This is why you still shouldn't trust any 3rd party wallets. (Mt. Gox)

[the founder]

This is exactly why Flexcoin has a STRICT no links in e-mail policy.

If you get a link in an e-mail claiming to be from Flexcoin,  it's not legit.   We do not send out links in any e-mails.  Period.

Why Mt.Gox, Tradehilll and others didn't follow our lead is mind boggling.   Every bitcoin site should follow this policy as it completely removes the threat of phishing attacks as it's well known that our policy is no links, or images in e-mails.

I'd be even better if all you guys started OpenPGP-signing communications.  That makes it easy for people who care to verify the origin.

That's too complicated for Grandma to use.  I am not sure about the Exchange's mission... but flexcoin's goal is to have widespread adoption of bitcoin's .. that means making it simple to use.   I doubt Grandma is going to be using OpenPGP ..

[legolouman]

This is exactly why Flexcoin has a STRICT no links in e-mail policy.

If you get a link in an e-mail claiming to be from Flexcoin,  it's not legit.   We do not send out links in any e-mails.  Period.

Why Mt.Gox, Tradehilll and others didn't follow our lead is mind boggling.   Every bitcoin site should follow this policy as it completely removes the threat of phishing attacks as it's well known that our policy is no links, or images in e-mails.

I'd be even better if all you guys started OpenPGP-signing communications.  That makes it easy for people who care to verify the origin.

That's too complicated for Grandma to use.  I am not sure about the Exchange's mission... but flexcoin's goal is to have widespread adoption of bitcoin's .. that means making it simple to use.   I doubt Grandma is going to be using OpenPGP ..

I also doubt Grandma will be using BTC. 99% of us are either geeks, or have everything managed by geeks. OpenPGP is a great way of authenticating, but so is the "no emails" policy. One obvious thing is there is only mtgox.com or etc. Just read the actual URL you are on, straight forward.

[kgo]

This is exactly why Flexcoin has a STRICT no links in e-mail policy.

If you get a link in an e-mail claiming to be from Flexcoin,  it's not legit.   We do not send out links in any e-mails.  Period.

Why Mt.Gox, Tradehilll and others didn't follow our lead is mind boggling.   Every bitcoin site should follow this policy as it completely removes the threat of phishing attacks as it's well known that our policy is no links, or images in e-mails.

I'd be even better if all you guys started OpenPGP-signing communications.  That makes it easy for people who care to verify the origin.

That's too complicated for Grandma to use.  I am not sure about the Exchange's mission... but flexcoin's goal is to have widespread adoption of bitcoin's .. that means making it simple to use.   I doubt Grandma is going to be using OpenPGP ..

Well yes, Grandma isn't going to use OpenPGP, but she'll just ignore the sig.  Just like my mom, a grandma, does when I send her emails since I sign everything.  MagicalTux had a good point that someone who uses OpenPGP regularly probably wouldn't fall for a blatant phishing attempt.  But still, whenever I get an email about a security risk from an exchange, I currently need to double-check headers to verify it's validity.  It would be nice if I could let Enigmail do the work for me.

[kokojie]

What The Fuck? I thought bitcoin users are pretty advanced users of technology, yet here we have multiple people fell for a simple phishing email. (btw I received the same phishing email today, laughed at it for a second, then threw it in the trash folder).

[Meni Rosenfeld]

This is exactly why Flexcoin has a STRICT no links in e-mail policy.

If you get a link in an e-mail claiming to be from Flexcoin,  it's not legit.   We do not send out links in any e-mails.  Period.

Why Mt.Gox, Tradehilll and others didn't follow our lead is mind boggling.   Every bitcoin site should follow this policy as it completely removes the threat of phishing attacks as it's well known that our policy is no links, or images in e-mails.

I'd be even better if all you guys started OpenPGP-signing communications.  That makes it easy for people who care to verify the origin.

That's too complicated for Grandma to use.  I am not sure about the Exchange's mission... but flexcoin's goal is to have widespread adoption of bitcoin's .. that means making it simple to use.   I doubt Grandma is going to be using OpenPGP ..

Well yes, Grandma isn't going to use OpenPGP, but she'll just ignore the sig.  Just like my mom, a grandma, does when I send her emails since I sign everything.  MagicalTux had a good point that someone who uses OpenPGP regularly probably wouldn't fall for a blatant phishing attempt.  But still, whenever I get an email about a security risk from an exchange, I currently need to double-check headers to verify it's validity.  It would be nice if I could let Enigmail do the work for me.

Grandma doesn't need to know she is using OpenPGP, anymore than she needs to know PayPal is using a Verisign extended validation SSL certificate. All she needs is the mail client to tell her "this message is legitimate" and the browser to tell her "this website is legitimate".

What The Fuck? I thought bitcoin users are pretty advanced users of technology, yet here we have multiple people fell for a simple phishing email. (btw I received the same phishing email today, laughed at it for a second, then threw it in the trash folder).

There's no Certified Advanced User of Technology (CAUT) training. People can be "advanced" and yet have gaps in knowledge in some areas, such as security. Also, even CAUTs with the necessary knowledge make mistakes.

Also, if people who are not advanced users of technology are using Bitcoin, that's a good thing.

[Oldminer]

lol great thread

~hover~

[nmat]

Bitmarket.eu requires email confirmation to change the BTC withdrawal address. I like this feature. Does anyone know why none of the other exchanges have it?

[The_Duke]

This is exactly why Flexcoin has a STRICT no links in e-mail policy.

If you get a link in an e-mail claiming to be from Flexcoin,  it's not legit.   We do not send out links in any e-mails.  Period.

Why Mt.Gox, Tradehilll and others didn't follow our lead is mind boggling.   Every bitcoin site should follow this policy as it completely removes the threat of phishing attacks as it's well known that our policy is no links, or images in e-mails.

You are the most convincing troll ever. You almost had me believing that you were a pompous, arrogant, self absorbed ('The founder'? really?) twit suffering from delusions of grandeur, but this time you broke routine by trying to claim that you-- not eBay, Paypal, Bank of America, or any other business predating Bitcoin-- were the one who came up with this idea. Oh wait, you really ARE that way in real life. Holy fuck.

Do you want to know why no one will follow your lead-- ever? Because you're desperate, untalented and delusional. FlexCoin could have been a real service with real customers under the following conditions:

1) MyBitcoin.com didn't explode a mountain of diarrhea on the entire community;

2) Your "bank" that is supposed to "lead" Mt. Gox and Tradehill wasn't just a Wordpress template ('Lexington Theme').

3) You weren't you.


Seriously, accept what I've already accepted-- that I have no chance of creating anything intelligent and successful ever so long as I represent my projects. Step down as owner of FlexCoin and work on damage control.

Jesus christ, someone had to say it.

TRO...no wait... he's right.

[nmat]

Did I miss something? Wasn't this thread about MtGox phishing emails and countermeasures? 

Matthew N. Wright, you should open a new thread to trash people individually. It's common practice here at the forums.

[oOoOo]

What The Fuck? I thought bitcoin users are pretty advanced users of technology, yet here we have multiple people fell for a simple phishing email. (btw I received the same phishing email today, laughed at it for a second, then threw it in the trash folder).

Yes, you say this right now, while you are fully aware. I've gotten 100s of similar spam e-mails over the years (fake ebay, fake paypal etc.) and always laughed them off.

The problem is I got this mtgox fake mail at a time I just got home from a long day at work (I work in manual labor!) and I wasn't at it 100%.

See, at any other point in time this wouldn't have happened. This just got me at the wrong time. Stupid, I know, but what can you do?
.

[Vladimir]

Due to breach of trust and gross negligence by Sirius and Theymos who recklessly transferred my private and personal data on this forum to a Japaneze company without my permission I am leaving this forum and deleting all my posts. Goodbye.

[BitcoinPorn]

lol, oh my.  I always find the Flexcoin happening to find a way to promote in the worst situations for others sad, this is all new levels of Flexcoin sadness I never even checked into.

See, at any other point in time this wouldn't have happened. This just got me at the wrong time. Stupid, I know, but what can you do?.

Quit being an ass and change the title of the thread to reflect the reality instead of singling out "Mt Gox" giving an impression that they did something here.  Quit trolling.   Forums have the ability to edit posts just for this reason and you seem to be straight up refusing to at this time.  Not sure why you called me a troll because all it did was make me notice how bad you are trolling and still are.  Every post you make and leave this initial one unchanged is nearly an attack, as at this point you have even acknowledged fault.

[The_Duke]

Note how all this was obvious long before "mybitcoin" incident.

Can you point us to one of your posts where you warned people about this "obvious" risk in storing your bitcoins at mybitcoin (or MtGox, or TH for that matter)? If you can't than this was just another captain-hindsight post.

[Vladimir]

Due to breach of trust and gross negligence by Sirius and Theymos who recklessly transferred my private and personal data on this forum to a Japaneze company without my permission I am leaving this forum and deleting all my posts. Goodbye.

[The_Duke]

Note how all this was obvious long before "mybitcoin" incident.

Can you point us to one of your posts where you warned people about this "obvious" risk in storing your bitcoins at mybitcoin (or MtGox, or TH for that matter)? If you can't than this was just another captain-hindsight post.

Here you go my friend. https://bitcointalk.org/index.php?topic=20427.msg255690#msg255690 It is directed to another person, but in a scenario of some early idea of anonymous person handling someone else's bitcoins.

That is also in hindsight of someone getting his mybitcoin account compromised. Where have you been actively telling people NOT to use 3rd party wallets? Going "I told you so" only works if you actually told people so.

[the founder]

Did I miss something? Wasn't this thread about MtGox phishing emails and countermeasures?  

Matthew N. Wright, you should open a new thread to trash people individually. It's common practice here at the forums.

I was under the impression this thread was an attack based on personal error, followed by a retraction, and then beating up of said attacker, but in looking at the title "This is why you still shouldn't trust any 3rd party wallets." it's pretty clear that my trashing of FlexCoin, a "3rd party wallet" site is warranted.

Apologies for the explosion. It has been building since his first post, which was 362 posts ago. I vote that we take all my aggression towards 'the founder' quantified by the running post count to back Bitcoin. Since he's bound to spam FlexCoin in each and every thread he participates in, the value can only go up UP UP!

Matt,  seriously get off your high horse...  Troll somewhere else...   Lexicon theme was developed internally for the blogging side. We built it internally... I hope you understand that...  then of course we offered it on a theme site for additional revenue.  

The banking area is not based on wordpress.. but you wouldn't know that because you only know how to bash but not research?  The chances are you don't even have an account to be educated enough on how the system works.   So No your trashing isn't warranted...   not even close.

Whatever... I don't care much at all what you say.. we're building a service.. don't use it...  In fact it appears that most of your posts are attacking people personally..  I just happened to be the next one in line.  

If you must know, I found the title offensive because it's not all 3ed party wallets,  it was Mt.Gox that DIDN'T follow the proper procedure in my opinion (no links).

Start your own bitcoin business then...  hopefully I'll find your posts somewhere and bash you for kicks.

Apologize without explaining yourself, and let us all get back to picking on FlexCoin.

Actually I would like to start picking on you... after researching your posts it appears that the majorty of them are bashing and not contributing?   

Seriously are you EVER going to help the bitcoin community or just run around trolling?   Seriously Matthew N. Wright do you have anything to contribute?

[the founder]

I also doubt Grandma will be using BTC. 99% of us are either geeks, or have everything managed by geeks. OpenPGP is a great way of authenticating, but so is the "no emails" policy. One obvious thing is there is only mtgox.com or etc. Just read the actual URL you are on, straight forward.

I know man.. but I think that's the problem.  We have to widen the appeal of the technology to spread beyond us to reach sustainability. All the bitcoin services and the default client need to be easy to use and easy to understand.

[oOoOo]

Quit being an ass and change the title of the thread to reflect the reality instead of singling out "Mt Gox" giving an impression that they did something here.  Quit trolling.   Forums have the ability to edit posts just for this reason and you seem to be straight up refusing to at this time.  Not sure why you called me a troll because all it did was make me notice how bad you are trolling and still are.  Every post you make and leave this initial one unchanged is nearly an attack, as at this point you have even acknowledged fault.

There. You happy now?? What you wanna do me next? Bend over?!?! lol

/trololol

p.s. I aint gonna delete that post, gonna stay there for reference.

bye,
oOo

[Xiong Zhuang]

We try to push yubikey usage a lot, to avoid this. That's why we offered more than 1000 free yubikeys so far, and hope people understand that security is not that simple.

I recieve a mail about free yubikey yesterday, I thought it's another phishing mail at first. Thanks you very much!

Did you get my PM? I really need your help.