, I receive the following email:Dear Mt.Gox user,
Your account will be blocked for violating the rules of exchange. Details:https://www.mgtox.com/users/blocked
Thanks, The Mt.Gox team
Needless to say, I need to log in in order to access the above link, which I cannot do now. Fortunately for me, I had the foresight to not store any money on my account (less then 2 USD as far as I remember). I think this is a good example of why you shouldn't keep your money or BTC on any 3rd party sites, big or small, but rather always keep your coins on a secure device in your possession.
Have a Good Day, oOo
|
|
|
|
MiningBuddy
|
|
September 07, 2011, 12:13:46 PM |
|
That email you received was a phishing attempt to steal your mtgox user details.
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
September 07, 2011, 12:20:25 PM |
|
mgtox. Cute.
This is why you should never access critical sites through a link in the mail, and why you should check the URL of critical sites. (Though they probably got your email from the DB leak which was mtgox's fault, so...)
|
|
|
|
oOoOo (OP)
|
|
September 07, 2011, 12:23:15 PM |
|
That email you received was a phishing attempt to steal your mtgox user details.
Wed 07 Sep 2011 06:23:23 AM GMT Spent BTC bought: [tid:1315376603939518] 0.28800000 BTC at $7.39902 $2.13092 $0.00208 Yeah... luckily I never reuse passwords...
|
|
|
|
Vod
Legendary
Offline
Activity: 3892
Merit: 3166
Licking my boob since 1970
|
|
September 07, 2011, 12:38:48 PM |
|
I think this is a good example of why you shouldn't keep your money or BTC on any 3rd party sites, big or small, but rather always keep your coins on a secure device in your possession.
Many users don't have the technical skills or desire to maintain and secure their own wallet. Online services like this will always be necessary.
|
|
|
|
Furyan
|
|
September 07, 2011, 12:45:07 PM |
|
I would like to do an unofficial poll: How many users here also frequent 4chan? (To any who don't get the reference - the above image is a very popular meme on the boards at 4chan.org). (/thread hijack)
|
|
|
|
MagicalTux
VIP
Hero Member
Offline
Activity: 608
Merit: 501
-
|
|
September 07, 2011, 12:49:13 PM |
|
We try to push yubikey usage a lot, to avoid this. That's why we offered more than 1000 free yubikeys so far, and hope people understand that security is not that simple.
|
|
|
|
BitcoinPorn
|
|
September 07, 2011, 12:54:16 PM |
|
but rather always keep your coins on a secure device in your possession.
Wow, out of all people, if you fall for simple phishing emails, I believe that you need to reevaluate your stance on third parties taking care of your currencies specifically. You should not be trusted with funds of any kind using a digital medium.
|
|
|
|
oOoOo (OP)
|
|
September 07, 2011, 12:58:54 PM |
|
We try to push yubikey usage a lot, to avoid this. That's why we offered more than 1000 free yubikeys so far, and hope people understand that security is not that simple.
Yes, I realize this is not your fault. And usually I never click links in emails. However, I got this yesterday evening, I was tired and this caught me by surprise and did not look close enough. Fortunately I am somewhat experienced in security and could prevent my e-mail and other accounts from being compromised. But just to be completely sure, I am now going to change all my passwords on all bitcoin related sites. (to a 20+ digit one!) While I have none other to blame but me, this should still be a warning to everyone out there! .
|
|
|
|
oOoOo (OP)
|
|
September 07, 2011, 01:08:40 PM |
|
but rather always keep your coins on a secure device in your possession.
Wow, out of all people, if you fall for simple phishing emails, I believe that you need to reevaluate your stance on third parties taking care of your currencies specifically. You should not be trusted with funds of any kind using a digital medium. It's always easy to point fingers and troll like that. But mistakes happen and I fully admit my error. You should not feel so secure, you think you are an "expert" and something like this will NEVER happen to you, prepare for a rude awakening one day. I'd also like to point out that I did in fact prevent any significant damage by using an intelligent password scheme! But I guess you are just trolling...
|
|
|
|
aq
|
|
September 07, 2011, 01:11:12 PM |
|
We try to push yubikey usage a lot, to avoid this. That's why we offered more than 1000 free yubikeys so far, and hope people understand that security is not that simple.
How does the yubikey help in this case? I mean once the phishing site has the username, password and one yubikey code they can still login to the real mtgox.
|
|
|
|
MiningBuddy
|
|
September 07, 2011, 01:13:41 PM |
|
How does the yubikey help in this case? I mean once the phishing site has the username, password and one yubikey code they can still login to the real mtgox.
That is simply not true.
|
|
|
|
BitcoinPorn
|
|
September 07, 2011, 01:21:24 PM |
|
But I guess you are just trolling...
You guessed wrong. I do not claim to be an expert, I am giving you specifically pretty sound advice here. Don't trust yourself when it comes to these emails claiming to be from Mt. Gox at all, if you know the situations surrounding Gox and still chose to check into that email, well 'they got ya!' Be harder on yourself, change passwords often, use different passwords, don't click on links directly from emails, easy enough basic rules that if you aren't following, just bow yourself out at this point, because if the focus on security is coming down to you keeping an eye on your own wallet, well, see this thread for how that turns out when you can't follow basic rules. See this thread to get a clearer definition of the most misused word on these forums since "scammer" "I think this is a good example of why you shouldn't keep your money or BTC on any 3rd party sites, big or small, but rather always keep your coins on a secure device in your possession." Please, quit trying to troll Mt. Gox and those who enjoy third party wallet services here when clearly this is user error.
|
|
|
|
sadpandatech
|
|
September 07, 2011, 01:35:57 PM |
|
EDIT: THIS IS A FISHING ATTEMPT DO NOT FALL FOR IT (like I did )So, after not logging in on Mt Gox for a couple of weeks, suddenly, out of nowhere, I receive the following email: Dear Mt.Gox user,
Your account will be blocked for violating the rules of exchange. Details:https://www.mgtox.com/users/blocked
Thanks, The Mt.Gox team
Needless to say, I need to log in in order to access the above link, which I cannot do now. Fortunately for me, I had the foresight to not store any money on my account (less then 2 USD as far as I remember). I think this is a good example of why you shouldn't keep your money or BTC on any 3rd party sites, big or small, but rather always keep your coins on a secure device in your possession. Have a Good Day, oOo Heya m8, in order to keep from quoting little tidbits from each poster I will just reply to you here. There is one glaring problem everyone has missed so far. Details:https://www. mgtox.com/users/blocked That is why we don't use links in emails. If you clicked there and put in your login details then the phisher's have it now. EVERYONE that was on the orig leaked list should have chnaged their email they were using as well. And all others should take a little bit of time to learn about phishing in general and that it is most certainly not limited to Gox users being targets. Every bank, online financial site, stock site, etc etc has phising emails sent out to look like them in the hopes of someone not knowing to never clicky clicky in them. Check the header, check the links.(mouse over will show its usually differnt than what is displayed) On a side note, it gives us another dirty Phishers DB to fill up with bogus info. ;p *whips out the 45GB user/pass dict and gets to work Edit; Just saw your edit. :/ Not your fault just gotta be more careful. Could we please change the title to reflect that this is 'New Phish email faking Mtgox Blocked User Alert'
|
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
|
|
|
The_Duke
Sr. Member
Offline
Activity: 252
Merit: 250
Lead Core BitKitty Developer
|
|
September 07, 2011, 01:42:45 PM |
|
I would like to do an unofficial poll: How many users here also frequent 4chanthe internet? (To any who don't get the reference - the above image is a very popular meme on the boards at 4chan.org the internet). (/thread hijack) /fixed. The *real* reason why you shouldn't trust 3rd party wallets, including MtGox, is of course that at any moment in time, the host can decide to take off with your money and there's nothing you, or anyone else, can do against it.
|
NOT a member of the so called ''Bitcoin Foundation''. Choose Independence!
Donate to the BitKitty Foundation instead! -> 1Fd4yLneGmxRHnPi6WCMC2hAMzaWvDePF9 <-
|
|
|
oOoOo (OP)
|
|
September 07, 2011, 01:55:09 PM |
|
A 20+ digit password would provide no better protection. Nobody cracked your password. You gave it to the thief. Not trying to slam you just hopefully illustrating that password length of complexity wouldn't have changed this situation. If anything overly long and complex passwords mean you are more likely to share passwords and thus compromise multiple accounts.
I, of course, realize this. This incident was not a failure of awareness, it was a failure of attention! (...) clearly this is user error.
I never claimed anything but.
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
September 07, 2011, 01:56:51 PM |
|
There is one glaring problem everyone has missed so far. Details:https://www.mgtox.com/users/blocked
Everyone noticed it, and I mentioned it explicitly.
|
|
|
|
sadpandatech
|
|
September 07, 2011, 02:03:40 PM Last edit: September 07, 2011, 11:39:07 PM by sadpandatech |
|
There is one glaring problem everyone has missed so far. Details:https://www.mgtox.com/users/blocked
Everyone noticed it, and I mentioned it explicitly. So you did, *sips some more coffee*. If that had been a link I woulda clicked on it as I had not noticed you used the mgtox. *is ashamed at his poor observational skills*
|
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
|
|
|
oOoOo (OP)
|
|
September 07, 2011, 02:07:35 PM |
|
There is one glaring problem everyone has missed so far. Details:https://www.mgtox.com/users/blocked
Everyone noticed it, and I mentioned it explicitly. So you did, *sips some more coffee*. If that had been a link I woulda clicked on it has I had not noticed you used the mgtox. *is ashamed at his poor observational skills* It was a link. I did click.
|
|
|
|
Febuz
Newbie
Offline
Activity: 14
Merit: 0
|
|
September 07, 2011, 02:13:53 PM |
|
Dame another hack of Mt. Gox Message on my mail with account blocked at 3:15 Pm
My bitcoins seem to be stolen! Please take imidiate action
Dear Febuz,
There has been a withdraw from your Mt.Gox account:
Transaction reference: 1e68bbc8-2a64-42ee-b11c- ea4c62557a63 Date: 2011-09-07 14:06:28 GMT
Kind regards, Edwin
|
|
|
|
|