Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2005-10-24

Phish of the Day: egold2gold.com

Most instances of phishing fraudulently represent themselves as some legitimate business or other. Here's a case where the phisher would have me believe that someone has sent me money out of the blue, and all I need to do in order to collect is sign up at a payment processing thing I've never heard of before called "egold2gold.com". But I'm a sceptical so-and-so, and I don't believe a word of it -- especially given the following evidence.

The original phish message directs me to a "sign up" page at egold2gold.com. There's nothing too sinister-looking here (although I admit not checking it for malicious payload -- I haven't been that diligent in a while). All I need to do is provide a username, a password, and an email address. I provide some fairly arbitrary data for all the above, including a "mailinator" email address, to see what turns up. What turns up is a confirmation request. "Click on the link to continue," it requests. Unless you're silly enough to use the same username and password that you use for something else, all the phisher has at this point in time is a known-good email address -- expect the spam rate on that address to go up.

Of course, if you actually want to claim any of this money that's allegedly been sent to you, you need to fill in a whole swag of stuff -- all the usual bank details, credit card details, drivers licence number -- all the stuff that a craftly little phisher wants so that he can impersonate you for financial gain.

One other thing to note -- the facade isn't terribly convincing. I also signed up with my "ideceive" gmail account because that's the one I have to use to claim my money, you see. But it wouldn't let me sign up, because it only allows one sign-up per source IP address. This is obviously to prevent disgruntled spam-recipients from flooding it with bogus data -- I've seen it happen. But I was able to sign up with the same "username" and a different password from a completely different source IP address! That's no way to handle your accounts!

My conclusion: egold2gold.com is a phishing operation, pure and simple. It's a facade of a respectable payment system with a bunch of nasty crooks lurking behind it. It will probably vanish in the near future and spring up elsewhere under a different name. If you want to risk poking around in this hive of scum and villainy, you can try logging in to http://egold2gold.com/ as "zig" with password "bomb". It may work if nobody else has signed up with that username since I did -- and if they haven't made a run for it yet.

The spam in question originated at 70.84.130.228 on Mon, 24 Oct 2005 02:52:29 -0000. The message was as follows.

Hello,

This is not SPAM, this is an e-mail from egold2gold.com containing a notification of money paid to you...

A egold2gold.com user has just successfully sent you money!  Please look at the below details for information on this transaction.

Sender: payments
Sender's E-Mail: payments@egold2gold.com
Amount Received: 200.00
Sender's Comments: Money Transfer To ideceive@gmail.com

In order to claim this money, you must signup for an account with egold2gold.com  To do so, navigate to the below URL.

http://egold2gold.com?a=signup&semail=ideceive@gmail.com

The e-mail address you signup with must be the one you are receiving this e-mail at.  You should claim this money quickly, if you don't, the sender may cancel the transaction.

Thank you for your time,

egold2gold.com Services Team
http://www.egold2gold.com/
"The New Online Universal Payment System!"

No comments: