Author

Topic: WARNING - MtGox "Your account is currently pending review" Phishing email (Read 6258 times)

hero member
Activity: 756
Merit: 522
It's a wonder there's not a lot more of this going on, really.
legendary
Activity: 1358
Merit: 1002
I had my email on the mtgox db that leaked and never got any of those emails. Strange. Not that I used gox anyway, so I wouldn't get fooled.
zvs
legendary
Activity: 1680
Merit: 1000
https://web.archive.org/web/*/nogleg.com
Also got one.
Very clever phishing email. Looks very natural.

I was confused by strange domain tmweb.ru

Who here on the forums has access to email addresses?
I think spammers use stolen MtGox DB

yeah, using the DB that got passed out june '11, i'm sure.  i have the same list

anyway, i just got this.  points to rgy###.tmweb.ru

i didn't think it was very clever though, i mean, all you have to do is see that the link is to some site in russia?
newbie
Activity: 31
Merit: 0
Also got one.
Very clever phishing email. Looks very natural.

I was confused by strange domain tmweb.ru

Who here on the forums has access to email addresses?
I think spammers use stolen MtGox DB
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
Who here on the forums has access to email addresses?

Code:
                                                                                                                                                                                                                                                               
Delivered-To: XXXXXXXXXXXXXXX
Received: by 10.112.40.68 with SMTP id v4cs77491lbk;
        Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Received: by 10.14.132.74 with SMTP id n50mr1007560eei.47.1327991019323;
        Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Return-Path:
Received: from xm63.hostsila.org (xm63.hostsila.org. [194.28.85.190])
        by mx.google.com with ESMTPS id n42si11987546eef.200.2012.01.30.22.23.39
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 194.28.85.190 as permitted sender) client-ip=194.28.85.190;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 194.28.85.190 as permitted sender) [email protected]
Received: from brasting by xm63.hostsila.org with local (Exim 4.69)
(envelope-from )
id 1Rs7Ar-00023G-8i
for XXXXXXXXXXXXXXXXXXXXXX; Tue, 31 Jan 2012 08:26:37 +0200
To: XXXXXXXXXXXXXXXXXXXXXXX
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: 194.28.85.190/~brasting/mail/mail2.php for 84.19.169.235
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Sender: 
Date: Tue, 31 Jan 2012 08:26:37 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - xm63.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1002 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - xm63.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/brasting/public_html/mail/mail2.php
X-Source-Dir: brasting33.org:/public_html/mail

Dear Mt.Gox user,



Your account is currently pending review, please visit https://mtgox.com/forms/verification

For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:



Security Measures Explained



�Verified� Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.



In order to apply for the �Verified� account status please attach a copy of the following documents:

- Your government issued photo ID (passport, permanent residence card or driver�s license) and

- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.



Thanks,

The Mt.Gox team



full member
Activity: 183
Merit: 100
Got a couple of these too.
Code:
                                                                                                                                                                                                                                                               
Delivered-To: [email removed]
Received: by 10.42.140.4 with SMTP id i4cs47403icu;
        Fri, 13 Jan 2012 05:57:38 -0800 (PST)
Received: by 10.180.20.69 with SMTP id l5mr9044325wie.19.1326463055717;
        Fri, 13 Jan 2012 05:57:35 -0800 (PST)
Return-Path:
Received: from de1.imhoster.net (de1.imhoster.net. [178.162.236.74])
        by mx.google.com with ESMTPS id 41si1302813eeu.193.2012.01.13.05.57.35
        (version=TLSv1/SSLv3 cipher=OTHER);
        Fri, 13 Jan 2012 05:57:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) client-ip=178.162.236.74;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) [email protected]
Received: from host6057 by de1.imhoster.net with local (Exim 4.69)
(envelope-from )
id 1RlhdO-001KkF-BR
for [email removed]; Fri, 13 Jan 2012 15:57:34 +0200
To: [email removed]
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: host6057.de1.dp10.ru/mail/mail.php for 84.19.165.214
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Date: Fri, 13 Jan 2012 15:57:34 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - de1.imhoster.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1238 1234] / [47 12]
X-AntiAbuse: Sender Address Domain - de1.imhoster.net

Dear Mt.Gox user,



Your account is currently pending review, please visit https://mtgox.com/forms/verification

For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:



Security Measures Explained



�Verified� Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.



In order to apply for the �Verified� account status please attach a copy of the following documents:

- Your government issued photo ID (passport, permanent residence card or driver�s license) and

- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.



Thanks,

The Mt.Gox team



hero member
Activity: 846
Merit: 1000
The One and Only
I just got this email about 30 minutes ago, just wanted to make people aware that this is infact NOT from MtGox, but from some russian phishing site.

Do NOT click any links from this email

Code: (Complete Message with Headers)
Delivered-To: [email protected]
Received: by 10.42.167.130 with SMTP id s2cs62934icy;
        Fri, 13 Jan 2012 12:55:42 -0800 (PST)
Received: by 10.213.29.13 with SMTP id o13mr673749ebc.58.1326488140056;
        Fri, 13 Jan 2012 12:55:40 -0800 (PST)
Return-Path:
Received: from de1.imhoster.net (de1.imhoster.net. [178.162.236.74])
        by mx.google.com with ESMTPS id a9si6728572eec.214.2012.01.13.12.55.39
        (version=TLSv1/SSLv3 cipher=OTHER);
        Fri, 13 Jan 2012 12:55:40 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) client-ip=178.162.236.74;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) [email protected]
Received: from host6059 by de1.imhoster.net with local (Exim 4.69)
(envelope-from )
id 1Rlo9z-003joZ-2F
for [email protected]; Fri, 13 Jan 2012 22:55:39 +0200
To: [email protected]
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: host6059.de1.dp10.ru/mail.php for 67.221.255.12
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Date: Fri, 13 Jan 2012 22:55:39 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - de1.imhoster.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1240 1236] / [47 12]
X-AntiAbuse: Sender Address Domain - de1.imhoster.net

Dear Mt.Gox user,



Your account is currently pending review, please visit https://mtgox.com/forms/verification

For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:



Security Measures Explained



“Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.



In order to apply for the “Verified” account status please attach a copy of the following documents:

- Your government issued photo ID (passport, permanent residence card or driver’s license) and

- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.



Thanks,

The Mt.Gox team


Jump to: