Danny Goodman Takes Aim at a Phisher - 1,578 Views, 4 Comments

Summary: [Spam Wars author Danny Goodman doesn't just write about spam wars - he's actively engaged in the trenches. Here, guest author Danny Goodman, fresh from the ordeal, tells us about taking aim at a phisher just last night.] May 10, 2005 Imagine That: Phishers ...

Previous Article « AIM Mail: AOL Jumps on the 2Gig Webmail Bandwagon with AOL Instant Messenger Mail
Read Next Article » Get McAfee Internet Security 2005 for Windows for Free!

Follow Anne on Twitter Friend Anne on Facebook

[Spam Wars author Danny Goodman doesn't just write about spam wars - he's actively engaged in the trenches. Here, guest author Danny Goodman, fresh from the ordeal, tells us about taking aim at a phisher just last night.]

May 10, 2005

Imagine That: Phishers Are Cynical

One newbie PayPal phisher forgot to fill in some of the blanks to the message, so the phishing kit’s placeholders got through in his first attempt. The placeholder link for this one was to the nonexistent domain:
paypalvictims.com

Eight minutes later, he corrected his mistake and sent out the same message (through the same zombie, no less), but this time with a newly-minted domain hosted at yahoo.com.

Click on the link, fill out the form, and you will be a victim.

UPDATE: Kudos to yahoo.com for taking down the working site from the second phish within about an hour after my report. Others may have reported, too, and that’s OK. As long as they act quickly.

UPUPDATE (18:53 PDT): Well, I see this is going to be a battle. No sooner did the yahoo-hosted site go down, than the same spammer opened up a new godaddy.com-hosted site with a slightly different domain. His current domain name scheme is to use “paypal-” followed by typical URL letters one sees in PayPal and eBay log-in URLs before the “dot com.” I don’t know how quickly go-daddy will respond, but I’ve got my fingers crossed. If he wouldn’t keep sending me this crap, I wouldn’t be the wiser.

UPUPUPDATE (20:07 PDT): The godaddy-hosted version is now also no more. But, no, I don’t expect this guy to give up this easily.

UP(x4)DATE (22:39 PDT): I was right. The guy started up yet another domain, this time hosted at networksolutions.com. I reported it at 20:15, and just checked at 22:39 to find that Network Solutions shut this one down. Quite an evening (while I’m busy working on something else). It’s encouraging that three large ISPsâ€”Yahoo, Godaddy, and Network Solutionsâ€”responded within one to two hours to shut down phishing sites. Speed is vital, so I’m glad they have mechanisms in place to act quickly. Three phishing sites out of hundreds is a drop in the bucket, but those ISPs definitely saved the identities of some folks tonight.

[From http://www.SpamWars.com]

Danny Goodman Takes Aim at a Phisher

Follow Anne on Twitter

Twitter Explained in Plain English

Friend Anne on Facebook

Previous Article « AIM Mail: AOL Jumps on the 2Gig Webmail Bandwagon with AOL Instant Messenger Mail
Read Next Article » Get McAfee Internet Security 2005 for Windows for Free!

» What is the Precursor of the Internet? Who Invented the Internet? When was the Internet First Created? Read a Brief History of the Internet Here

» Phishing Victim Sues Own Bank

» In the Beginning There Was ARPANET. And It Was Good.

For additional similar stories check out our archives on Good Guys, Phishing

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

4 Comments »

Nicely done!

Comment by Jason — 5/11/2005 @ 11:40 am
get rid of junk mail

Comment by juanita kennedy — 5/11/2005 @ 12:09 pm
aqpatoq picks nits again: Those are not ISPs, they are domain name registrars (in this context. Okay, so maybe some or all of them are also ISPs, for some definition of ISP.)

Comment by aqpatoq — 5/11/2005 @ 9:36 pm
aqpatoq: They are also web site hosting operations (yes, even godaddy). The sites I reported were being hosted by those providers, and those providers eliminated access to those sites in short order. Domain registration was not the issue, but a side benefit of those providers also being domain registrars is that they subsequently canceled all three domains.

Comment by Danny Goodman — 5/12/2005 @ 7:36 am

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This article first appeared on 5/11/2005

About

About TIP

About Anne

Follow Anne On:

Twitter
Linked In
Facebook

*Twitter Explained in Plain English

Search
Categories

Recent Comments to Our Articles

Dozer: I read where the Flexispy works for "smart phones" I have a Razr and the target phone is also a Razr. Would this software work read

"gunner": to: Chatoorgoon Jagdeo, congratulations, you have saved yourself time and money, and avoided seeing your hard earned money going into the pockets of thieves. well done read

"gunner": how many times do you have to be told, "the cake is a lie, there is no spoon" and the lottery is a scam read

"gunner": good reasons why i've avoided both "facebook" and "twitter" and will continue to do so read

Del Irwin: The service was ok for 5 years, though with hidden charges and lots of calls to get them removed. Very slimey company.. when I went read

william: my home boys comment isnt on here wtf read

william: I don't think his is a real becuse if it was why could they not just give them the rice?i thing that tis is just read

Harishchandra Salvi: Please help me to get my mobile Nokia 1209 Silver Grey IMEI: 356072033323873 i love my mobile very much and request you to help me pls. read

Pierre: Sad, sad, sad. You'd think that the designers of the Kindle would have known something about the real world, and that the product would read

Allen MacCannell: Hi Anne, Twitter is, sadly, not adding anything close to what Tweetdeck and Twhirl offer. Those two apps (+ the fantastic PowerTwitter Firefox plugin) setup a read

Todd: The link doesn't go to a form anywhere, and I can't find the form. Perhaps they don't allow this for anyone anymore. read

Jon: There are a couple of organisations clammering to purchase shares in City Networks Inc. One of them being "Penn Capital Management Ltd" in Osaka, Japan read

Fjord Prefect: The reason why Google is upset is this: Microsoft already owns 80% of the desktops in the world, they also provide IE which comes with read

Michael Anderson: The lawyer's comment is idiotic. A customer who has received poor service outside of the bounds of the terms of his agreement with the carrier read

Michael Anderson: This is not exactly correct. In most states, minors are able to form "voidable" contracts--that is, the minor can bind the competent party, but the read

Get a FREE summary of the week's articles by email every Friday!
We NEVER share your email address, and you can stop them any time!

Be sure to watch for the confirmation email!

Search

Get a FREE summary of the week's articles by email every Friday!
We NEVER share your email address, and you can stop them any time!

Be sure to watch for the confirmation email!