Bitcoin Forum
August 21, 2017, 06:02:25 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Fake Mt. Gox emails  (Read 1341 times)
PrintCoins
Hero Member
*****
Offline Offline

Activity: 535


View Profile
May 25, 2012, 05:38:40 PM
 #1

So I have received two baited emails in the last two days. I am only going to guess that the crackers are using the leaked db emails from the security failure in gox from a while back, and many other people should watch out for them.

Today's email:
Code:
info@mtgox.com via km33.hostsila.org
11:29 PM (11 hours ago)
Reply
to me
Dear Mt.Gox user,

Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:

Security Measures Explained <-- (this links to a fake login at http://f3w4twfe.tmweb.ru/)

'Verified' Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.

In order to apply for the 'Verified' account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or drivers license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.

Thanks,
The Mt.Gox team

And yesterday's email (if you click the link it will bring you to a page which has an auto-download for a likely infected xls file):

Code:
info@ecurrencyinfo.net via carens.websitewelcome.com
11:45 AM (22 hours ago)
Reply
to me

Invitation to ecurrency conference.

http://asiaelektronik.com/docs/processdl.html

Please let us know if you interested.

Thanks & Regards

I am sure they will send many more messages trying to infect my machine or reveal my gox password (amusingly I have never had any money in gox). Just watch out, and be suspicious of all emails.

If anyone feels semi-vigilantie, feel free to whois the domains and track down the ips to shut down these sites. I am a little geek-overloaded with other stuff today.

1503338545
Hero Member
*
Offline Offline

Posts: 1503338545

View Profile Personal Message (Offline)

Ignore
1503338545
Reply with quote  #2

1503338545
Report to moderator
1503338545
Hero Member
*
Offline Offline

Posts: 1503338545

View Profile Personal Message (Offline)

Ignore
1503338545
Reply with quote  #2

1503338545
Report to moderator
1503338545
Hero Member
*
Offline Offline

Posts: 1503338545

View Profile Personal Message (Offline)

Ignore
1503338545
Reply with quote  #2

1503338545
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
boonies4u
Hero Member
*****
Offline Offline

Activity: 826



View Profile
May 25, 2012, 06:21:05 PM
 #2

So I have received two baited emails in the last two days. I am only going to guess that the crackers are using the leaked db emails from the security failure in gox from a while back, and many other people should watch out for them.

Today's email:
Code:
info@mtgox.com via km33.hostsila.org
11:29 PM (11 hours ago)
Reply
to me
Dear Mt.Gox user,

Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:

Security Measures Explained <-- (this links to a fake login at http://f3w4twfe.tmweb.ru/)

'Verified' Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.

In order to apply for the 'Verified' account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or drivers license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.

Thanks,
The Mt.Gox team

And yesterday's email (if you click the link it will bring you to a page which has an auto-download for a likely infected xls file):

Code:
info@ecurrencyinfo.net via carens.websitewelcome.com
11:45 AM (22 hours ago)
Reply
to me

Invitation to ecurrency conference.

http://asiaelektronik.com/docs/processdl.html

Please let us know if you interested.

Thanks & Regards

I am sure they will send many more messages trying to infect my machine or reveal my gox password (amusingly I have never had any money in gox). Just watch out, and be suspicious of all emails.

If anyone feels semi-vigilantie, feel free to whois the domains and track down the ips to shut down these sites. I am a little geek-overloaded with other stuff today.

Pretty much the leaked Database has become "The" mailing list when it comes to bitcoins. I've received my fair share of fake MtGox emails, spam, and typical newsletter/PSO mail.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
May 25, 2012, 06:55:26 PM
 #3

I don't think so. I have my email in that leaked database and never ever got one of those  Undecided

Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
May 25, 2012, 07:11:32 PM
 #4

I don't think so. I have my email in that leaked database and never ever got one of those  Undecided

Same, receive no spam at my gmail, word.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
May 25, 2012, 07:29:16 PM
 #5

I don't think so. I have my email in that leaked database and never ever got one of those  Undecided

Same, receive no spam at my gmail, word.

Ah... Mistery solved. Gmail flushes them and they don't even reach the spam folder. Mine is a gmail also.

n0ne
Hero Member
*****
Offline Offline

Activity: 574


S O C I A L


View Profile WWW
May 25, 2012, 10:18:59 PM
 #6

I got one these. Phishing Reported! Cool

Mt.Gox_Natalie
Member
**
Offline Offline

Activity: 69



View Profile
May 26, 2012, 01:29:45 AM
 #7

So I have received two baited emails in the last two days. I am only going to guess that the crackers are using the leaked db emails from the security failure in gox from a while back, and many other people should watch out for them.

Today's email:
Code:
info@mtgox.com via km33.hostsila.org
11:29 PM (11 hours ago)
Reply
to me
Dear Mt.Gox user,

Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:

Security Measures Explained <-- (this links to a fake login at http://f3w4twfe.tmweb.ru/)

'Verified' Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.

In order to apply for the 'Verified' account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or drivers license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.

Thanks,
The Mt.Gox team

And yesterday's email (if you click the link it will bring you to a page which has an auto-download for a likely infected xls file):

Code:
info@ecurrencyinfo.net via carens.websitewelcome.com
11:45 AM (22 hours ago)
Reply
to me

Invitation to ecurrency conference.

http://asiaelektronik.com/docs/processdl.html

Please let us know if you interested.

Thanks & Regards

I am sure they will send many more messages trying to infect my machine or reveal my gox password (amusingly I have never had any money in gox). Just watch out, and be suspicious of all emails.

If anyone feels semi-vigilantie, feel free to whois the domains and track down the ips to shut down these sites. I am a little geek-overloaded with other stuff today.

Hello,

Thank you for the phishing report.  We have already reported this phishing site to have it shut down.  Thank you once again for the continued support to Mt.Gox.
flatfly
Legendary
*
Offline Offline

Activity: 994


View Profile
May 26, 2012, 08:09:02 AM
 #8

I don't think so. I have my email in that leaked database and never ever got one of those  Undecided

Same, receive no spam at my gmail, word.

Ah... Mistery solved. Gmail flushes them and they don't even reach the spam folder. Mine is a gmail also.

Just curious, how did you determine that Gmail deletes them automatically?

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
May 26, 2012, 08:54:03 AM
 #9

I don't think so. I have my email in that leaked database and never ever got one of those  Undecided

Same, receive no spam at my gmail, word.

Ah... Mistery solved. Gmail flushes them and they don't even reach the spam folder. Mine is a gmail also.

Just curious, how did you determine that Gmail deletes them automatically?

The same way Gmail determined that I should change my password 10 minutes after the leaked MtGox database got posted.
You really think it's a coincidence that everybody who's on the leaked database gets MtGox phishing emails, except Gmail users?
And, yes, I'm sure they're not in the spam folder because I have the terrible habit of checking it every day, so they must have been deleted.
Or will you go as far as saying that the phisher skips my email(and Clipse's for that matter) just because I'm a nice guy? lol
Also, it's not cost efective to send MtGox phishing emails to emails scraped from the web, or from a completely unrelated list as it will significantly increase exposure to spam filters, thus lowering inboxing rates, while having a very low hit rate of potential victims. I can understand if they do that with paypal phishing emails, but not with MtGox.

I always got bugged why wasn't I getting those emails, but now that I see other Gmail user confirming he doesn't get those emails also I just added 2+2.

repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
May 26, 2012, 11:21:01 AM
 #10

Thread by theymos about the e-currency conference invitation email (don't know why it's hidden away in Off-Topic).

https://bitcointalk.org/index.php?topic=83496.0

It's a trojan, as per ZodiacDragon's post in the other thread.

Quote
Trojan.Generic.KDV.102762 is a trojan that captures keystrokes and steals login credentials through a method known as form grabbing. It sends captured data to a remote attacker and is capable of downloading additional malicious components.

https://bitcointalk.org/index.php?topic=83496.msg920797#msg920797

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!