ALTA/DMT privacy [was: Re: (No Subject)]
Nostradumbass at SAFe-mail.net
Nostradumbass at SAFe-mail.net
Wed Dec 10 18:37:15 PST 2003
-------- Original Message --------
From: Bill Stewart <bill.stewart at pobox.com>
> On 10 Dec 2003 at 15:19, Nostradumbass at SAFe-mail.net wrote:
> > E-gold and other DGCs do not do much if any due diligence in
> > checking account holder identification
>
> Unfortunately, they also don't due much if any due diligence in
> identifying themselves in messages to real or potential customers,
> so it's extremely difficult to determine if I've gotten any
> administrative messages that really _were_ from them
> as opposed to the N fraudsters sending out mail asking you to
- > log in to e-g0ld.com or whatever fake page lets them steal
> your egold account number and password so they can drain your balance.
Actually they do. Sort of at http://www.e-gold.com/unsecure/alert.html
- Never click hypertext links in HTML formatted e-mail to access your account.
- Confirm that you are on the e-gold website before entering your e-gold passphrase into either a logon form or a payment authorization form (see note below about e-gold shopping cart interface):
- Verify the address/location/URL starts with: https://www.e-gold.com/
- Verify that the site certificate is issued by VeriSign to www.e-gold.com
>
> A policy of PGP-signing all their messages using a key
> that's published on their web pages would be a good start,
> though it's still possible to trick some fraction of people
> into accepting the wrong keys.
Too few customers would know what to do with such a key.
>For now, my basic assumption
> is that any communications I receive that purport to be from them
> are a fraud, and it's frustrating that there's no good mechanism
> for reporting that to e-gold.
They know about most of the fraudulent emails circulating. They don't want to hear about them from customers because it would exhaust what customer service resources they have.
I have never received an email from e-gold following my account creation confirmation and I beleive its their policy not to send emails for just this reason.
More information about the cypherpunks-legacy
mailing list