This is why you still shouldn't trust any 3rd party wallets. (Mt. Gox)

[oOoOo]

EDIT: THIS IS A FISHING ATTEMPT DO NOT FALL FOR IT (like I did )

So, after not logging in on Mt Gox for a couple of weeks, suddenly, out of nowhere, I receive the following email:

Dear Mt.Gox user,

Your account will be blocked for violating the rules of exchange.
Details:https://www.mgtox.com/users/blocked

Thanks,
The Mt.Gox team

Needless to say, I need to log in in order to access the above link, which I cannot do now.
Fortunately for me, I had the foresight to not store any money on my account (less then 2 USD as far as I remember).
I think this is a good example of why you shouldn't keep your money or BTC on any 3rd party sites, big or small, but rather always keep your coins on a secure device in your possession.

Have a Good Day,
oOo

[1715420351]

1715420351

[1715420351]

1715420351

[1715420351]

1715420351

[1715420351]

1715420351

[1715420351]

1715420351

[MiningBuddy]

That email you received was a phishing attempt to steal your mtgox user details.

[Meni Rosenfeld]

mgtox. Cute.

This is why you should never access critical sites through a link in the mail, and why you should check the URL of critical sites. (Though they probably got your email from the DB leak which was mtgox's fault, so...)

[oOoOo]

That email you received was a phishing attempt to steal your mtgox user details.

Wed 07 Sep 2011 06:23:23 AM GMT   Spent   BTC bought: [tid:1315376603939518] 0.28800000 BTC at $7.39902   $2.13092   $0.00208

Yeah... luckily I never reuse passwords...

[Vod]

I think this is a good example of why you shouldn't keep your money or BTC on any 3rd party sites, big or small, but rather always keep your coins on a secure device in your possession.

Many users don't have the technical skills or desire to maintain and secure their own wallet.  Online services like this will always be necessary.

[Furyan]

I would like to do an unofficial poll: How many users here also frequent 4chan?

(To any who don't get the reference - the above image is a very popular meme on the boards at 4chan.org).

(/thread hijack)

[MagicalTux]

We try to push yubikey usage a lot, to avoid this. That's why we offered more than 1000 free yubikeys so far, and hope people understand that security is not that simple.

[BitcoinPorn]

but rather always keep your coins on a secure device in your possession.

Wow, out of all people, if you fall for simple phishing emails, I believe that you need to reevaluate your stance on third parties taking care of your currencies specifically.  You should not be trusted with funds of any kind using a digital medium.

[oOoOo]

We try to push yubikey usage a lot, to avoid this. That's why we offered more than 1000 free yubikeys so far, and hope people understand that security is not that simple.

Yes, I realize this is not your fault. And usually I never click links in emails. However, I got this yesterday evening, I was tired and this caught me by surprise and did not look close enough.

Fortunately I am somewhat experienced in security and could prevent my e-mail and other accounts from being compromised. But just to be completely sure, I am now going to change all my passwords on all bitcoin related sites. (to a 20+ digit one!)

While I have none other to blame but me, this should still be a warning to everyone out there!
.

[oOoOo]

but rather always keep your coins on a secure device in your possession.

Wow, out of all people, if you fall for simple phishing emails, I believe that you need to reevaluate your stance on third parties taking care of your currencies specifically.  You should not be trusted with funds of any kind using a digital medium.

It's always easy to point fingers and troll like that. But mistakes happen and I fully admit my error. You should not feel so secure, you think you are an "expert" and something like this will NEVER happen to you, prepare for a rude awakening one day.

I'd also like to point out that I did in fact prevent any significant damage by using an intelligent password scheme!

But I guess you are just trolling...

[aq]

We try to push yubikey usage a lot, to avoid this. That's why we offered more than 1000 free yubikeys so far, and hope people understand that security is not that simple.

How does the yubikey help in this case? I mean once the phishing site has the username, password and one yubikey code they can still login to the real mtgox.

[MiningBuddy]

How does the yubikey help in this case? I mean once the phishing site has the username, password and one yubikey code they can still login to the real mtgox.

That is simply not true.

[BitcoinPorn]

But I guess you are just trolling...

You guessed wrong.  I do not claim to be an expert, I am giving you specifically pretty sound advice here.  Don't trust yourself when it comes to these emails claiming to be from Mt. Gox at all, if you know the situations surrounding Gox and still chose to check into that email, well 'they got ya!'

Be harder on yourself, change passwords often, use different passwords, don't click on links directly from emails, easy enough basic rules that if you aren't following, just bow yourself out at this point, because if the focus on security is coming down to you keeping an eye on your own wallet, well, see this thread for how that turns out when you can't follow basic rules.

See this thread to get a clearer definition of the most misused word on these forums since "scammer"

"I think this is a good example of why you shouldn't keep your money or BTC on any 3rd party sites, big or small, but rather always keep your coins on a secure device in your possession."

Please, quit trying to troll Mt. Gox and those who enjoy third party wallet services here when clearly this is user error.

[sadpandatech]

EDIT: THIS IS A FISHING ATTEMPT DO NOT FALL FOR IT (like I did )

So, after not logging in on Mt Gox for a couple of weeks, suddenly, out of nowhere, I receive the following email:

Dear Mt.Gox user,

Your account will be blocked for violating the rules of exchange.
Details:https://www.mgtox.com/users/blocked

Thanks,
The Mt.Gox team

Needless to say, I need to log in in order to access the above link, which I cannot do now.
Fortunately for me, I had the foresight to not store any money on my account (less then 2 USD as far as I remember).
I think this is a good example of why you shouldn't keep your money or BTC on any 3rd party sites, big or small, but rather always keep your coins on a secure device in your possession.

Have a Good Day,
oOo

Heya m8, in order to keep from quoting little tidbits from each poster I will just reply to you here.

There is one glaring problem everyone has missed so far. Details:https://www.mgtox.com/users/blocked

  That is why we don't use links in emails. If you clicked there and put in your login details then the phisher's have it now.
EVERYONE that was on the orig leaked list should have chnaged their email they were using as well. And all others should take a little bit of time to learn about phishing in general and that it is most certainly not limited to Gox users being targets. Every bank, online financial site, stock site, etc etc has phising emails sent out to look like them in the hopes of someone not knowing to never clicky clicky in them. Check the header, check the links.(mouse over will show its usually differnt than what is displayed)

On a side note, it gives us another dirty Phishers DB to fill up with bogus info. ;p *whips out the 45GB user/pass dict and gets to work



Edit;  Just saw your edit. :/  Not your fault just gotta be more careful. Could we please change the title to reflect that this is 'New Phish email faking Mtgox Blocked User Alert'

[The_Duke]

I would like to do an unofficial poll: How many users here also frequent 4chanthe internet?

(To any who don't get the reference - the above image is a very popular meme on the boards at 4chan.org the internet).

(/thread hijack)

/fixed.

The *real* reason why you shouldn't trust 3rd party wallets, including MtGox, is of course that at any moment in time, the host can decide to take off with your money and there's nothing you, or anyone else, can do against it.

[oOoOo]

A 20+ digit password would provide no better protection.  Nobody cracked your password.  You gave it to the thief.  Not trying to slam you just hopefully illustrating that password length of complexity wouldn't have changed this situation.  If anything overly long and complex passwords mean you are more likely to share passwords and thus compromise multiple accounts.

I, of course, realize this. This incident was not a failure of awareness, it was a failure of attention!

(...) clearly this is user error.

I never claimed anything but.

[Meni Rosenfeld]

There is one glaring problem everyone has missed so far. Details:https://www.mgtox.com/users/blocked

Everyone noticed it, and I mentioned it explicitly.

[sadpandatech]

There is one glaring problem everyone has missed so far. Details:https://www.mgtox.com/users/blocked

Everyone noticed it, and I mentioned it explicitly.

So you did, *sips some more coffee*. If that had been a link I woulda clicked on it as I had not noticed you used the mgtox. *is ashamed at his poor observational skills*

[oOoOo]

There is one glaring problem everyone has missed so far. Details:https://www.mgtox.com/users/blocked

Everyone noticed it, and I mentioned it explicitly.

So you did, *sips some more coffee*. If that had been a link I woulda clicked on it has I had not noticed you used the mgtox. *is ashamed at his poor observational skills*

It was a link. I did click.

[Febuz]

Dame another hack of Mt. Gox
Message on my mail with account blocked at 3:15 Pm

My bitcoins seem to be stolen!
Please take imidiate action

Dear Febuz,

There has been a withdraw from your Mt.Gox account:

Transaction reference: 1e68bbc8-2a64-42ee-b11c-
ea4c62557a63
Date: 2011-09-07 14:06:28 GMT


Kind regards,
Edwin