I got phished :'(

[redrider]

So I thought I might have logged into mt gox through tor and i read they will deactivate your account if you do so.  So when i got an email today saying my account was under review, my emotions took over and i immediately signed in somewhat expecting this.  not a second later i looked up and saw i was logging into a different site, so i got in as quick as i could and changed my pw.... but too late.  i lost the daily limit to:

17u8TRJjidQjEsf1nePbBaGcBUsRUrMwpQ

after getting phished at:

htrv5.tmweb.ru

I sent mt gox an email saying if they had a 5 min waiting period people could stop this as its obvious you have been phished when the site doesn't change after you log in.  I know its up to the user to keep their stuffs safe, but this is really too easy for perverts to get your money.

[1713967470]

1713967470

[1713967470]

1713967470

[DeathAndTaxes]

Sorry you got phished.

Many people have proposed a optional user defined waiting period.

I mean MtGox notifies you by email when a transaction occurs but if you account is compromised what good does that do.

Attacker attempts to make withdrawal.
User gets email w/ link to cancel to withdrawal.
User cancels.  No funds lost and Mt.Gox gets early notification of a potential attack. 
Withdrawal & Cancel loop on large number of accounts may indicating a more serious vulnerability.

Even if attacker changes password by having an cancel link in email prevents attacker from locking user out.  Changing email and changing "withdrawal delay" could be on a 24 hour delay.

[dropboxexpander]

Always check the domain names of the links you are clicking before logging in.

[jake262144]

So I thought I might have logged into mt gox through tor and i read they will deactivate your account if you do so.  So when i got an email today saying my account was under review, my emotions took over and i immediately signed in somewhat expecting this.  not a second later i looked up and saw i was logging into a different site, so i got in as quick as i could and changed my pw.... but too late.

Did you not check the url?
It's better never to click on links in emails but if you need to use one, make sure you and up at the expected webpage.

Sorry for your loss.

...and would you please remove the link to the phishing server from your message?
You can't know whether the fake site only collects data or also tries to infect the visiting machines and somenoob might be curious enough to actually follow your link there.

If that link was automatically discovered and formatted, do something to fool the algorithm, e.g. change replace dots with [dot]. The http:// part isn't necessary either.

[fizzisist]

Many people have proposed a optional user defined waiting period.

I mean MtGox notifies you by email when a transaction occurs but if you account is compromised what good does that do.

Attacker attempts to make withdrawal.
User gets email w/ link to cancel to withdrawal.
User cancels.  No funds lost and Mt.Gox gets early notification of a potential attack. 
Withdrawal & Cancel loop on large number of accounts may indicating a more serious vulnerability.

Even if attacker changes password by having an cancel link in email prevents attacker from locking user out.  Changing email and changing "withdrawal delay" could be on a 24 hour delay.

Yeah, I would like to see more security on Mt Gox based around email approval. There could be three options:

1) Require all withdrawals to get approval via email.
2) Require withdrawals to new locations (BTC address, Dwolla account, etc.) to get approval via email.
3) No approval needed (this would not be default, and would only be recommended for people with two-factor authentication).

Also, I love the Google based two-factor authentication that Bitcoinica uses. Much more appealing than a $30 Yubikey. If Mt Gox gave me the option to use Google Authenticator, I would enable that in a heartbeat.

[redrider]

The bot also sold the coins to market that it couldn't withdraw.  I thought that was strange but maybe it would have transferred that to a bank which I could then get some better detail on.  Probably not worth the hassle.

[redrider]

When Mt Gox got "hacked" it was curiously at a sharp bitcoin increase.  They sold everything they had at this huge increase, knowing news of them getting "hacked" would drop the prices where they and their cohorts could re-buy at pennies on the dollar.  Conveniently, this also allowed them to release all of their users email addresses, so when you buy a ton of coin, or violate their stupid terms of service they can tell their friends with your email address so they can phish you all the while having plausible deniability.  Nice scam gox fucts.

[deepceleron]

It looks like they got 21.8 BTC out of someone else's MtGox too: http://blockexplorer.com/address/17u8TRJjidQjEsf1nePbBaGcBUsRUrMwpQ

BTW Yubikey makes phishing pretty darn hard. That won't keep scumbags from trying.

http://pastebin.com/dqQQvW9a
We see the whole domain is criminals and has been for a while.

Now, what Bitcoin sites have you given that email address to?

[farfiman]

since this is becoming more and more of an issue gox really should give security to people who are asking for it...

BIP16 for mt.gox

[redrider]

It looks like they got 21.8 BTC out of someone else's MtGox too: http://blockexplorer.com/address/17u8TRJjidQjEsf1nePbBaGcBUsRUrMwpQ

BTW Yubikey makes phishing pretty darn hard. That won't keep scumbags from trying.

http://pastebin.com/dqQQvW9a
We see the whole domain is criminals and has been for a while.

Now, what Bitcoin sites have you given that email address to?

Good find.  I have given that email to no other bitcoin sites.  It was released to mt goxs cohorts when mt gox was "hacked" (said they were so they could fraud people and deny it).

Does russia not care if people are committing real crimes against people in their cuntry?  How has this host not been shut down and someone held accountable?

[max in montreal]

when I get emails like this that I think may be legit, i will click on the link and try using a bad password and see what happens...but normally legit companies never send links in an email, especially out of the blue. They ask you to just go to their site and log in from there.

as for checking the links, some are too complicated or long to be certain that it is the right one.

Read the email, close it and get on to the site like you  would normally, never use the link in an email.

[neo_rage]

Every time check address in address bar of your browser.

[B4THC4t]

So I thought I might have logged into mt gox through tor and i read they will deactivate your account if you do so.  So when i got an email today saying my account was under review, my emotions took over and i immediately signed in somewhat expecting this.  not a second later i looked up and saw i was logging into a different site, so i got in as quick as i could and changed my pw.... but too late.  i lost the daily limit to:

17u8TRJjidQjEsf1nePbBaGcBUsRUrMwpQ

after getting phished at:

htrv5.tmweb.ru

I sent mt gox an email saying if they had a 5 min waiting period people could stop this as its obvious you have been phished when the site doesn't change after you log in.  I know its up to the user to keep their stuffs safe, but this is really too easy for perverts to get your money.

IS Mt. Gox a wallet site or what???

How common is phishing??

[deepceleron]

mtgox.com is Bitcoin's largest currency exchange. Under it's previous ownership, it was hacked and the intruder stole email lists which were posted (along with simpler passwords being cracked) and made tons of fraudulent trades that had to be backed out of the system. This highlights why it is best to use one disposable email address per site (along with a unique username and password), so you can throw the address away if it gets leaked, instead of being stuck receiving spam and phishing attempts eight months later, and so there are no other accounts on other sites the hacker can compromise with the username and password.

[bulanula]

since this is becoming more and more of an issue gox really should give security to people who are asking for it...

BIP16 for mt.gox

Yeah. By the looks of things as they stand now, I will be grateful if we have this damn BIP before 2013 block reward drop

A form of multi-sig or 2 factor authentication for Bitcoin itself really would be neat but Deepbit needs to approve it first