MtGoOx.org | Bitcointalksearch.org

bg002h

donator

Activity: 1463

Merit: 1047

I outlived my lifetime membership:)

Quote from: empoweoqwj on December 26, 2013, 11:51:16 PM

Quote from: bg002h on December 26, 2013, 10:44:26 PM

My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most...

Google should not allow this...

Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it.

Google cannot control every phishing site ............ be your own "police", take responsibility for every URL you visit.

To underscore the obvious: google took money to create a deceitful ad. That's poor form -- and it's trivial for them to prevent abuse of this form by enforcing link titles to match destination urls...

Imagine if everyone in the world adopted the attitude you suggest...you wouldn't want paramedics duping people in an emergency

everyone is vulnerable to some degree in some situation.

Stunna

legendary

Activity: 3192

Merit: 1278

Primedice.com, Stake.com

Quote from: empoweoqwj on December 26, 2013, 11:51:16 PM

Quote from: bg002h on December 26, 2013, 10:44:26 PM

My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most...

Google should not allow this...

Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it.

Google cannot control every phishing site ............ be your own "police", take responsibility for every URL you visit.

I suggest everyone reports it here: http://www.google.com/safebrowsing/report_phish/

Someone built a phishing site of primedice and it was eventually removed after tons of submits to google.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: bg002h on December 26, 2013, 10:44:26 PM

My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most...

Google should not allow this...

Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it.

Google cannot control every phishing site ............ be your own "police", take responsibility for every URL you visit.

bg002h

donator

Activity: 1463

Merit: 1047

I outlived my lifetime membership:)

My bad...mtgoox.org...the link clearly says Mt. Gox exchange - mtgox.com / [Ad] www.mtgox.com / Mt. Gox is the world's most...

Google should not allow this...

Oh, to the mod that moved this...really? This isn't an accusation, it's a fact...if the forum supported modern mobile devices, I could post the screenshot to make it easier for anyone to prove...I think this thread is best in the main discussion so newbies see it.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: nolocimes on December 26, 2013, 08:59:17 PM

I don't think 2fa is enough to protect you from a mitm attack as they can accept your otp and replay it through to the real site.

Further more they could prompt you again pretending a timeout and use the second otp entry to execute a withdrawal.
only real protection is 2fa with a cpu to sign the actual activity with a private key.

cheers

Not sure this phishing site is that sophisticated.

undeadbitcoiner

sr. member

Activity: 896

Merit: 272

Undeadbitcoiner Will not DIE until 1BTC=50K

Quote from: mobile on December 26, 2013, 08:13:47 PM

correct me if im wrong but from my side the site seems to already be down or at least not responding. Yeah, 2fa all day everyday, case and point.

Same when i tried.
2fs is suggested in all your crypto account

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: Kyt Dotson on December 26, 2013, 09:10:30 PM

If this is actually going on, I have a feeling that it constitutes a form of fraud and Google would remove it on complaint.

Of course, as with banking--avoid links, type it in directly to the bar. When it doubt, check the crypto auth seal. It's not going to be perfect against all forms of phishing; but it could greatly reduce the chances of accidentally exposing information.

Obviously people squatting something like mtgoox.com are also looking for typos to lead people there. Doesn't look like "mtgoox.com" resolves for me; but "mtgoox.org" appears to be a fake MtGox phishing site.

Terrible attempt at a phishing name - mtgoox.org - how bad is that Wink

HeliKopterBen

hero member

Activity: 622

Merit: 500

Quote from: nolocimes on December 26, 2013, 08:59:17 PM

I don't think 2fa is enough to protect you from a mitm attack as they can accept your otp and replay it through to the real site.

Further more they could prompt you again pretending a timeout and use the second otp entry to execute a withdrawal.
only real protection is 2fa with a cpu to sign the actual activity with a private key.

cheers

With a mtgox yubikey, you press and hold the key for 1 second to login and press and hold the key for 3-4 seconds to issue a different OTP for withdrawals. Im not sure exactly how this works, but the withdrawal OTP looks completely different than the login OTP. That is why I prefer yubikey over other 2fa such as Google Authenticator. Although anything can happen, this should reduce the risk of a MITM.

Kyt Dotson

member

Activity: 105

Merit: 10

If this is actually going on, I have a feeling that it constitutes a form of fraud and Google would remove it on complaint.

Of course, as with banking--avoid links, type it in directly to the bar. When it doubt, check the crypto auth seal. It's not going to be perfect against all forms of phishing; but it could greatly reduce the chances of accidentally exposing information.

Obviously people squatting something like mtgoox.com are also looking for typos to lead people there. Doesn't look like "mtgoox.com" resolves for me; but "mtgoox.org" appears to be a fake MtGox phishing site.

nolocimes

newbie

Activity: 16

Merit: 0

I don't think 2fa is enough to protect you from a mitm attack as they can accept your otp and replay it through to the real site.

Further more they could prompt you again pretending a timeout and use the second otp entry to execute a withdrawal.
only real protection is 2fa with a cpu to sign the actual activity with a private key.

cheers

mobile

sr. member

Activity: 400

Merit: 250

the sun is shining, but the ice is still slippery

correct me if im wrong but from my side the site seems to already be down or at least not responding. Yeah, 2fa all day everyday, case and point.

HeliKopterBen

hero member

Activity: 622

Merit: 500

I just tried and got the result you did. This definitely needs to be fixed. Folks should always use 2fa and just to be safe, type in the full address when accessing their account: https://mtgox.com

Edit: It actually went to mtgoox.org

undeadbitcoiner

sr. member

Activity: 896

Merit: 272

Undeadbitcoiner Will not DIE until 1BTC=50K

Ads related to bitcoin price
Mt.Gox exchange - mtgox.com‎
www.mtgox.com/‎
Mt.Gox is the world's most exchange exchange bitcoins to dollars

This is the goole search result and there is no any site with mtgoox

bg002h

donator

Activity: 1463

Merit: 1047

I outlived my lifetime membership:)

I just googled bitcoin price (on wife's phone) and the sponsored link/ad at the top said it was to mtgox.com...only it wasn't, it was too mtgoox.com. The site looked like mtgox.com (even offered to switch to mobile like the real gox site does).

Does Google permit this kind of fishing?

*edit-- updated thread title

Topic: MtGoOx.org (Read 1629 times)