Topic: BEWARE hackers sending email from mtgox account itself to hack your account (Read 2684 times)

I really don't know what to say.
While you "nhodges" tired to explain it is genuine only, but mtgox send a reply to my ticket which is complete BS.
As i didn't receive any attachments with my email from mtHOX, still mtHOX replied me not to open the rar file.

I am really confused now & searched for the rar file for 30 minutes & come to conclusion that mtgox getting worst than DISHWARA.

I'm not saying you're creating fear, I'm saying you're propagating a culture of fear by not doing proper fact-checking and running around like a chicken with its head cut off. :] No worries, you don't have to get offended, it seems we've established the truth here.

DON'T say i am causing fear.
Its not my fault for mtgox coding poorly & creating fear.
Due to their poor coding one security breach took down the site to almost a week.
Mtgox CREATES fear by poor coding , not me.

servername@ip-##-###-##-###.ip.secureserver.net is what my mail server sends as if I do not properly configure mail headers in my code.

http://www.who.is/nameserver/ns1.xta.net/

Several legitimate Bitcoin websites use nameservers @ XTA.NET, namely bitcoincharts.com, which I believe is on the same servers as Mt. Gox. Due to the known poor coding we've seen @ Mt. Gox the past several weeks, I wouldn't put it past them to not properly configure mail headers.

I'm not saying this email is FOR SURE a real forgotten password EMAIL, I'm just saying it's DEFINITELY going to the correct "forgotten password" LINK.

All I'm saying is do your homework before you subject yourself and the masses to a culture of fear.

[ Edit: I pulled up their original email that they sent out informing users about their security breach, the email headers state the originating address to be the same one you posted, check it out: http://pastebin.com/PWdCpmbG ]

You saying "[email protected]" is genuine address & it belongs to mtgox ?

I think that's a real email, that's just a hostmask for a generic server, it looks like their mail functions aren't configured properly ... that link goes the real/valid claim address. Someone's just trying to recover your account.

IF YOU RECEIVE EMAILS FROM [email protected], be sure to check out it full form.
In Gmail, you will only see name in GREEN with hide details.
Until you click show details, you can't see email address.

2 days ago, i got email from mtgox that some one wants to reset my password.
I clicked the clink, but did nothing.
Then, i replied to mtgox that i didn't asked password reset request & also the request asked from an ip address which is in no way has connection with me.

I got reply from mail delivery subsystem, which MUST NOT happen.
coz, mail delivery subsystem replies ONLY, if the receiver email is not valid.
mtgox email address is valid.

I looked the email header using show details & found out this address *[email protected]* <[email protected]>

I also sent this email to [email protected], which is the real email of mtgox & they registered complaint & gave me a ticket.

SO IF YOU RECEIVE EMAIL FROM MTGOX OR ANY OTHER EXCHANGE OR SITE WHICH DEALS WITH MONEY, DO MORE THAN DOUBLE CHECK, CONFIRM THAT IT IS FROM GENUINE SITE BEFORE REPLYING.

Screenshot with hide & show details.






This is the email conversation



Forwarded conversation
Subject: [Mt.Gox] Password recovery
------------------------

From: *[email protected]* <[email protected]>
Date: Mon, Jun 27, 2011 at 7:33 AM
To: dishwara <[email protected]>

Dear dishwara,

On Mon 27 Jun 2011 11:03:40 AM JST your asked for a password recovery.

If you didn't make this request yourself, you can inform us by replying to
this email. If you did, you can use the link below to have your password
reset.

Your login: xxxxxxxx

The password reset key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

https://claim.mtgox.com/forgot_login?login=xxxxxxxxx&password_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Best regards,
Mt.Gox team
[email protected]

The request was made from:
IP: 188.165.193.7
Browser: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
.NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)

----------
From: *dishwara* <[email protected]>
Date: Mon, Jun 27, 2011 at 12:17 PM
To: "[email protected]" <[email protected]>

Hi,

I confirm that I DID NOT REQUEST password reset.
The IP address IP: 188.165.193.7 is 100% fucking hacker/cracker IP.
Please block that IP.

Thank you for informing me & also asked to reply me confirming i didn't try
to reset password.
dishwara

----------
From: *Mail Delivery Subsystem* <[email protected]>
Date: Tue, Jun 28, 2011 at 2:04 PM
To: [email protected]

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:
Message will be retried for 2 more day(s)

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at
http://mail.google.com/support/bin/answer.py?answer=7720
[w001.mo.us.xta.net (1): Connection refused]

----- Original message -----

MIME-Version: 1.0
Received: by 10.205.35.1 with SMTP id su1mr4005398bkb.129.1309157251194;
Sun,
26 Jun 2011 23:47:31 -0700 (PDT)
Received: by 10.204.78.78 with HTTP; Sun, 26 Jun 2011 23:47:31 -0700 (PDT)
In-Reply-To: <[email protected]>
References: <[email protected]>
Date: Mon, 27 Jun 2011 12:17:31 +0530
Message-ID:
Subject: Re: [Mt.Gox] Password recovery
From: dishwara <[email protected]>
To: "[email protected]" <[email protected]>
Content-Type: multipart/alternative; boundary=bcaec52c64dfe9a0bf04a6abec17