From the top of the currency pyramid here is some ‘phishing prevention’ information on a few of the popular Digital Gold Currencies. Because a DGC transaction is not reversible and the currencies are highly liquid some of them, like e-gold, are constant targets for phishing expeditions (emails).
Here is some top advice from their webs plus a bit of my own input.
E-gold has a great section on the safe operation of their accounts entitled “e-gold Security Alerts“. You should check it out as some of the recommendations work for just about any online currency including online banking.
Fake Emails purporting to be from e-gold
- NEVER ACCESS YOUR E-GOLD ACCOUNT BY CLICKING A HYPERTEXT LINK IN E‑MAIL.
- NEVER VIEW, OPEN, SAVE, OR RUN ANY ATTACHMENT IN E-MAIL PURPORTING TO BE FROM E‑GOLD.
Regardless of the subject matter of the fraudulent emails, they always have one thing in common: their intent is to gather pieces of information needed for a criminal to gain access to the victim’s e-gold account and divert the value either via a phishing attack, a Trojan horse attack, or both.
We urge Users to:
- Never click hypertext links in HTML formatted e-mail to access your account.
- Confirm that you are on the e-gold website before entering your e-gold passphrase into either a logon form or a payment authorization form (see note below about e-gold shopping cart interface):
• Verify the address/location/URL starts with: https://www.e-gold.com/
• Verify the site is secure (look at the SSL Lock icon at the bottom of your browser window)
• Verify that the site certificate is issued by VeriSign to www.e-gold.com - Never open/view/run/install an attachment in e-mail purporting to be from e-gold
- Follow the e-gold Security Recommendations listed here.
Phishing Attacks…
The hypertext link in fraudulent email will appear to be to the e-gold website, but if clicked, it directs the victim to a fraudulent website, designed to ensnare the careless by mimicking the appearance of the real e-gold website. Phony login forms are used on these “phishing” websites to collect victim’s e-gold account number and passphrase. If victim has disabled e-gold’s AccSent protection, e-gold account number and passphrase are all the criminal needs to log in to the victim’s e-gold account on the real e-gold website and divert the value.
Trojan Horse Attacks…
Counterfeit websites may also attempt to trick User into downloading a Trojan horse with the objective of gaining control of victim’s computer. The email attachment in fraudulent e-mails usually is a Trojan horse. Again, the objective of Trojan horse may be to gain control of victim’s computer.
Q&A
I received an email from an address at goldmoney.com with a hyperlink (web address) embedded in the email. The email asks me to log into my Holding. Is it safe to click the hyperlink and log into my Holding?
No. GoldMoney will never, under any circumstance, send an unsolicited email asking you to log into your Holding by clicking on an embedded link.
Criminal hackers often send out emails asking for the recipient to log into what appears to be a trusted online financial account. Although the emails appear to be sent from the financial institution, they are actually sent by the hackers themselves in a technique called “spoofing”. Malicious hyperlinks usually direct the recipient to a site that appears to be the trusted financial institution, but is actually a website set up by a hacker for the sole purpose of stealing your personal information, including your login ID and passphrase. If stolen, this information would give the hacker access to your GoldMoney account and your money.
Often, the hyperlink presented in the email looks exactly like the site being mirrored. For example, it may say: “Go to goldmoney.com to log into your Holding to verify information”. However, clicking the link will actually take you to the mirrored site run by the hacker. One common type of mirrored site are those with a small misspelling. For example, instead of “goldmoney.com” the web address will actually be “go1dmoney.com”, spelled with the numeral “1″ instead of the lower case letter “L”. Hackers purposefully do this, hoping you will not notice the difference. GoldMoney will never send you an email with embedded hyperlinks, with the sole exceptions being email alerts to view the Founder’s Commentary page, and confirmation emails that are sent to you when you first create a Holding or request the issuance of a new passphrase (in case you lose your passphrase).
The same goes for e-mail attachments.
If you receive an email from an address at goldmoney.com with an attachment. Never EVER open the attachment. Never download and/or open such an attachment. GoldMoney will never send email with an attachment. Criminal hackers often send out emails that appear to be sent from a trusted party but are actually sent from the hackers themselves (this technique is called “spoofing”). Unfortunately, the limitations of email software make these spoof emails possible.
The attachments often contain malicious programs called “trojans” designed to steal personal information stored on your computer or to log your keystrokes and steal passwords. If stolen, this information would give the hacker access to your GoldMoney account and your money. Attachments from a spoofed address may also contain computer viruses designed to cause havoc on your computer. To repeat this important point, never open an attachment sent to you from any email addressed from goldmoney.com. Immediately delete the attachment if downloaded onto your computer.
Pecunix has the distinction of being the only DGC never phished or hacked. Pecunix accounts have three login access levels to give you complete control over your account. Access is expertly restricted at each level. You can determine not only who uses your account, but also how much information other users can see and whether or not they have access to your funds.
Login levels:
By using the proprietary login system developed by Siddley Incorporated, you will never need to divulge more than four characters of your password (PIK) at any one time. You will never be required to reveal your complete password. Pecunix login security is immune to common Trojan Horse, virus and robot attacks. To enhance your account security, you may also use strong access verification via PGP authentication.
The standard security is backed up by an optional IP number security addition and strong reporting. An up-to-date security report identifies any failed login attempts and attempts at suspect activity each time you successfully log-on to your account.
Secure e-mail:
Also, within your account is a secure e-mail interface called the Pecunix Secure Messaging System. Any messages sent through the Pecunix Secure Messaging System are held encrypted at all times unless actually being read by either the user or Pecunix Customer Services.
e-Bullion® offers it’s clientele the CryptoCard Secure Password Technology system to protect their accounts from password theft. If you are serious about using e-Bullion you require one of these devices. I would NOT operate any e-bullion account without a CryptoCard. It looks like a small calculator and delivers a fresh password each time you log in making the account IMPOSSIBLE to hack or phish.
Simple to Use. The CRYPTOCard doesn’t require the installation of any fancy software, plugs, or cords. Once you’ve ordered the card, there are a couple of simple initial instructions to follow and it will be fully functional and configured to protect your account. No wires, no CD’s, no software installation - just simplicity and security.
How much it cost?The CRYPTOCard costs $99.50. That is a mere fraction of the cost of a $5,000 safe. In combination with the e-Bullion® system you get the safety of Brinks Global Security combined with the military strength encryption on the CRYPTOCard. If you are using your e-Bullion® Account to store more than $5,000 worth of gold, the security of the CRYPTOCard is definitely worth the expense.
Finally, my personal recommendations…..I only receive email in text form, no Rich Text or HTML and I never open any attachments without personally knowing the sender and scanning them for buggies.
Technorati Tags: AustinProfit, Profit, Egold, e-gold, autosurf, eccurency, HYIP, bond market, egold, investments, forex,
gold, Hyip Forum, stock market investing, deposito, egold exchanger, iran egold, best hyip , hyip manager, HYIP, bond market, egold, investments, forex