Phishing (P)Fun

Calendar October 28, 2005 | Posted by Aubrey Turner

A long time ago (in a galaxy far, far away…) I once made the mistake of making a purchase from WorldNetDaily’s online store.  It took a while, but I was eventually able to recover from the onslaught of email they sent out, although from time to time they conveniently “forget” that I don’t want to get email.  However, their opt-out ability doesn’t excuse their either leaking or selling my email address to spammers and phishers. 

One of the benefits of having a dedicated email address for each entity I do business with is that it makes most phishing attempts simply silly.  Such as the “PayPal account validation” scheme.  For those who may not be familiar with this scam, some POS thief will create an email appearing to be from PayPal that says that if you don’t revalidate your account that it will be suspended.  They give a link in the email that appears to take you to the PayPal site, but it’s actually their own front-end that mimics PayPal.  If you enter your information on the confirmation page, you’re screwed, because they will have a lot of sensitive data on you (see extended entry for details).

Anyhow, I just got one of these scam emails at the WorldNetDaily email address.  But just for grins, I followed the link and took a look at the site.  First, it has a form for your Paypal ID/password on the first page.  Interestingly, though, it doesn’t care if you leave it blank.  It simply takes you to the “confirmation page.”  Examining the page source for the frame, I found this tidbit:


<form method=“post” action=“account.php” name=“uhoh”>

Note the name attribute.  If you were to submit the form with correct data, “uhoh” would be an understatement.  This POS may be a thief, but he appears to have a sense of humor.  I hope it makes him many friends in the gray-bar motel.

Update:Now they’re trying to get me to update my Wells Fargo account, which would be interesting, except that a) I don’t have one, and b) the email was sent to my “blog” email (which is one of the hazards of commenting on some blogs).

(click for humongous)

(the line is where I had to scroll the screen and glue two captures together with GIMP)

Category Categories: Privacy

1 Comment

  1. Jeff Medcalf says:
    October 29, 2005 at 8:56 pm

    Just for fun, try googling “The safety and security of your bank account information is protected by paypal”.  I got three sites, none of them actually PayPal.  (I’ve never gone to the lengths of actually looking at the phishing sites, but I suspect that you could find a lot of bogus sites by searching on terms from the real sites, and even more by doing that and throwing in misspellings.