Topic: WARNING - MtGox "Your account is currently pending review" Phishing email (Read 6256 times)
April 22, 2012, 07:33:56 AM
It's a wonder there's not a lot more of this going on, really.
April 21, 2012, 02:48:55 PM
I had my email on the mtgox db that leaked and never got any of those emails. Strange. Not that I used gox anyway, so I wouldn't get fooled.
April 21, 2012, 02:42:52 PM
Also got one.
Very clever phishing email. Looks very natural.
I was confused by strange domain tmweb.ru
Very clever phishing email. Looks very natural.
I was confused by strange domain tmweb.ru
Who here on the forums has access to email addresses?
I think spammers use stolen MtGox DByeah, using the DB that got passed out june '11, i'm sure. i have the same list
anyway, i just got this. points to rgy###.tmweb.ru
i didn't think it was very clever though, i mean, all you have to do is see that the link is to some site in russia?
February 01, 2012, 06:32:43 AM
Also got one.
Very clever phishing email. Looks very natural.
I was confused by strange domain tmweb.ru
Very clever phishing email. Looks very natural.
I was confused by strange domain tmweb.ru
Who here on the forums has access to email addresses?
I think spammers use stolen MtGox DB 
February 01, 2012, 01:36:07 AM
Who here on the forums has access to email addresses?
Delivered-To: XXXXXXXXXXXXXXX
Received: by 10.112.40.68 with SMTP id v4cs77491lbk;
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Received: by 10.14.132.74 with SMTP id n50mr1007560eei.47.1327991019323;
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Return-Path:
Received: from xm63.hostsila.org (xm63.hostsila.org. [194.28.85.190])
by mx.google.com with ESMTPS id n42si11987546eef.200.2012.01.30.22.23.39
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 194.28.85.190 as permitted sender) client-ip=194.28.85.190;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 194.28.85.190 as permitted sender) [email protected]
Received: from brasting by xm63.hostsila.org with local (Exim 4.69)
(envelope-from)
id 1Rs7Ar-00023G-8i
for XXXXXXXXXXXXXXXXXXXXXX; Tue, 31 Jan 2012 08:26:37 +0200
To: XXXXXXXXXXXXXXXXXXXXXXX
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: 194.28.85.190/~brasting/mail/mail2.php for 84.19.169.235
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Sender:
Date: Tue, 31 Jan 2012 08:26:37 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - xm63.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1002 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - xm63.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/brasting/public_html/mail/mail2.php
X-Source-Dir: brasting33.org:/public_html/mail
Dear Mt.Gox user,
Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:
Security Measures Explained
�Verified� Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.
In order to apply for the �Verified� account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or driver�s license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.
Thanks,
The Mt.Gox team
Code:
Delivered-To: XXXXXXXXXXXXXXX
Received: by 10.112.40.68 with SMTP id v4cs77491lbk;
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Received: by 10.14.132.74 with SMTP id n50mr1007560eei.47.1327991019323;
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Return-Path:
Received: from xm63.hostsila.org (xm63.hostsila.org. [194.28.85.190])
by mx.google.com with ESMTPS id n42si11987546eef.200.2012.01.30.22.23.39
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 194.28.85.190 as permitted sender) client-ip=194.28.85.190;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 194.28.85.190 as permitted sender) [email protected]
Received: from brasting by xm63.hostsila.org with local (Exim 4.69)
(envelope-from
id 1Rs7Ar-00023G-8i
for XXXXXXXXXXXXXXXXXXXXXX; Tue, 31 Jan 2012 08:26:37 +0200
To: XXXXXXXXXXXXXXXXXXXXXXX
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: 194.28.85.190/~brasting/mail/mail2.php for 84.19.169.235
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Sender:
Date: Tue, 31 Jan 2012 08:26:37 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - xm63.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1002 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - xm63.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/brasting/public_html/mail/mail2.php
X-Source-Dir: brasting33.org:/public_html/mail
Dear Mt.Gox user,
Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:
Security Measures Explained
�Verified� Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.
In order to apply for the �Verified� account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or driver�s license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.
Thanks,
The Mt.Gox team
January 14, 2012, 04:36:35 AM
Got a couple of these too.
Delivered-To: [email removed]
Received: by 10.42.140.4 with SMTP id i4cs47403icu;
Fri, 13 Jan 2012 05:57:38 -0800 (PST)
Received: by 10.180.20.69 with SMTP id l5mr9044325wie.19.1326463055717;
Fri, 13 Jan 2012 05:57:35 -0800 (PST)
Return-Path:
Received: from de1.imhoster.net (de1.imhoster.net. [178.162.236.74])
by mx.google.com with ESMTPS id 41si1302813eeu.193.2012.01.13.05.57.35
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 13 Jan 2012 05:57:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) client-ip=178.162.236.74;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) [email protected]
Received: from host6057 by de1.imhoster.net with local (Exim 4.69)
(envelope-from)
id 1RlhdO-001KkF-BR
for [email removed]; Fri, 13 Jan 2012 15:57:34 +0200
To: [email removed]
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: host6057.de1.dp10.ru/mail/mail.php for 84.19.165.214
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Date: Fri, 13 Jan 2012 15:57:34 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - de1.imhoster.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1238 1234] / [47 12]
X-AntiAbuse: Sender Address Domain - de1.imhoster.net
Dear Mt.Gox user,
Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:
Security Measures Explained
�Verified� Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.
In order to apply for the �Verified� account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or driver�s license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.
Thanks,
The Mt.Gox team
Code:
Delivered-To: [email removed]
Received: by 10.42.140.4 with SMTP id i4cs47403icu;
Fri, 13 Jan 2012 05:57:38 -0800 (PST)
Received: by 10.180.20.69 with SMTP id l5mr9044325wie.19.1326463055717;
Fri, 13 Jan 2012 05:57:35 -0800 (PST)
Return-Path:
Received: from de1.imhoster.net (de1.imhoster.net. [178.162.236.74])
by mx.google.com with ESMTPS id 41si1302813eeu.193.2012.01.13.05.57.35
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 13 Jan 2012 05:57:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) client-ip=178.162.236.74;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) [email protected]
Received: from host6057 by de1.imhoster.net with local (Exim 4.69)
(envelope-from
id 1RlhdO-001KkF-BR
for [email removed]; Fri, 13 Jan 2012 15:57:34 +0200
To: [email removed]
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: host6057.de1.dp10.ru/mail/mail.php for 84.19.165.214
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Date: Fri, 13 Jan 2012 15:57:34 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - de1.imhoster.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1238 1234] / [47 12]
X-AntiAbuse: Sender Address Domain - de1.imhoster.net
Dear Mt.Gox user,
Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:
Security Measures Explained
�Verified� Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.
In order to apply for the �Verified� account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or driver�s license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.
Thanks,
The Mt.Gox team
January 13, 2012, 04:30:02 PM
I just got this email about 30 minutes ago, just wanted to make people aware that this is infact NOT from MtGox, but from some russian phishing site.
Do NOT click any links from this email
Do NOT click any links from this email
Code: (Complete Message with Headers)
Delivered-To: [email protected]
Received: by 10.42.167.130 with SMTP id s2cs62934icy;
Fri, 13 Jan 2012 12:55:42 -0800 (PST)
Received: by 10.213.29.13 with SMTP id o13mr673749ebc.58.1326488140056;
Fri, 13 Jan 2012 12:55:40 -0800 (PST)
Return-Path:
Received: from de1.imhoster.net (de1.imhoster.net. [178.162.236.74])
by mx.google.com with ESMTPS id a9si6728572eec.214.2012.01.13.12.55.39
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 13 Jan 2012 12:55:40 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) client-ip=178.162.236.74;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) [email protected]
Received: from host6059 by de1.imhoster.net with local (Exim 4.69)
(envelope-from)
id 1Rlo9z-003joZ-2F
for [email protected]; Fri, 13 Jan 2012 22:55:39 +0200
To: [email protected]
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: host6059.de1.dp10.ru/mail.php for 67.221.255.12
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Date: Fri, 13 Jan 2012 22:55:39 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - de1.imhoster.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1240 1236] / [47 12]
X-AntiAbuse: Sender Address Domain - de1.imhoster.net
Dear Mt.Gox user,
Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:
Security Measures Explained
“Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.
In order to apply for the “Verified” account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or driver’s license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.
Thanks,
The Mt.Gox team
Received: by 10.42.167.130 with SMTP id s2cs62934icy;
Fri, 13 Jan 2012 12:55:42 -0800 (PST)
Received: by 10.213.29.13 with SMTP id o13mr673749ebc.58.1326488140056;
Fri, 13 Jan 2012 12:55:40 -0800 (PST)
Return-Path:
Received: from de1.imhoster.net (de1.imhoster.net. [178.162.236.74])
by mx.google.com with ESMTPS id a9si6728572eec.214.2012.01.13.12.55.39
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 13 Jan 2012 12:55:40 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) client-ip=178.162.236.74;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 178.162.236.74 as permitted sender) [email protected]
Received: from host6059 by de1.imhoster.net with local (Exim 4.69)
(envelope-from
id 1Rlo9z-003joZ-2F
for [email protected]; Fri, 13 Jan 2012 22:55:39 +0200
To: [email protected]
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: host6059.de1.dp10.ru/mail.php for 67.221.255.12
From:[email protected]
Reply-To:[email protected]
MIME-Version:1.0
Content-Type: text/html;
Message-Id:
Date: Fri, 13 Jan 2012 22:55:39 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - de1.imhoster.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1240 1236] / [47 12]
X-AntiAbuse: Sender Address Domain - de1.imhoster.net
Dear Mt.Gox user,
Your account is currently pending review, please visit https://mtgox.com/forms/verification
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:
Security Measures Explained
“Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.
In order to apply for the “Verified” account status please attach a copy of the following documents:
- Your government issued photo ID (passport, permanent residence card or driver’s license) and
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.
Thanks,
The Mt.Gox team
Jump to: