lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: sgmasood at yahoo.com (S G Masood)
Subject: Official notice to all e-gold users [FAKE]


ROFL. HaHaHa.

Second such "convincing" fake in a week(after the
"convincing" Swen-MS patch mail). All the links in the
site appear real but the all-important form action is
a fake. Also, it uses the standard form spoofing trick
- Users fill the fake form and when the form is
submitted, the info is sent to the attacker and the
user is redirected to the genuine form; now the user
fills the genuine form and logs in without noticing
anything.  

The site also uses a cool certificate! ;P

--
S.G.Masood



--- e-gold Ltd <service@...old.com> wrote:

---------------------------------
Dear e-gold user.

At 09.24.2003 our company has lost a number
 of accounts in the system during the database
 maintenance. Our administrators is working on the
database restoring. We ask you to check your account
if it
 is still active and your current balance is right.
 If you find that your account is inactive, please let
 us know immediately at e-mail service@...old.com
 To check your account, please click on the link
below: 

https://www.e-gold.com/acct/login.html

 &copy; 2003 e-gold
Ltd._______________________________________________Full-Disclosure
- We believe in it.Charter:
http://lists.netsys.com/full-disclosure-charter.html


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


Powered by blists - more mailing lists