Cybercriminals used a clever technique to lure internauts

Jun 14, 2013 19:21 GMT  ·  By

On Thursday, Internet users who searched for “mtgox” on Yahoo! or Bing were lured to a phishing website hosted on mtpox.com.

Security expert Brian Krebs reported  that when users searched for “mtgox” on one of the two search engines, the first result appeared to be a paid or sponsored ad for mtgox.com. However, in reality, when the links were clicked, users were taken to the malicious website.

The phishing site perfectly replicated the legitimate Mt.Gox website, but when users entered their username and password, they were actually handing the information over to the cybercriminals that ran the operation.

To avoid raising any suspicion, victims were then redirected to the legitimate website.

The “mtpox.com” domain is currently flagged by Google and antivirus vendors as being malicious and it appears that the website has been removed. However, similar ones could emerge at any time, so users should be highly cautious.

Always make sure that the site you’re on is protected by a digital certificate before entering your credentials.