Pinoy Money Talk (PMT) chanced upon a site that takes the look of the original e-Gold site in an attempt to deceive users, with the intention of hacking accounts and stealing personal information.
The fake site can be found at www.e-qold.com, as opposed to the original www.e-gold.com site. Notice that the fake site cunningly used “q” which can actually be mistaken for “g.”
The main page is no doubt an outstanding duplicate of the authentic E-Gold site. All the links redirect to the latter, EXCEPT for the “Access Your Account” link which, everyone who uses e-gold knows, redirects to the E-Gold Member Login page. Once the “Access Your Account” link is clicked, the Login Page opens up.
“Authentic” fake site
Again, the page is deceivingly similar to the actual E-Gold member Login Page. There is even a security Turing Number and an Audible Turing Number option, but if you refresh the page, you will see that the Turing Number doesn’t change. Unlike the actual egold site, the Turing Number in the fake site is always “1-6-2-5-0-9.” Unwitting users might simply type in their login info and press “Login.” However, note that even if you do not input anything in the login fields, simply pressing the “Login” button redirects to a supposed “AccSent page.”
Now, this is where the difference lies between the fake and the actual egold site. Users familar with egold would be surprised to see this page, as it has never appeared before during any of their egold transactions. The fake site alarms the user with the following warning:
Your account has been temporarily FROZEN. Please access your e-gold account related e-mail below in order to clear security issues as soon as possible.
Unwitting users would be frightened upon seeing this warning, and would not hesitate to provide their email address and password in the page above.
At this point, the user has just given the fake site owners authority to hack the egold account.
How Hacking is done
Armed with the stolen egold account number and password, the scammer logs in to the person’s actual egold account.
If the AccSent option is disabled, the egold account can now be easily hacked. Even with the AccSent option enabled, the change in IP address would then send an “AccSent PIN” to the user’s email address. The hacker can, however, still access this using the email address and password provided by the user in Screenshot #3 above.
Nothing can be done anymore once the hacker has logged in and the egold funds transferred to another account.
All egold users should be wary and should always check whether they are in the actual www.e-gold.com site before logging in. As a precaution, the E-Gold site should be bookmarked and should not be accessed using any other external link.
Passwords for the egold account and email address should also be different, and the email address used for the “AccSent PIN” should not be shared to the public.
It is advisable too to use E-gold’s SRK option rather than typing the account number and passphrase.