Bitcoin Forum>Bitcoin>Bitcoin Discussion
Author

Topic: MtGox spoof mail+site (Read 2180 times)

helloworld
sr. member
Activity: 266
Merit: 250
MtGox spoof mail+site
August 28, 2011, 03:39:10 AM
#16
Quote from: EricJ2190 on August 28, 2011, 01:28:29 AM
I received a response from the hosting company from which the email originated stating that the account has been closed. Unfortunately, the phishing site itself seems to be hosted elsewhere (fwef33.tmweb.ru.)

Am I the only person that got redirected to a Romanian blog? What's the problem if the link no longer goes to the phishing site?
Maged
legendary
Activity: 1204
Merit: 1015
Re: MtGox spoof mail+site
August 28, 2011, 02:52:26 AM
#15
Looks like Firefox is blocking it now.  Smiley
EricJ2190
full member
Activity: 134
Merit: 102
Re: MtGox spoof mail+site
August 28, 2011, 01:28:29 AM
#14
I received a response from the hosting company from which the email originated stating that the account has been closed. Unfortunately, the phishing site itself seems to be hosted elsewhere (fwef33.tmweb.ru.)
NothinG
hero member
Activity: 560
Merit: 500
Re: MtGox spoof mail+site
August 28, 2011, 12:30:06 AM
#13
Quote from: theymos on August 28, 2011, 12:03:02 AM
Quote from: NothinG on August 27, 2011, 11:28:16 PM
Seems they are lurkers...

I think it's just difficult for PhishTank users unfamiliar with Bitcoin to decide whether this is a real site or a phish.

Looks like we are winning.
theymos
administrator
Activity: 5166
Merit: 12850
Re: MtGox spoof mail+site
August 28, 2011, 12:03:02 AM
#12
Quote from: NothinG on August 27, 2011, 11:28:16 PM
Seems they are lurkers...

I think it's just difficult for PhishTank users unfamiliar with Bitcoin to decide whether this is a real site or a phish.
NothinG
hero member
Activity: 560
Merit: 500
Re: MtGox spoof mail+site
August 27, 2011, 11:28:16 PM
#11
Quote from: theymos on August 27, 2011, 11:26:16 PM
I submitted it to PhishTank:
http://www.phishtank.com/phish_detail.php?phish_id=1262006&frame=details
Vote for its confirmation if you have a PhishTank account.

Seems they are lurkers...
theymos
administrator
Activity: 5166
Merit: 12850
Re: MtGox spoof mail+site
August 27, 2011, 11:26:16 PM
#10
I submitted it to PhishTank:
http://www.phishtank.com/phish_detail.php?phish_id=1262006&frame=details
Vote for its confirmation if you have a PhishTank account.
SomeoneWeird
hero member
Activity: 700
Merit: 500
Re: MtGox spoof mail+site
August 27, 2011, 10:29:57 PM
#9
Quote from: Tasty Champa on August 27, 2011, 10:28:27 PM
could tell MagicalTux or someone over there about what fake info you reply with,
(just put in legit looking info)
then could use that to possibly identify them or at least block the addresses.

Already told him.
Tasty Champa
member
Activity: 84
Merit: 10
Re: MtGox spoof mail+site
August 27, 2011, 10:28:27 PM
#8
could tell MagicalTux or someone over there about what fake info you reply with,
(just put in legit looking info)
then could use that to possibly identify them or at least block the addresses.
dustintrammell
vip
Activity: 156
Merit: 103
Cleverly disguised as a responsible adult.
Re: MtGox spoof mail+site
August 27, 2011, 10:18:48 PM
#7
Is there any indication that this is a widespread campaign among more than one Mt. Gox user, perhaps using the database leak data from the breach a while back, or are you the only recipient as far as you know?  I'm just wondering if this is more targeted spear-phishing or if they're casting a wider net...
NothinG
hero member
Activity: 560
Merit: 500
Re: MtGox spoof mail+site
August 27, 2011, 08:24:44 PM
#6
Anyone heard of drive-by's?
indio007
full member
Activity: 224
Merit: 100
Re: MtGox spoof mail+site
August 27, 2011, 06:35:43 PM
#5
Oops I "accidently" entered a password.
U:Blowme
P:Gofuckyourself

My not just spam it with bogus account  info?
Gavin Andresen
legendary
Activity: 1652
Merit: 2216
Chief Scientist
Re: MtGox spoof mail+site
August 27, 2011, 06:28:31 PM
#4
I got a copy, too.  If you use gmail, use the 'Report phishing' function (in the Reply drop-down menu).
helloworld
sr. member
Activity: 266
Merit: 250
Re: MtGox spoof mail+site
August 27, 2011, 12:18:16 PM
#3
Quote from: kwukduck on August 27, 2011, 11:31:06 AM
hxxp://mtgox.tk/users/login

Well, I tried that link just now and it redirects to a Romanian blog site on a .ro domain.

hxxp://www.niuzer.ro/Botosani/IMPRESIONANT-Testamentul-Reginiei-Maria-a-Romaniei-2637509.html?utm_source=twitterfeed&utm_medium=twitter
EricJ2190
full member
Activity: 134
Merit: 102
Re: MtGox spoof mail+site
August 27, 2011, 12:17:22 PM
#2
Of interest from the email headers:
Code:
Return-Path:
Received: from xm33.hostsila.org (xm33.hostsila.org [194.28.87.253])
...
Received: from fewfewef by xm33.hostsila.org with local (Exim 4.69)
(envelope-from )

I sent off a quick message to the .TK abuse email letting them know about the issue.
kwukduck
legendary
Activity: 1937
Merit: 1001
Re: MtGox spoof mail+site
August 27, 2011, 11:31:06 AM
#1
Just received an email from '[email protected]' with the news of 11-08-2011, a link in the message has the text of the mtgox newsletter link but truely links to:
hxxp://mtgox.tk/users/login

carefull if you got this email too.
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: