10 Dec
2003
10 Dec
'03
9:53 p.m.
-------- Original Message -------- From: Bill Stewart <bill.stewart@pobox.com> > On 10 Dec 2003 at 15:19, Nostradumbass@SAFe-mail.net wrote: > > E-gold and other DGCs do not do much if any due diligence in > > checking account holder identification > > Unfortunately, they also don't due much if any due diligence in > identifying themselves in messages to real or potential customers, > so it's extremely difficult to determine if I've gotten any > administrative messages that really _were_ from them > as opposed to the N fraudsters sending out mail asking you to - > log in to e-g0ld.com or whatever fake page lets them steal > your egold account number and password so they can drain your balance. Actually they do. Sort of at http://www.e-gold.com/unsecure/alert.html - Never click hypertext links in HTML formatted e-mail to access your account. - Confirm that you are on the e-gold website before entering your e-gold passphrase into either a logon form or a payment authorization form (see note below about e-gold shopping cart interface): - Verify the address/location/URL starts with: https://www.e-gold.com/ - Verify that the site certificate is issued by VeriSign to www.e-gold.com > > A policy of PGP-signing all their messages using a key > that's published on their web pages would be a good start, > though it's still possible to trick some fraction of people > into accepting the wrong keys. Too few customers would know what to do with such a key. >For now, my basic assumption > is that any communications I receive that purport to be from them > are a fraud, and it's frustrating that there's no good mechanism > for reporting that to e-gold. They know about most of the fraudulent emails circulating. They don't want to hear about them from customers because it would exhaust what customer service resources they have. I have never received an email from e-gold following my account creation confirmation and I beleive its their policy not to send emails for just this reason.