So I have received two baited emails in the last two days. I am only going to guess that the crackers are using the leaked db emails from the security failure in gox from a while back, and many other people should watch out for them.
email@example.com via km33.hostsila.org
11:29 PM (11 hours ago)
Dear Mt.Gox user,
Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:
Security Measures Explained <-- (this links to a fake login at http://f3w4twfe.tmweb.ru/)
'Verified' Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.
In order to apply for the 'Verified' account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or drivers license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.
The Mt.Gox team
And yesterday's email (if you click the link it will bring you to a page which has an auto-download for a likely infected xls file):
firstname.lastname@example.org via carens.websitewelcome.com
11:45 AM (22 hours ago)
Invitation to ecurrency conference.
Please let us know if you interested.
Thanks & Regards
I am sure they will send many more messages trying to infect my machine or reveal my gox password (amusingly I have never had any money in gox). Just watch out, and be suspicious of all emails.
If anyone feels semi-vigilantie, feel free to whois the domains and track down the ips to shut down these sites. I am a little geek-overloaded with other stuff today.