Danny Goodman Takes Aim at a Phisher   - 1,567 Views, 4 Comments

Summary: [Spam Wars author Danny Goodman doesn't just write about spam wars - he's actively engaged in the trenches. Here, guest author Danny Goodman, fresh from the ordeal, tells us about taking aim at a phisher just last night.] May 10, 2005 Imagine That: Phishers ...

Previous Article « AIM Mail: AOL Jumps on the 2Gig Webmail Bandwagon with AOL Instant Messenger Mail
Read Next Article » Get McAfee Internet Security 2005 for Windows for Free!

  Follow Anne on Twitter


[Spam Wars author Danny Goodman doesn't just write about spam wars - he's actively engaged in the trenches. Here, guest author Danny Goodman, fresh from the ordeal, tells us about taking aim at a phisher just last night.]

May 10, 2005

Imagine That: Phishers Are Cynical

One newbie PayPal phisher forgot to fill in some of the blanks to the message, so the phishing kit’s placeholders got through in his first attempt. The placeholder link for this one was to the nonexistent domain:
paypalvictims.com

Eight minutes later, he corrected his mistake and sent out the same message (through the same zombie, no less), but this time with a newly-minted domain hosted at yahoo.com.

Click on the link, fill out the form, and you will be a victim.

UPDATE: Kudos to yahoo.com for taking down the working site from the second phish within about an hour after my report. Others may have reported, too, and that’s OK. As long as they act quickly.

UPUPDATE (18:53 PDT): Well, I see this is going to be a battle. No sooner did the yahoo-hosted site go down, than the same spammer opened up a new godaddy.com-hosted site with a slightly different domain. His current domain name scheme is to use “paypal-” followed by typical URL letters one sees in PayPal and eBay log-in URLs before the “dot com.” I don’t know how quickly go-daddy will respond, but I’ve got my fingers crossed. If he wouldn’t keep sending me this crap, I wouldn’t be the wiser.

UPUPUPDATE (20:07 PDT): The godaddy-hosted version is now also no more. But, no, I don’t expect this guy to give up this easily.

UP(x4)DATE (22:39 PDT): I was right. The guy started up yet another domain, this time hosted at networksolutions.com. I reported it at 20:15, and just checked at 22:39 to find that Network Solutions shut this one down. Quite an evening (while I’m busy working on something else). It’s encouraging that three large ISPs—Yahoo, Godaddy, and Network Solutions—responded within one to two hours to shut down phishing sites. Speed is vital, so I’m glad they have mechanisms in place to act quickly. Three phishing sites out of hundreds is a drop in the bucket, but those ISPs definitely saved the identities of some folks tonight.

[From http://www.SpamWars.com]

Danny Goodman Takes Aim at a Phisher

 Follow Anne on Twitter

 Twitter Explained in Plain English

Previous Article « AIM Mail: AOL Jumps on the 2Gig Webmail Bandwagon with AOL Instant Messenger Mail
Read Next Article » Get McAfee Internet Security 2005 for Windows for Free!

Read more:

»  The “Must Read” Spam Book of the Year, If Not the Decade

»  What is the Precursor of the Internet? Who Invented the Internet? When was the Internet First Created? Read a Brief History of the Internet Here

»  Phishing Victim Sues Own Bank

»  In the Beginning There Was ARPANET. And It Was Good.

For additional similar stories check out our archives on Good Guys, Phishing

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

 

4 Comments »

  1. Nicely done!

    Comment by Jason — 5/11/2005 @ 11:40 am

  2. get rid of junk mail

    Comment by juanita kennedy — 5/11/2005 @ 12:09 pm

  3. aqpatoq picks nits again: Those are not ISPs, they are domain name registrars (in this context. Okay, so maybe some or all of them are also ISPs, for some definition of ISP.)

    Comment by aqpatoq — 5/11/2005 @ 9:36 pm

  4. aqpatoq: They are also web site hosting operations (yes, even godaddy). The sites I reported were being hosted by those providers, and those providers eliminated access to those sites in short order. Domain registration was not the issue, but a side benefit of those providers also being domain registrars is that they subsequently canceled all three domains.

    Comment by Danny Goodman — 5/12/2005 @ 7:36 am

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


If you have not posted a comment here before, we apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day! You only need to do this once; once you have successfuly posted a comment here you will not be asked to do this again. Thank you for your understanding!

 
 This article first appeared on 5/11/2005
The Internet Patrol
Patrolling the Internet for You!