Bitcointalk Mobile Browser presented by IRLBTC™

>> (p.1)

Author

Topic: Beware new MtGox phishing scam - MLGOX.TK (Read 2258 times)

CoinLab (OP)

Sr. Member

Offline

Activity: 270
Merit: 250

1CoinLabF5Avpp5kor41ngn7prTFMMHFVc

Beware new MtGox phishing scam - MLGOX.TK

December 12, 2011, 06:49:56 PM

I got this message today:

Quote

From: <info@mtgox.com>
Date: Mon, Dec 12, 2011 at 7:16 AM
Subject: [Mt.Gox] Your account is currently pending review.
To: xxxxxxxxxxxxxxx

Dear Mt.Gox user,

Your account is currently pending review, please visit
https://mtgox.com/forms/verification<http://www.mlgox.tk/forms/verification>
For those users who have had their accounts marked for review, an
explanation of why were are implementing these security measures can be
found here:

Security Measures
Explained<http://www.mlgox.tk/entries/20471711-security-measures-explained>

When formatted as HTML, the MtGox URL displayed obscures a "MLGOX.TK" domain address. Which looks like the new MtGox design, but is actually phishing for your password.

Andrew Bitcoiner

Sr. Member

Offline

Activity: 396
Merit: 250

Send correspondance to GPG key A372E7C6

Re: Beware new MtGox phishing scam - MLGOX.TK

December 12, 2011, 06:51:04 PM

Sneaky.

MAKE MONEY! ADVERTISE FOR BITCOINS http://www.bitcoinadvertising.com
Bitcoin News Site http://coinbits.com
Bitcoin Blackjack http://bitjack21.com
Bitcoin, Darknet, IT consulting http://cryptophene.com

Mt.Gox Support

VIP
Sr. Member

Offline

Activity: 308
Merit: 250

Re: Beware new MtGox phishing scam - MLGOX.TK

December 13, 2011, 02:30:34 AM

Hi folks

First of all NEVER hesitate to contact us by email or via the support whenever you come across something like this. While we are trying to be on top of these kinds of things we may miss some of them. Anyway we are now working on making sure that this domain will be deactivated ASAP.

Cheers

Mt.Gox : The Leading International Bitcoin Exchange.
Mt.Gox Merchant Solutions : https://mtgox.com/merchant

dark_st3alth

Newbie

Offline

Activity: 33
Merit: 0

Re: Beware new MtGox phishing scam - MLGOX.TK

December 13, 2011, 03:41:23 AM

Quote from: Mt.Gox Support on December 13, 2011, 02:30:34 AM

Good to see you guys getting on top of it right away

As for the email, I always make sure I see the text version. It would point these little tricks out.

Additional Info:

- The real website is "http://w5xhdezxlz.tmweb.ru/".

- Uses a PHP POST request.

- Redirects to the legitimate login site.

ineededausername

Hero Member

Offline

Activity: 784
Merit: 1000

bitcoin hundred-aire

Re: Beware new MtGox phishing scam - MLGOX.TK

December 13, 2011, 04:02:52 AM

mlgox.tk? lol... I bet they fooled nobody. Bitcoiners are too smart to be phished

(BFL)^2 < 0

Mt.Gox_Natalie

Member

Offline

Activity: 68
Merit: 10

Re: Beware new MtGox phishing scam - MLGOX.TK

December 13, 2011, 04:47:43 AM

Thank you very much for the notice. We have posted it up at our Phishing Forum on our Support website.

mckoss

Newbie

Offline

Activity: 52
Merit: 0

Re: Beware new MtGox phishing scam - MLGOX.TK

December 13, 2011, 06:36:43 AM

Quote from: ineededausername on December 13, 2011, 04:02:52 AM

mlgox.tk? lol... I bet they fooled nobody. Bitcoiners are too smart to be phished

I was *close* to being fooled (bringing up the web site on a mobile phone, where my eyes have a hard time distinguishing the small text in the address bar).

runeks

Legendary

Offline

Activity: 980
Merit: 1008

Re: Beware new MtGox phishing scam - MLGOX.TK

December 18, 2011, 01:00:07 PM

(Cross post from reddit):

Hey everyone: please run this Python script for a while to spam this scammer with invalid user/pass combinations:

Code:

import urllib2, random, string

while True:
user = ''.join(random.choice(string.ascii_letters + string.digits) for x in range(random.randrange(4,20)))
passw = ''.join(random.choice(string.ascii_letters + string.digits) for x in range(random.randrange(4,20)))
test = urllib2.urlopen(urllib2.Request("http://mlgox.tk/login.php", "login="+user+"&password="+passw+"&LOGIN=Login"))
test.read()

I'm no HTTP expert but as far as I can tell this creates invalid login attempts at the fake site. Please post a revised edition if something is wrong here.

runeks

Legendary

Offline

Activity: 980
Merit: 1008

Re: Beware new MtGox phishing scam - MLGOX.TK

December 18, 2011, 02:19:17 PM

Another, and perhaps better way, would be for Mt. Gox themselves to create some fake user/password combinations that only they know, and try to log in to this phishing site using these credentials - from a different IP for each login.
Then at their servers, whenever someone logs in, look for these specific user/password combinations, and if a login is attempted with one of these combinations, add the IP from which it came to a black list.

The weakness with the above Python script is that it will be obvious that 1000 login attempts from the same IP are not genuine. And perhaps they can also filter out the user names and passwords based on their composition (ASCII and numbers).

Phinnaeus Gage

Legendary

Offline

Activity: 1918
Merit: 1570

Bitcoin: An Idea Worth Spending

Re: Beware new MtGox phishing scam - MLGOX.TK

December 18, 2011, 07:13:13 PM

#10

Quote from: mckoss on December 13, 2011, 06:36:43 AM

Quote from: ineededausername on December 13, 2011, 04:02:52 AM

mlgox.tk? lol... I bet they fooled nobody. Bitcoiners are too smart to be phished

I was *close* to being fooled (bringing up the web site on a mobile phone, where my eyes have a hard time distinguishing the small text in the address bar).

Interesting! In a normal browser, one may easily recognize a phishing site, but less likely on a smart phone. I bet phishers are well aware of this fact and taking full advantage of it. Thanks, mckoss, for this revelation.

~Bruno~

btcinstant

Full Member

Offline

Activity: 180
Merit: 100

Re: Beware new MtGox phishing scam - MLGOX.TK

December 18, 2011, 07:20:39 PM

#11

looks like this guys if falling for it Huh

http://www.reddit.com/r/Bitcoin/comments/ngnkv/mtgox_has_allowed_me_to_become_a_verified_user/

phatsphere

Hero Member

Offline

Activity: 763
Merit: 500

Re: Beware new MtGox phishing scam - MLGOX.TK

December 18, 2011, 08:00:36 PM

#12

here is a way to report phishing to google (which might end up in warning you about this in ff+chrome)
http://www.google.com/safebrowsing/report_phish/?hl=en

ineededausername

Hero Member

Offline

Activity: 784
Merit: 1000

bitcoin hundred-aire

Re: Beware new MtGox phishing scam - MLGOX.TK

December 18, 2011, 08:13:53 PM

#13

You know what's hilarious? The majority of phishers don't even know how to spoof an email address properly, so they send from emails like "grnail.com." This phisher is, ironically, one of the smarter ones. xD

(BFL)^2 < 0

Phinnaeus Gage

Legendary

Offline

Activity: 1918
Merit: 1570

Bitcoin: An Idea Worth Spending

Re: Beware new MtGox phishing scam - MLGOX.TK

December 18, 2011, 08:34:42 PM

#14

Quote from: btcinstant on December 18, 2011, 07:20:39 PM

looks like this guys if falling for it Huh

http://www.reddit.com/r/Bitcoin/comments/ngnkv/mtgox_has_allowed_me_to_become_a_verified_user/

Thanks, btcinstant. I'm not a reddit reader, but your link offered me another source for keeping up in the Bitcoinshere.

btcinstant

Full Member

Offline

Activity: 180
Merit: 100

Re: Beware new MtGox phishing scam - MLGOX.TK

December 18, 2011, 11:08:27 PM

#15

Quote from: Phinnaeus Gage on December 18, 2011, 08:34:42 PM

Quote from: btcinstant on December 18, 2011, 07:20:39 PM

looks like this guys if falling for it Huh

http://www.reddit.com/r/Bitcoin/comments/ngnkv/mtgox_has_allowed_me_to_become_a_verified_user/

Thanks, btcinstant. I'm not a reddit reader, but your link offered me another source for keeping up in the Bitcoinshere.

Not a problem Phinnaeus it's one of the better sources of information I read it daily enjoy!

Pages: [1]

Page 1

Viewing Page: 1