PinoyMoneyTalk.com

Pinoy Money Talk (PMT) chanced upon a site that takes the look of the original egold site in an attempt to deceive egold users, with the intention of hacking accounts.

The fake site can be found at www.e-qold.com, as opposed to the original www.e-gold.com site. Notice that the fake site cunningly used “q” which can actually be mistaken for “g,” deceiving e-gold users that they are in the actual e-gold website.

Compare the screenshots of the fake site below with the actual www.e-gold.com site.

The main page is no doubt an outstanding duplicate of the original e-gold site. All the links redirect to the latter, EXCEPT for the “Access Your Account” link which, everyone who uses e-gold knows, redirects to the E-Gold Member Login page. Once the “Access Your Account” link is clicked, the following screenshot is seen.

Again, the page is deceivingly similar to the actual E-Gold member Login Page. There is even a security Turing Number and an Audible Turing Number option, but if you refresh the page, you will see that the Turing Number doesn’t change. Unlike the actual egold site, the Turing Number in the fake site is always “1-6-2-5-0-9.” Unwitting users might simply type in their login info and press “Login.” However, note that even if you do not input anything in the login fields, simply pressing the “Login” button redirects to this supposed “AccSent page.”

Now, this is where the difference lies between the fake and the actual egold site. Users familar with egold would be surprised to see this page, as it has never appeared before during any of their egold transactions. The fake site alarms the user with the following warning:

Your account has been temporarily FROZEN. Please access your e-gold account related e-mail below in order to clear security issues as soon as possible.

Unwitting users would be frightened upon seeing this warning, and would not hesitate to provide their email address and password in the page above. After submitting those information, the following page is seen.

At this point, the user has just given the fake site admin the authority to hack the egold account.

How Hacking is done

Armed with the stolen egold account number and password, the scammer logs in to the person’s actual egold account. If the AccSent option is disabled, the egold account can now be easily hacked. Even with the AccSent option enabled, the change in IP address would then send an “AccSent PIN” to the user’s email address. The hacker can, however, still access this using the email address and password provided by the user in Screenshot #3 above. Nothing can be done anymore once the hacker has logged in and the egold funds transferred to another account.

Precautions

All egold users should thus be wary and should always check whether they are in the actual www.e-gold.com site before logging in. As a precaution, the Egold site should be bookmareked and should not be accessed using any other external link.

Passwords for the egold account and email address should also be different, and the email address used for the “AccSent PIN” should not be shared to the public.

It is advisable too to use E-gold’s SRK option rather than typing the account number and passphrase. Or you can choose to use a free software called Roboform which saves and encrypts your passwords so that you won’t have to manually type your passwords the next time you log in to any account. Find our more about Roboform here.

Other ways of protecting oneself online can be found in the Technology and the Internet folder of the PMT Forum.

Get hundreds of popular magazines, webinars and podcasts about SEO, Internet, Finance and Telecoms -- all available FREE OF CHARGE!

This entry was posted on Wednesday, July 20th, 2005 at 1:24 am and is filed under Phishing Emails. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.