Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Back to 419 School, Pal | Main | Phoiled Phisher Phollowup »

May 10, 2005

Imagine That: Phishers Are Cynical

One newbie PayPal phisher forgot to fill in some of the blanks to the message, so the phishing kit's placeholders got through in his first attempt. The placeholder link for this one was to the nonexistent domain:

paypalvictims.com

Eight minutes later, he corrected his mistake and sent out the same message (through the same zombie, no less), but this time with a newly-minted domain hosted at yahoo.com.

Click on the link, fill out the form, and you will be a victim.

UPDATE: Kudos to yahoo.com for taking down the working site from the second phish within about an hour after my report. Others may have reported, too, and that's OK. As long as they act quickly.

UPUPDATE (18:53 PDT): Well, I see this is going to be a battle. No sooner did the yahoo-hosted site go down, than the same spammer opened up a new godaddy.com-hosted site with a slightly different domain. His current domain name scheme is to use "paypal-" followed by typical URL letters one sees in PayPal and eBay log-in URLs before the "dot com." I don't know how quickly go-daddy will respond, but I've got my fingers crossed. If he wouldn't keep sending me this crap, I wouldn't be the wiser.

UPUPUPDATE (20:07 PDT): The godaddy-hosted version is now also no more. But, no, I don't expect this guy to give up this easily.

UP(x4)DATE (22:39 PDT): I was right. The guy started up yet another domain, this time hosted at networksolutions.com. I reported it at 20:15, and just checked at 22:39 to find that Network Solutions shut this one down. Quite an evening (while I'm busy working on something else). It's encouraging that three large ISPs—Yahoo, Godaddy, and Network Solutions—responded within one to two hours to shut down phishing sites. Speed is vital, so I'm glad they have mechanisms in place to act quickly. Three phishing sites out of hundreds is a drop in the bucket, but those ISPs definitely saved the identities of some folks tonight.

Posted on May 10, 2005 at 05:20 PM