Just now I received an email, reads this:
Dear Mt.Gox user,
Your account will be blocked for violating the rules of exchange.
The Mt.Gox team
The link will direct you to http://www.mtgzx.tk/users/blocked
It's a frame webpage with inner URL of http://ewf43wef.tmweb.ru/
If you enter your password, it will record it down and redirect you to the real Mt. Gox login page. So you may not have realized the problem if you typed your password again and got in.Do enter your real password. You're welcomed to enter fake passwords!
I have set up a bot to randomly generate real-looking usernames and passwords like:
(There are ten different formats with a lot of random uncertainty. I'm sure that the attacker can't filter them algorithmically even if I publicize these two examples. So don't worry.)
These fake usernames will be sent to the phishing login every few seconds from various IP addresses.
I encourage other developers to do the same, using your own random formats. Let's start the phishing-baiting game, and waste their time!