Danny Goodman Takes Aim at a Phisher

The Internet Patrol - Patrolling the Internet for You
Follow Anne
Rate this post!
 


[Spam Wars author Danny Goodman doesn’t just write about spam wars – he’s actively engaged in the trenches. Here, guest author Danny Goodman, fresh from the ordeal, tells us about taking aim at a phisher just last night.]

May 10, 2005


Imagine That: Phishers Are Cynical

One newbie PayPal phisher forgot to fill in some of the blanks to the message, so the phishing kit’s placeholders got through in his first attempt. The placeholder link for this one was to the nonexistent domain:
paypalvictims.com

Eight minutes later, he corrected his mistake and sent out the same message (through the same zombie, no less), but this time with a newly-minted domain hosted at yahoo.com.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

Click on the link, fill out the form, and you will be a victim.

UPDATE: Kudos to yahoo.com for taking down the working site from the second phish within about an hour after my report. Others may have reported, too, and that’s OK. As long as they act quickly.

UPUPDATE (18:53 PDT): Well, I see this is going to be a battle. No sooner did the yahoo-hosted site go down, than the same spammer opened up a new godaddy.com-hosted site with a slightly different domain. His current domain name scheme is to use “paypal-” followed by typical URL letters one sees in PayPal and eBay log-in URLs before the “dot com.” I don’t know how quickly go-daddy will respond, but I’ve got my fingers crossed. If he wouldn’t keep sending me this crap, I wouldn’t be the wiser.

 

UPUPUPDATE (20:07 PDT): The godaddy-hosted version is now also no more. But, no, I don’t expect this guy to give up this easily.

UP(x4)DATE (22:39 PDT): I was right. The guy started up yet another domain, this time hosted at networksolutions.com. I reported it at 20:15, and just checked at 22:39 to find that Network Solutions shut this one down. Quite an evening (while I’m busy working on something else). It’s encouraging that three large ISPs—Yahoo, Godaddy, and Network Solutions—responded within one to two hours to shut down phishing sites. Speed is vital, so I’m glad they have mechanisms in place to act quickly. Three phishing sites out of hundreds is a drop in the bucket, but those ISPs definitely saved the identities of some folks tonight.

[From http://www.SpamWars.com]

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

4 thoughts on “Danny Goodman Takes Aim at a Phisher

  1. aqpatoq: They are also web site hosting operations (yes, even godaddy). The sites I reported were being hosted by those providers, and those providers eliminated access to those sites in short order. Domain registration was not the issue, but a side benefit of those providers also being domain registrars is that they subsequently canceled all three domains.

  2. aqpatoq picks nits again: Those are not ISPs, they are domain name registrars (in this context. Okay, so maybe some or all of them are also ISPs, for some definition of ISP.)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.