Jump to content

e-gold email scam

AndyManchesta

By AndyManchesta
in The Lounge

 Share

Recommended Posts

AndyManchesta

AndyManchesta

Posted
Posted

I just received a email which is clearly fake asking me to login to my e-gold account , Ive just forwarded the site address and details to e-gold but wanted to post it on here incase any members do have an account there and get a similar email as the site is very well made. I'm sure it will be closed down within a few days though as their ISP seems to be based in Atlanta, US :)

 

Here's the contents of the email

 

 

We recently reviewed your account, and suspect that youre -gold online account may have been accessed by an unauthorized third party.

Protecting the security of your account and of the e-gold network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features.

 

To restore your account access , please take the following steps to ensure that your account has not been compromised:

 

1. Login to youre-gold online account. In case you are not enrolled yet for Internet account, you will have to use your Social Security Number as both your Personal ID and Password and fill in the required information, including your name and account number.

 

2. Review your recent account history for any unauthorized withdrawals or deposits, and check your account profile to make sure no changes have been made. If any unauthorized activity has taken place on your account, report to e-gold staff immediately.

 

To get started, please click the link below:

 

https://www.e-gold.com/acct/login.html

 

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire e-gold system. Thank your for your prompt attention to this matter.

 

Sincerely,

 

The gold Online Team.

 

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire e-gold online system. Thank your for your prompt attention to this matter.

Please do not reply to this email. Mails sent to this address cannot be answered. For assistance, log in to your e-gold Onlineaccount and choose the "Help" link in the header of any page.

 

The link in the email opens this page

 

h**p://[**modified**]1128157629:84/logins/

 

which shows the page has moved and asks you to click the link to open this page

 

h**p://[**modified**]1128157629:84/logins/sysdll.php

 

(use caution before viewing the links, remove [**modified**] and change the h**p to http if you did want to check it - they are not serving any trojan infections as Ive viewed the source code of the pages but that may change if they are not shut down)

 

the link opens a genuine looking e-gold page but it isn't secure (no lock icon in the browser status bar and is http when it should be https) so any information is sent in plain text, what's clever about it is the page also contains code to hide the true address bar and then adds a fake address bar written into the page at the top showing https://www.e-gold.com/acct/login.html to give the impression its the genuine site.

 

The webpage contact info traces to

 

Ansari, Rehman

Sitten Street Malaz

P.O.Box 50571

Riyadh

11341

SA

Link to comment
Share on other sites
Mike Rochip

Mike Rochip

Posted
Posted

Thanks for the warning! Phishing sites become more realistic looking every day. PayPal and eBay have been targeted a lot recently.

 

One of the few really useful features if IE 7 Beta is the anti-phishing feature which I have seen in action. This surprised me because I used IE 7 very little since Firefox is my browser of choice.

Link to comment
Share on other sites
AndyManchesta

AndyManchesta

Posted
  • Author
Posted

Well Noticed MP Handler ,

 

I must admit I didnt even read all the message, I just checked the page source and then got details on the sites owner and ISP to pass to e-gold but its the quality of the site that suprised me, Ive had plenty in the past from Paypal spoof sites and they usually trace back to colleges in Thailand, this website with the spoof e-gold page actually sells sporting goods on some of their more genuine looking pages but I feel sorry for anyone who buys anything from them and gives credit card info as the owner is clearly phishing. With the ISP being in the U.S it will be shutdown easily enough as Im sure the webhosting terms do not include setting up a scam site :)

 

Here's the fake and genuine e-gold pages :

 

Fake:

 

 

 

Genuine:

 

 

 

 

:blink:

Link to comment
Share on other sites
Eldmannen

Eldmannen

Posted
Posted

hmm..exactly what are you looking for when you view the page source?

 

 

Links (<a href="...">) tags and <form action="..."> tags are good to look at.

You can look if where they point to, and if it is valid place. It should also have a valid SSL certificate.

firefoxblue4yw.gif

button_b.png hydrogen2nr.png

80x15_3.png

Link to comment
Share on other sites
AndyManchesta

AndyManchesta

Posted
  • Author
Posted

Hi again

 

Usually If I find a malicious site of any form I will view the source code of the page, with this being a e-gold scam site my first thought was it may attempt to load password stealers or keyloggers onto the system when the page is opened via IFrame, Javascripts etc.. but the page is clean , As Eldmannen says the code can give alot of information which cannot be viewed by just looking at the page and can show if the information that is submitted is being sent to another website, to an email address or another part of their own site. With this page It looked genuine as it only had one address bar and that contained the genuine site address but the source code showed they are hiding the true address bar using scripts and then use another script to generate a fake bar with the genuine site address showing. It just makes it easier to see whats going on and can sometimes lead you to other parts of the sites,

 

There's one site that loads trojan infections and alot of other sites (serial/crack/keygen/adult) and others link to this sites files to infect pc's . By viewing the sites source code it shows the directories where the files are saved so then I checked that and the area contains alot of text files full of IP Addresses which I assume is people they have infected and contains over 100 different exploit files and malware bundles so it can help alot.

 

I should point out that I do all this on a test machine and not my main pc :D

 

Andy

Link to comment
Share on other sites
AndyManchesta

AndyManchesta

Posted
  • Author
Posted

I only use Hotmail accounts so Im probably not the best person to comment, You would have to open the email first then Right click inside the message area and choose View Source or choose View from the top bar and click Source, the only difference when you view the source of an email is alot of the information is connected to the email provider rather than the sender such as images,buttons, links etc...

 

With emails you can usually open the full header's when reading emails which can give alot of information. On hotmail (and Im sure other email providers will have similar settings) you can do that by choosing Options which is just under the banner advert on the top right of the screen, then choose Mail Display Settings, on the Message Header section you can change it to None, Basic, Full or Advanced , Here's the description Hotmail has about each setting:

 

When reading a message the Basic setting displays the sender's and recipients' names, the date, and the subject. The Full setting displays additional routing information that may be useful for tracing messages. The Advanced setting displays complete MIME headers (for power users).

 

I have mine always set to Full which helps trace the sender if you ever need to report abuse or phishing emails like this,

Link to comment
Share on other sites
Eldmannen

Eldmannen

Posted
Posted

thanks Edlemannen and AndyManchesta for answering my question. here is another question. is it possible to view source code of unopend email thats in my inbox?

 

Some email client and email services have an option to view the mail as plain/text, that way no code or anything gets parsed.

firefoxblue4yw.gif

button_b.png hydrogen2nr.png

80x15_3.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept