Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

How Well Do Businesses Respond to Phishing Reports? 90

Posted by Cliff from the is-abuse@-worth-anything dept.
FuzzyDaddy asks: "When I receive a phishing email, which I find has some new or interesting technique, I will usually forward it to the appropriate abuse department. I recently got one concerning 'my' paypal account (surprising, since I don't have one), which I forwarded to abuse@paypal.com. I received an automated reply telling me to 'please direct all customer service inquires through our website.' I didn't have time to do that, so I let it go. Is paypal being irresponsible, here? Have others on Slashdot been satisfied with their attempts to report Phishing?"
This discussion has been archived. No new comments can be posted.

How Well Do Businesses Respond to Phishing Reports? More

How Well Do Businesses Respond to Phishing Reports?

Comments Filter:

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) * on Saturday January 28, 2006 @08:51PM (#14590841)
    Comment removed based on user account deletion

    • Re:Wrong address. (Score:5, Informative)

      by TFGeditor ( 737839 ) on Saturday January 28, 2006 @09:00PM (#14590878) Homepage
      Ditto for eBay--spoof@ebay.com.

      Always include original full headers.

      You might also want to submit phishing scams to reportphishing@antiphishing.org.

      • Ditto for eBay--spoof@ebay.com.

        I wish they would make this clearer (or if they do, I wish they did it better in the past). About a year or two ago I got a phishing email pretending to be from eBay. I sent it to abuse@ebay.com but got a form letter telling me to go through their web site (and not only that, the form REQUIRED that I log into my ebay account - so if I didn't have one, I would have no way to report phishing, which is absurd). So I just let it drop. I'm trying to do them a favor, but I don't
      • I am like the Grandparent post - fill the site with junk (Even wrote a java script to do it for me once!) At any rate most of the sites are on hacked servers. Thus the first thing that I do is to go to Deadbeef [deadbeef.com] and look up the owners of the main site. Then I send the email with full headers to the owners of the hacked server. I also CC it to the bank/CU/ebay/paypal that is being phished. I have gotten replies from Credit Unions and banks thanking me! I have even heard back from Poland and the Philipp

      • Yet another example of big Companies ignoring internet standards.

        http://www.rfc-ignorant.org/policy-abuse.php [rfc-ignorant.org]
    • Typing in a wrong password first is a brilliant trick but it's not "surefire" any more.

      Now that banks are issuing one-time passwords and SecurID tokens, reports are that some phishers have invested in the software and infrastructure to do real-time man in the middle attacks. They talk to the genuine version of the web site they're impersonating and pass along your credentials. If you supply the wrong password, they echo back the "invalid login" from the real site.

      I'm currently recommending "go to your bank
    • One of the problems with submitting "fake" username/passwords is that there is the slight possibility that the username actually exists for someone else. Thus, attempts by the phisher to use the password could lock their account. This is not fair to the user at all who gets struck by this since they have no clue why their account was locked.

      If you do use the username/password, make the username about 32 random alphanumeric characters. The less likely it is a real username, then the less impact to innocen
    • A bunch of people are missing the point that you put in BOTH usernames and passwords that are fake.

      Names like are my favorites.

    • Re:Wrong address. (Score:3, Informative)

      by Eivind Eklund ( 5161 )
      abuse@ is one of the standard mail addresses from the Internet standard RFC2822 (I think it was in 2822 the standard names were, anyway). In my opinion, PayPal is being irresponsible.

      Eivind.

    • "I know a lot of people actually fall for them. I always tell them that the surefire way to tell if it's a spoof is to put a fake username/password in when prompted. Not only do they then get fake information, but if it gets accepted, you know that the site is fake. I've gotten my whole family to start doing this after my sister fell for one"

      That's a really good idea, thanks. I'm going to get my family to do the same.

  • Our reports aren't very important (Score:5, Interesting)

    by Nuclear Elephant ( 700938 ) on Saturday January 28, 2006 @08:54PM (#14590855) Homepage
    Our reports aren't very important, as most institutions pay fraud takedown companies to monitor the net for phishing attacks using their name, and outsource the legal aspect of it all together. A company like Paypal wouldn't directly address phishing attacks, instead they would pay a very large sum of money to someone else to make it go away.

    With that said, those hosting the phishing sites have been very responsive. I came across a paypal phish on poly.edu's network, emailed abuse, and it was gone when I checked an hour or so later, along with an email response in my inbox. Problem is that the burden of enforcement is more on the company being phished than the source of the attack.
    • Reports directly to PayPal and eBay are handled by those companies directly. Our reports, our rather your reports, do make a huge differnce. I say "your reports" because I head the abuse department for a large webhost. We deal directly with eBay, PayPal, AOL, and more directly on abuse issues. Banks tend to outsource if they are US Banks whereas EU banks tend to outsource. Reports that are CC'd to the webhost are acted on very quickly. To properly report a phishing scam the following information, while seem
      • I only submit a report if I find the phishing web site is up. Businesses, I think, ought to forward the abuse@xxx.com emails to the correct place, as abuse has become like webmaster - an account name people expect to be answered. (Heck, if you want to sort the abuse emails by type, modify spambayes to score the complaint emails based on your human reps training - it shouldn't take long to train it up.)

        Also, why is the email header information so important? I presume the email came from a zombie machine

        • The headers allow us and the wronged entity to attempt to get something done about said zombied machines, bad formmails, and so on. Sometimes it leads nowhere but other times we can put a stop to a source of spam. You would be amazed at how many phishing emails come from things like the php-nuke webmail module. We this is the case the offending provider usually takes swift action. Reporting a phishing site should lead to a chain of events and while rarely leads to those phishing it can help to stem the flow

  • Paypal security center - "Alert us to fraud" (Score:5, Informative)

    by arb ( 452787 ) <amosba AT gmail DOT com> on Saturday January 28, 2006 @08:55PM (#14590857) Homepage
    Fake Email/Website (Spoof, Phishing) [paypal.com]

    Paypal, eBay, Amazon, etc all have pretty good security centres. I am surprised that abuse@paypal.com gave that automated reply, but if you visit their website the security centre is prett yeasy to find. You might not get a personalised response to your report because they get so darn many reports, but they do follow through on all reports.

    • The std form letter that says we're too gawddamned busy to worry about your little squeek is all I've ever gotten from them when fwding such crap to abuse@. As for useing a new 'spoof' address for this when IIRC the RFC says it should be abuse@ is just ducking the issue and hoping it will go away.

      Personally, I sort ALL that crap to the JunqueMail folder and make it all go away about daily.

      Personally also, I've always looked at my fellow man as a like minded person, but the last 65+ years has taught me ther

  • Someday, take a look at those phishing websites (Score:4, Interesting)

    by destuxor ( 874523 ) on Saturday January 28, 2006 @08:57PM (#14590861)
    Once I looked at the website scamming PayPal (it was somewhere in South America) to see if I could get anything out of the server stats (http://example.com/server-stats [example.com]) and other such Apache functions. To my horror, the Perl script that would accept input from the "verification" web page had several hundred hits. Either people are submitting bogus information, or hundreds of individuals are being fooled by these scams.

  • Outside of the actual businesses (Score:4, Informative)

    by BMIComp ( 87596 ) * on Saturday January 28, 2006 @09:11PM (#14590930)
    You could always report it to CERT [us-cert.gov] (US Computer Emergency Readiness Team) or the FBI's Internet Crime Complaint Center [ic3.gov].
  • I had 2 seperate emails to get through.
    Twice I got an 'ALERT: Your email has not been received by eBay.' email.

    Finally I figured they need 'Fw:' in the subject title.

    keybank.com was even worse they never responded back and the phishing site was available for several weeks after I submitted a report.

  • Bank of America (Score:3, Interesting)

    by MikkoApo ( 854304 ) on Saturday January 28, 2006 @09:13PM (#14590939)
    I almost submitted a report about a phishing attack to the Bank of America. What stopped me was that the feedback form required me to submit my email address with the feedback and the feedback page's EULA had something like this in there: "we might use your address to send occasionaly information about our services". I may be paranoid but that translates way too easily to "we will be sending you spam as soon as possible".

    And no, I didn't send them feedback on how they could improve their website.

    • Re:Bank of America (Score:4, Interesting)

      by Harker ( 96598 ) on Saturday January 28, 2006 @09:43PM (#14591079)
      I actually did fill out their form for one I received. I'm not too terribly worried about spam from someone like them. Perhaps I'm naive, but I don't believe they will continue if I request them to stop sending it.

      Anyway, I got a reply, from a real person, telling me they needed my account number in order to proceed. I told them I didn't have one, and that I only forwarded the information to them so they could stop possible fraud. They replied that they still needed my account number to proceed.

      My final response to them was not very kind, and I never heard back from them again. I'm certain the profanity in it caused them to dump my 'case' right there. Too bad for their customers. Luckily, I won't ever be one.

      H.
    • What stopped me was that the feedback form required me to submit my email address with the feedback and the feedback page's EULA had something like this in there: "we might use your address to send occasionaly information about our services".

      Boy, that's a tough break. If only there were some technological method that would allow you to put a fake email address in the form, or some free webbased email account you could sign up for and then discard immediately afterward.

      No, sir, once they outlawed Hotmai

      • I think it's the whole principle that he's against. Everyone wants your email address now. And they all think they should be sending you email there with updates about their products. It's pretty bad that they want to subject you to spam for trying to submit a phishing attempt to their web site.
        • I think it's the whole principle that he's against.

          I understand and agree. So, lie. You have no relationship with them, other than that you're trying to do a nice thing, right? I see nothing in that arrangement that obligates you to being honest about your identity.

          • Re:Bank of America (Score:2, Insightful)

            by MikkoApo ( 854304 )
            You're right, I could have lied about my identity. But CastrTroy was right, that was about a principle. I support things which I like and I don't support things which I don't like. I hope that in the long run market forces will make the "good" things flourish and drive the "bad" things/companies/whatever out of business. For example: Sony bad, open source good. When enough people start making conscious choises the companies might actually start caring about their customers again.

            And for the record, since I

    • Any time you don't want to leave personal information on a webform, just use mailinator [mailinator.com].

      You never have to worry about giving out your email address & getting flooded with spam.

  • RFC Violation (Score:4, Informative)

    by strredwolf ( 532 ) on Saturday January 28, 2006 @09:16PM (#14590949) Homepage Journal
    Paypal's been dropping anything that comes to abuse@, which not only is an RFC Violation (and there's a DNSBL of those), but is part of a slow trend of ISP's and other similar service providers to kill off abuse@ and postmaster@.

    • Re: (Score:2, Informative)

      by account_deleted ( 4530225 )
      Comment removed based on user account deletion
    • The other week I sent abuse@hotmail.com a Nigerian scammer email with some details of their scam, and it was coming from a hotmail account. The message said it would be looked into, then I got another email saying that my report was undeliverable to abuse@hotmail.com since whatever address it forwarded to wasn't working.

      I tried emailing a week later, and it got through this time to get another automated message saying it was being looked into. Weeks later, and the scammer still has their email account wor

      • Re:RFC Violation (Score:3, Interesting)

        by Skapare ( 16644 )

        I read elsewhere that 75% of what is coming OUT from Hotmail/MSN server is spam of one sort or another (and apparently mostly phishing and similar scams based on what I've gotten in the past). It's time to just refuse all email from Hotmail/MSN servers ... except for specific email addresses you know of by whitelisting them. This is what I have had to do (because Hotmail/MSN reached the point of representing more than 50% of all incoming spam because I've been rather effective at blocking spam from lots o

    • Re:RFC Violation (Score:3, Informative)

      by Mike Markley ( 9536 )
      I dare you to point me at the RFC that says abuse@ must be read, and prohibits autoresponding to inform legitimate senders of the proper procedure.

      Go ahead, I'll wait.

      • There doesn't need to be any RFC. I simply send reports to abuse@${serverdomain} and ignore auto-replies. Once any one domain reaches a count of 3 separate incidents of spam, then no further email is accepted from that domain and no further reports are sent to them (the third and final report does say that they are now blacklisted due to our "three strikes" policy). One exception is if it is a case of a zombie machine operated by a customer of the ISP whose domain is in reverse DNS, and they provide a su

  • .. and then does not do crap about it... read my journal and see what happened to my roommate.. he lost his account, because he responded to the phish, but yahoo has yet to my knowledge taken the site down

    • Ditto. (Score:3, Interesting)

      by antdude ( 79039 )
      I also ran into this a few weeks ago with my own account when I accidently stumbled into phishing on a dot.tk Web site (stupid of me not paying attention to the domain at 3 AM). I never entered real datas when I signed up for a Yahoo! account about a decade ago so I didn't know what I used when they asked for my birthdate, Q&As, and stuff. Yahoo! wouldn't even lock my account!

      I managed to get the phisher's two Web sites shut down by dot.tk's abuse department. So, the second time phisher came on to spam
      • I've discovered more recnetly that netscraft has a toolbar that can be used to report phishing sites. They will check the site out and then block it in their toolbar. So if you install the toolbar under IE/firefox, you can have known phishing sites blocked, before you get to the phish site.

        I'm going to get my roommate to start using this instead of mozilla.

        • Well, I use Mozilla and Linux so... It was a user error. Remember it was 3 AM so I was freaky tired and not paying attention. It is a good example of social engineering.
  • What I mean is, the phishers aren't abusing Paypals service, they are abusing someone elses service, thier isp or whatever. I don't blame you for sending them new techniques and whatnot, it sounds like a good idea, but there isn't anything paypal can do with respect to the services provided by paypal.com to stop a particular phisher.

  • Considered sending paper mail? (Score:3, Insightful)

    by Michael Spencer Jr. ( 39538 ) * <spamNO@SPAMmspencer.net> on Saturday January 28, 2006 @10:47PM (#14591376) Homepage
    The original poster asked about experiences with other companies.

    Personally, I feel email is not a reliable way to make first contact with someone, unless you have some arrangement made with them in advance. While email sent to abuse@ and postmaster@ should always be read by a live person, many spammers send bulk email to abuse@ and postmaster@ addresses. Any published email address is likely to receive a large number of unwanted email messages, and anyone who reads mail at that address must spend extra time removing unwanted messages. Sometimes important messages are deleted or ignored by mistake.

    Some companies ask to be contacted by email. They might publish a customer service email address on their web site, or publish a 'Contact Us' page which lists email addresses which can best handle different kinds of issues.

    If you just guess an email address, or if you send mail to a published address where the recipient hasn't requested your email, I don't think you can assume your email will always be read, or that you can fairly call a company irresponsible for failing to read your unsolicited email.

    Phone calls, faxes, and paper mail require more effort than an email message. If a company doesn't respond to an email message, but you really are interested in helping them find this web site, it might be worthwhile to look up their fax number or mailing address, and contact them that way. If you don't really want to help them, you don't have to. It's completely optional.

  • Why bother? (Score:3, Insightful)

    by cdrguru ( 88047 ) on Saturday January 28, 2006 @11:04PM (#14591453) Homepage
    Do you believe there is anything that a company that is the target of a phishing attack can do? Let's see here, someone signs up for a hosting account and the hosting company is under legal obligation to protect the identity of their customer. If that hosting company is in a different country than the target, then without international police cooperation, you aren't going to get anywhere. No court is going to force a hosting company to disclose the identity of someone that might be either the perpetrator or a victim.

    So, your helpful report (along with a few thousand others) is likely to be met with either silence or open rejection. There isn't much they can do, and it is unlikely they can do much for the fools that fall for such scams. If you believe you bank is going to send you email from a host they don't have their domain name on, you will believe anything. More over, these days if you think your bank is going to send you email at all you are being silly. They already figured out that email is useless given the density of spam.

    The problem is the target is helpless. It is up to people to stop responding to this stuff. If we aren't going to go after the people that send this out, what do you want the target to do?
    • About half of all banks that send legitimate e-mail send it from
      a host they don't have their domain name on, in my experience.
      I don't have a bank message in my current inbox but Discover Card,
      for example, sends e-mail from arm149.bigfootinteractive.com. The
      bigfootinteractive.com web site (which I believe is legitimate) says
      it's a "leading provider of strategic, ROI-focused email
      communications solutions."

      Actual banks, credit unions, etc. use similar e-mail outsourcing.
      The messages that give me short https UR
      • And it is a filtering nightmare. Most mail to our domains from BigFootInteractive bounce, because we can't keep them from sending to addresses that haven't existed in a decade. We selectively unblock ones we know are legitimate, but they keep changing the from address. They don't seem to take a 550 very seriously.

        What is the use of using a service to send email when that service has a bad reputation and is on a lot of spam lists?

    • Yes, there are things they can do! (Score:5, Interesting)

      by WoodstockJeff ( 568111 ) on Sunday January 29, 2006 @02:07AM (#14592036) Homepage
      Do you believe there is anything that a company that is the target of a phishing attack can do?

      The first thing they could do is to publish SPF records for their domains. And not the ones that end in "~all" ("and accept any other IP, in case we forgot one") like AOL, HOTMAIL, and many other sources whose domains are faked constantly use. The ability to tell your users "Hey, this didn't come from who it is claiming to have come from" is a start. But PayPal, eBay, and most banks I've seen scammed have no inkling of how a simple change to their DNS would protect them and their customers.

      The second thing would be to tell their web servers to not serve images up that have the wrong referrer. Hey, referrer checking isn't 100%, but any time you have an image request from a victim of one of these scam mails, it would be a lot better if that picture had "THIS IS A FRAUD MESSAGE" overlayed on it. It would force the scammers to go back to hosting the pictures on the scam site, which is a harder to do than simply uploading a single script to a slightly-insecure website in Brazil or Ohio. And the emails are as legitimate looking as they are because they use the scammed bank's own graphics, from their own servers!

      • ~all does not mean "accept any other IP", it means "if you see another IP, it's not automatically bogus, but be suspicious anyway". ?all means "accept any other IP".

        I, personally, tack on +2 in SpamAssassin for softfail (~all) and +4 for fail (-all), but I leave it alone for neutral (?all).
      • The problems with SPF is that its broken with regards to forwarding accounts.

        Unless the forwarding account is SPF aware (which is not trivial to do) legit e-mail will say its from ebay.com but the ip will be for forward-mail.com and ebay won't be able to send e-mail to those customers.

        Until everyone makes sure their servers are SPF compatible I can't see how companies like ebay can possibly use SPF records and reliably get their mail to their customers.
      • "...Brazil or Ohio."

        I live in Ohio, have for most of my life. Brazil should be deeply offended.

    • Re:Why bother? (Score:3, Insightful)

      by FuzzyDaddy ( 584528 )
      It is up to people to stop responding to this stuff.

      Here's where I'd draw an analogy to the credit card business. Credit card companies did not used to be liable for fraud, and did very little to protect people from it. In fact, they would do things that were very insecure (like sending out live, unsolicated credit cards to people, that would get intercepted and used by thieves.) It was a huge problem, and it was eventually solved by Congress limiting individual's liability in credit card fraud cases t

  • Halifax and Cyota (Score:3, Informative)

    by JJC ( 96049 ) * on Saturday January 28, 2006 @11:50PM (#14591619)

    I recently received a phishing mail pretending to be from Halifax (a UK bank). I clicked the link and it worked so I forwarded the mail to the address (onlineemailinvestigations@hbosplc.com) listed on their real web site [halifax.co.uk]. I've done this before and got the usual instant form response but this time I got that and a bounce message saying that my message could not be delivered to HBOSfeed@cyota.com. Cyota [cyota.com] appears to be a company which Banks outsource their phishing responsibilities to.

    I figured this was just a misconfiguration somewhere so I tried mailing postmaster@cyota.com and that bounced too so I think I then filled in the Contact Us form on their web site (I'm not certain if I got round to doing it, but I think I did). Next time a phishing e-mail came I forwarded it as usual but I got the same bounce so this time I tried mailing postmaster@hbosplc.com. This one didn't bounce so I figured someone was sorting it out.

    Then yesterday another phishing e-mail came so I forwarded it to the designated address again and got the same bounce again. Now I'm out of ideas, but to answer the original poster's question: In the case of Halifax and Cyota, I'd say, "not very".

    • I've had a couple of phishing attempts recently from Nationwide. The disturbing thing is that they know the right email address (it's one that I only use for banking with that bank) and my postcode.
      It seems that their database has either been stolen, or they've sold it to the phishers.

      Nationwide don't even have an address to forward phishing attempts to as far as I can tell.
      • Same here, got a phishing email supposedly from Halifax. It had my real name and full postal address. I forwarded it to the onlineemailinvestigations@hbosplc.com email address and asked how the phishers knew this information. I received a standard response from them, but a couple of days later when trying to log into the real site, I found out that they had suspended my logon as a result of the phishing attempt. I had to call them up to get it reinstated. They never did get back to me regarding how my detai
  • From a little over a year ago [slashdot.org]

    It's nice to see that nothing has changed as far as the banks go.

  • Yahoo doesn't respond (Score:4, Funny)

    by WoodstockJeff ( 568111 ) on Sunday January 29, 2006 @01:55AM (#14592000) Homepage
    Well, actually, that's not true. How can you respond to mail you don't receive?

    A week ago, I got a phishing scam that used the address http://paypal-com-us-ssl.info/ [paypal-com-us-ssl.info] for its responses. At the time (it's dead now), that address resolved to a YAHOO server. So, I reported it, including the whole phishing message, with headers, to abuse@yahoo.com.

    Their response? Don't know - their abuse@yahoo.com address has a spam filter on it, which rejected the message because it contained a phishing scheme:

    abuse@yahoo.com: host mx1.mail.yahoo.com[4.79.181.14] said: 554 Message type not allowed. UP Email not accepted for policy reasons. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04. html [yahoo.com] [#4.16.3:120] (in reply to end of DATA command)
  • If you do nothing the problem will not go away. I don't know if reporting it will help, but, I keep hoping.

    A few addresses I keep ->

    abuse@bankofamerica.com
    internetsecurity@barclays.co.uk
    spoof@ebay.com
    abuse@msn.com
    spoof@paypal.com
    identitytheft@skifi.com

  • from the other side (Score:4, Informative)

    by rritterson ( 588983 ) * on Sunday January 29, 2006 @02:28AM (#14592093)
    Just before I started working at my current job, our webserver was hacked and used as an ebay phishing site. It didn't take long before our offices were getting personal calls from agents at the FBI and urgent contact from the ISP who runs our node.

    Suffice it to say we took action ASAP. I have a feeling they would have forced us to do something about it if we dragged our feet. I'm assuming they do the same for other reports they receive.
  • I regularly get phishing emails. As soon as I get them I send them with full headers to the particular website. In fact, I've done this so many times that I have added the various "spoof" email addresses for ebay, paypal, etc. websites to my address book. I always get the usual automated response, which is somewhat disconcerting since nine times out of ten I don't have accounts with these people and I am spending my time trying to help them out. In the end I consider it good karma. I hope they find my email
  • so each company cannot be expected to handle the downstream effects of what anyone else does in their name.

    it is just too easy to create large swarms of automated, online agents - each of which can cause huge numbers of incidents.

    Yes, they should do their best (because if the problem continues, it will hurt their bottom line) - but really this is a social/criminal problem and companies don't have the authority to impose any real penalty on people doing this. in our world (now) only governements have that a

  • FedEx botches it (Score:4, Interesting)

    by Animats ( 122034 ) on Sunday January 29, 2006 @03:04AM (#14592189) Homepage
    My message to FedEx, after receiving a phishing scam and talking to the billing part of FedEx.
    • FedEx case number: 1752XXXX

      I've been referred to you by FedEx tech support, with the case number above.

      Attached is an obvious phishing scam using the FedEx name. It has the usual hallmarks of a phishing scam:

      1. A forged return address "aroundtheworld@fedexemails.01o.com", while it was actually sent from "snd6222.britecast.com". (This, of course, is a criminal violation of the CAN-SPAM act.)

      2. Phony links to fake sites: the link supposedly to "nba.fedex.com" actually goes to "http://fedex.00b.net/ajtk/servlet/JJ?H=h3cq6&R=28 6452495".

      So this is a clear phony.

      The real concern is that the sender of this message has some information about our FedEx account. The message contains the line

      "All shipments must be paid for with your FedEx account number ending in 811."

      That is in fact from our valid FedEx account number. So FedEx appears to have a security breach; account numbers have leaked to a scammer.

      Full message source appears below.

      Please let me know immediately if we need to cancel our FedEx account because of this security breach. Thank you for your attention to this matter.

    FedEx reply:

    • Response (Kristine C.) - 01/24/2006 09:13 PM
      Dear John:

      We received your inquiry. Thank you for contacting FedEx. We apologize for the inconvenience.

      We would like to inform you that you may need to contact your local FedEx Account Executive so they can further advise you of what you need to do regarding the status of your account.

      We hope this information is helpful. Again, thank you for contacting FedEx.

    Note that they've referred me back to the part of FedEx that referred me to them. So that's FedEx, clueless.

  • I work for a hosting company, and I had someone call up last night with a site that a customer of ours hosts that was a Barclays (UK-based) Bank phishing site - we take these seriously enough and the site should be down soon (hopefully)
    • I found that notifying hosting firms gets the best response when it comes to these clowns. For the past couple of years I've been notifying both the "victim" company plus I've been notifying the hosting company of any phishing emails I've received.

      The very first time I decided to do this, I discovered the hosting firm was in China, and thought "uh-oh, this is never gonna work. What Chinese firm is going to care if stupid Americans are getting scammed?" But I sent the email anyway.

      I got a letter of re

  • C:\Documents and Settings\aD\Desktop>whois -h whois.abuse.net paypal.com

    accessviolation@paypal.com (for paypal.com)
    postmaster@paypal.com (for paypal.com)
    spoof@paypal.com (for paypal.com)

    Maybe they get too many phishing spams to abuse@ :-)

  • The other side (Score:3, Interesting)

    by Pig Hogger ( 10379 ) <(moc.liamg) (ta) (reggoh.gip)> on Sunday January 29, 2006 @12:42PM (#14593465) Journal
    I've been on the other site of a ph151n9 attempt... A client had his server b0rk3d into and a ph15h page installed on it.

    We caught it three weeks in the act. I analyzed the code, and made a script that would randomly send the receiver (a yahoo e-mail address) random login information (made from first and last name files downloaded from the US census bureau). Now, it's been running for at least three months.

    The ph151ng page has been left intact, except that it does not report back to the original receivers, but instead shows a message that basically says "you've been phished, sucker!!!". And at least 200 people a day still get sucked in after three months!!!

    I guess I will put google ads on the page...

  • Why is Paypal responsible for a pseudo-Paypal site? That's like holding you responsible for an identity thief who's using your social security number. The only people who can shut down a phishing site is their hosting provider.

    Unfortunately, there seem to be a lot of providers who just ignore their abuse emails. Phishing scammers seem to use small, poorly managed providers that just don't have it together to respond to abuse complaints.

    After being ignored about a fake MSN site, I did contact MSN support

  • Seriously folks, how stupid are people? I have to guess that it's the same people who have 1000+ instances of Spyware and install viruses, but come on folks! Use your head for something other than a hat rack! I know...I had to vent...only the /. Community can understand :)
  • My last job was in online banking. I found a potential phishing hole that could be exploited easily and brought it to management's attention before I left the company. A month or two later and nothing had been done to close it.

    I kept up with a colleague there who related that an actual phishing exploit had occurred (not through the hole I reported) and was reported by a member. Apparently, management was in a tizzy and thrashing about madly. It was suddenly priority #1 and no one worked on anything else unt

Slashdot Top Deals

Love may laugh at locksmiths, but he has a profound respect for money bags. -- Sidney Paternoster, "The Folly of the Wise"

Close