Spear-Phishing of MTGox Bitcoin Users
The emails purported to come from “firstname.lastname@example.org” and contains a what is claimed as a link to an MtGox newsletter, but the link really goes to: hxxp://mtgox.tk/users/login
The email headers reveal the real source of the email:
Received: from xm33.hostsila.org (xm33.hostsila.org [22.214.171.124])
Received: from fewfewef by xm33.hostsila.org with local (Exim 4.69)
It appears that this is a spear-phishing attack. MtGox was hacked a few months ago, and a database of user information appears to have been stolen. It looks like phishers are using that database to send targeted emails to users of MtGox.
This should not come as a surprise. Wherever there is money that can be stolen, cyber-criminals are sure to show up. In fact, 25% of all phishing is targeted at users of online payment services.
Learn more about phishing at the Anti-Phishing Working Group.