[Spam Wars author Danny Goodman doesn’t just write about spam wars – he’s actively engaged in the trenches. Here, guest author Danny Goodman, fresh from the ordeal, tells us about taking aim at a phisher just last night.]
May 10, 2005
Imagine That: Phishers Are Cynical
One newbie PayPal phisher forgot to fill in some of the blanks to the message, so the phishing kit’s placeholders got through in his first attempt. The placeholder link for this one was to the nonexistent domain:
paypalvictims.com
Eight minutes later, he corrected his mistake and sent out the same message (through the same zombie, no less), but this time with a newly-minted domain hosted at yahoo.com.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Click on the link, fill out the form, and you will be a victim.
UPDATE: Kudos to yahoo.com for taking down the working site from the second phish within about an hour after my report. Others may have reported, too, and that’s OK. As long as they act quickly.
UPUPDATE (18:53 PDT): Well, I see this is going to be a battle. No sooner did the yahoo-hosted site go down, than the same spammer opened up a new godaddy.com-hosted site with a slightly different domain. His current domain name scheme is to use “paypal-” followed by typical URL letters one sees in PayPal and eBay log-in URLs before the “dot com.” I don’t know how quickly go-daddy will respond, but I’ve got my fingers crossed. If he wouldn’t keep sending me this crap, I wouldn’t be the wiser.
UPUPUPDATE (20:07 PDT): The godaddy-hosted version is now also no more. But, no, I don’t expect this guy to give up this easily.
UP(x4)DATE (22:39 PDT): I was right. The guy started up yet another domain, this time hosted at networksolutions.com. I reported it at 20:15, and just checked at 22:39 to find that Network Solutions shut this one down. Quite an evening (while I’m busy working on something else). It’s encouraging that three large ISPs—Yahoo, Godaddy, and Network Solutions—responded within one to two hours to shut down phishing sites. Speed is vital, so I’m glad they have mechanisms in place to act quickly. Three phishing sites out of hundreds is a drop in the bucket, but those ISPs definitely saved the identities of some folks tonight.
[From http://www.SpamWars.com]
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
aqpatoq: They are also web site hosting operations (yes, even godaddy). The sites I reported were being hosted by those providers, and those providers eliminated access to those sites in short order. Domain registration was not the issue, but a side benefit of those providers also being domain registrars is that they subsequently canceled all three domains.
aqpatoq picks nits again: Those are not ISPs, they are domain name registrars (in this context. Okay, so maybe some or all of them are also ISPs, for some definition of ISP.)
get rid of junk mail
Nicely done!