MtGox Phishing Campaign Hits Bing, Yahoo!

An active phishing campaign targeting account holders at popular Bitcoin exchange has hijacked the top search results at Bing and, redirecting unwary clickers to, a look-alike domain and Web site that was registered on June 12, 2013, less than 24 hours ago.

Check out the video I recorded of this phish in action (turn down in the sound if you hated the Iron Man soundtrack):

Update, June 17, 3:07 p.m: Google’s Youtube team has inexplicably removed my video, calling it a violation of YouTube’s policy on the depiction of harmful activities. 8:09 p.m.: YouTube has restored the video.

Hover over the search links returned in after searching for “Mtgox” and you’ll see what appears to be a paid or perhaps sponsored search ad that lists a result for, although hovering over the link displays a long “” URL. The same is true when you currently search for “mtgox” on hovering over the returned link shows a address.

In the video above, entering any credentials at the fake “” site caused a site error, but when I tried it again a moment later, I was redirected to the real

Interestingly, it appears the phisher in this case simply copied and pasted the code from; as shown in the video, hovering over either the username or password field on produces the same warning present on — a message advising visitors to check for the green “extended validation” or EV browser certificate in the URL address bar.


This attack, while not particularly unusual, is a good reminder that relying on trusted bookmarks is among the safest ways to navigate to sites that hold your personal and financial information. Using a search engine to find these sites is better than direct navigation (in which a fat-fingered key can lead to a phishing site), but as this phish illustrates, it’s always a good idea to double check the URL in the address bar.

Hat tip to Twitter follower Ryan Mattinson.

Оставьте комментарий