Spear-Phishing of MTGox Bitcoin Users

This weekend there were several reports of spear-phishing emails targeting users of MtGox, a leading Bitcoin exchange.

The emails purported to come from “info@mtgox.com” and contains a what is claimed as a link to an MtGox newsletter, but the link really goes to: hxxp://mtgox.tk/users/login

The email headers reveal the real source of the email:

Return-Path:
Received: from xm33.hostsila.org (xm33.hostsila.org [194.28.87.253])
...
Received: from fewfewef by xm33.hostsila.org with local (Exim 4.69)
(envelope-from )

It appears that this is a spear-phishing attack. MtGox was hacked a few months ago, and a database of user information appears to have been stolen. It looks like phishers are using that database to send targeted emails to users of MtGox.

This should not come as a surprise. Wherever there is money that can be stolen, cyber-criminals are sure to show up. In fact, 25% of all phishing is targeted at users of online payment services.

Learn more about phishing at the Anti-Phishing Working Group.

Advertisements

About Dave

I have been into financial cryptography and alternative electronic currencies since the mid 1990s. I have attended the Financial Cryptography conference, and have invented patents in the fields of cryptography and security. I've built systems for Visa, the US Federal Reserve, NASD, and hundreds of banks around the world.

Posted on August 30, 2011, in Uncategorized. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: