« PayPal Phisher Using the Bogus Charge (Again) | Main | Phishers Will Try Anything to Get You to Click »
Home | The Book | Training | Events | Tools | Stats |
July 06, 2006
On the Internet, Nobody Knows You're a LiarOne of my all-time favorite New Yorker cartoons shows two dogs, one sitting in a chair in front of a personal computer, the other down on the floor. The dog in front of the PC says to the other, "On the Internet, nobody knows you're a dog." You can even buy a reprint (no kickback to me).
Considering that the cartoon first appeared in July, 1993, it was more than prescient about what has happened on the Web. Our computer pup may have been thinking more about chat rooms (or, rather, only bulletin board systems—BBSes) at the time, because the World Wide Web was barely up and running at that point. Today, as we see constantly with very credible phishing lookalike sites and such, a Web site's bullshit factor can be anywhere from 0 to 100%.
I was scanning a considerable backlog of spam suspects from my server today and saw a lot more of the mortgage spam about which I complain often here (three times last month alone: [1], [2], [3]). I was checking up on the domain records of a bunch of spamvertised domains from the same gang. They had all been registered to a bogus Chicago address for quite awhile, but they had changed recently to a bogus Florida address within the past few weeks. I'm not sure what it was going to tell me, but I wanted to know when the switch occurred. The switch also included going to a new registrar (directNIC), with whom I've filed numerous disputes for false domain registration records (and, in usual fashion, have received no response whatsoever).
The disputes center on the registration records for over a dozen domains that are registered to an individual name claiming to be at an address in Clearwater, Florida. Problems with the records include the fact that: the ZIP code is for Atlanta, Georgia; the telephone area code is invalid anywhere in North America; the street address is not valid for Clearwater or Atlanta. As for the yahoo.com mailing address, well, let's just say I'm dubious. Also, the "organization" name is listed as "Roflon," whose first four letters are everyone's shortcut for "rolling on floor, laughing."
By accident I accessed the Web site from the earliest spam message pointing to one of these Roflon domains. I wanted to kick myself when I watched the browser's Address field flip and flop around to eventually include code that signified an affiliate ID not part of the URL I used. It's possible that the spammer got a fraction of a penny chit for that visit, and that really pisses me off.
So, anyway, there I was at this slick-looking mortgage lead site that promises "Hassle-Free Quotes." The site is not SSL encrypted, nor is the destination URL of the form on the page. But at the bottom of the page is this notice:
For your protection all information submitted through our secure website is confidential and will only be provided to the lenders that we work with.
Additionally, in a column of logos running down the left side of the page is one that says "Protected by VeriSign," a company that is a Certificate Authority for SSL Web sites. But there was nothing on this page (which asked for information about mortgage types and amounts) that was secure.
Also in that column of logos was one for Trust*e, a service that reviews Web site privacy policies and allows those that pass muster to post the logo. Except this site offered no link to a privacy policy. Ooh, not even close, and certainly no cigar.
Finally, the logo that really made my blood boil was the logo that says, "We are fully compliant with the CAN-SPAM Act of 2003." So I guess the deceptive Subject: line and message, failure to identify the sender, forging headers, not offering an opt-out link, and sending through a Trojaned PC of a Comcast cable customer in New Jersey don't count.
Although I was already feeling creepily filthy just looking at that page, I did a further check of the source code. The server that sent the page had embedded the affiliate ID and my IP address into hidden fields of the form that would have been submitted. I'm not worried about the IP address because I access the Internet through a dynamic system that changes fairly frequently (and unexpectedly with outages...grrr). But I wasn't going to even put bogus data into the form and visit the next page out of desire to stop my "support" of the affiliate with my single, accidental visit.
If I sit back and examine the page with the eyes of a typical Web surfer—perhaps one interested in refinancing a mortgage—I'd have to say the site looks legit. I mean, look at all those security, privacy, and anti-spam logos appearing so prominently. And the art and layout look professional. It must be a great outfit with which to do business.
And, thus, the title of this article.
Posted on July 06, 2006 at 03:43 PM