Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Phishing Education Test Blocked For Phishing

Soulskill posted more than 4 years ago | from the please-enter-your-opinion-and-credit-card-number-below dept.

Security 113

An anonymous reader writes "It appears a website called ismycreditcardstolen.com, designed to 'educate users about the dangers of phishing,' has itself been flagged by Firefox as a reported web forgery. The site, which asks visitors to enter their credit card details to 'see if they've been stolen,' takes the hapless visitor to a page warning them about the perils of phishing, giving them advice on how to avoid similar scams and also provides a link to the Anti-Phishing Working Group's website. Or at least it did, until various browsers started blocking it. As the Sunbelt blog post notes, the project was likely doomed to failure, both because of the domain name itself and also because it uses anonymous Whois data, which isn't exactly going to make security people look at it in a positive light. Does anyone out there think this was a good idea? Or will malicious individuals start playing copycat on a public now trained to think sites like this are just 'harmless education?'"

cancel ×

113 comments

Sorry! There are no comments related to the filter you selected.

So, it worked! (1, Funny)

Anonymous Coward | more than 4 years ago | (#31967292)

It was designed to look like a phising site, and it did!

Re:So, it worked! (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31967562)

It was designed to look like a phising site, and it did!

Blocked by the idiots who did a knee-jerk reaction and flagged it as a hostile site. Isn't that spiffy, it got blocked by the very lack-of-awareness idiots who it was trying to assist. Gotta love the irony.

I say leave them to their own devices. The phishers are merely making stupidity more painful. While they intend ill, the overall effect might not be so bad.

Re:So, it worked! (1)

shentino (1139071) | more than 4 years ago | (#31967702)

Except that they usually keep their ill gotten gains and use them to finance far more sinister operations.

If they took their fleecings and donated them to charity I would approve.

Remember, these guys are in cahoots with evil spammers.

Re:So, it worked! (0)

Anonymous Coward | more than 4 years ago | (#31967866)

ill-gotten booty

Re:So, it worked! (1)

KDR_11k (778916) | more than 4 years ago | (#31969642)

If it only told people that it's for education after they did something that would usually be very stupid then you can expect most smart people to never see that message.

Re:So, it worked! (2, Interesting)

tomhudson (43916) | more than 4 years ago | (#31970366)

Blocked by intelligent people - the site doesn't pass the smell test.

And there's no reason to believe they didn't log the data.

dot dot dot (0)

Anonymous Coward | more than 4 years ago | (#31967308)

It's just a bloody website. Whether the site was a brilliant idea or not, it's really stupid to put your credit details anywhere on the web.

Hmmm... (2, Insightful)

Devout_IPUite (1284636) | more than 4 years ago | (#31967312)

It doesn't seem like having users enter their credit card to check if it's been stolen is a good idea. All it takes is the site getting hacked and viola! Real stealing on every query!

Re:Hmmm... (5, Funny)

maxume (22995) | more than 4 years ago | (#31967342)

After they click submit, the site should return a page that simply says "Yes".

Re:Hmmm... (0)

Anonymous Coward | more than 4 years ago | (#31967664)

Or: "It is now!"

Re:Hmmm... (0)

Anonymous Coward | more than 4 years ago | (#31967860)

Actually do we have any way to validate that the site wasn't designed to steal this information? Perhaps it was all along and poor hapless fools got caught by it?

Re:Hmmm... (2, Informative)

maxume (22995) | more than 4 years ago | (#31968100)

You can inspect the source and verify that it doesn't actually submit the data.

That doesn't say anything about what other people see, but if there is a problem and enough people investigate, someone should eventually notice it.

Re:Hmmm... (1)

mcrbids (148650) | more than 4 years ago | (#31968420)

You roably want to see our galiant efforts to stop ID theft.

http://www.effortlessis.com/stopidtheft [effortlessis.com]

Re:Hmmm... (1)

maxume (22995) | more than 4 years ago | (#31968574)

It would be better if it didn't reveal the message when everything is left blank.

Re:Hmmm... (1)

KDR_11k (778916) | more than 4 years ago | (#31969656)

You want to steal my stopid?

Re:Hmmm... (2, Interesting)

sunderland56 (621843) | more than 4 years ago | (#31967344)

Maybe the site's designers are actually phishing, and collecting people's credit card details. If they are ever challenged, they have the "hey, it was just an educational web site" defense to fall back on.

excluded from the form (4, Interesting)

pikine (771084) | more than 4 years ago | (#31967888)

If you look at the HTML code, the form fields that contain your credit card information was excluded from the form the web browser actually submits. The HTML code is essentially structured like this: [credit card issuer] [credit card number] [name on credit card] [expiration month] [expiration year] [start form] [submit button] [end form]. The form itself really only contains the submit button and nothing else. Hence, unless your browser is broken, none of the credit card information should be submitted anywhere.

However, the bit about Google Analytics javascript on the bottom of the HTML page could contain code to collect and transmit these form fields to somewhere else. The site could be hacked, and the hacker could alter the HTML code to submit the credit card information somewhere.

Re:excluded from the form (1)

fluffy99 (870997) | more than 4 years ago | (#31967936)

Or maybe 1 out of every 10,000 hits to the site got a slightly different page that did send the info. Who would know?
Nice that firefox won't even let me see the page source. I guess it thinks I'm an idiot or something.

Re:excluded from the form (3, Interesting)

kgo (1741558) | more than 4 years ago | (#31968470)

Personally, I'd trigger it off of user-agent header. IE... Not a techie verifying functionality -> really submit info... Chrome/Firefox/search engine agents -> example page.

Re:excluded from the form (1)

fluffy99 (870997) | more than 4 years ago | (#31969116)

Or maybe IP address. If it's an AOL dialup user, they have already proven themselves gullible. :}

Re:excluded from the form (0)

Anonymous Coward | more than 4 years ago | (#31970596)

I wouldn't be all that surprised if IE munged the form up by itself so that people ended up sending those fields.

I mean, I'd bet on it not being the case, but if it happened I'd be thinking "well, it is IE after all".

Re:Hmmm... (5, Informative)

Rijnzael (1294596) | more than 4 years ago | (#31967356)

That's not the point of the site. The point is to show the vulnerable how easy it is to fall for phishing scams, and that you should never provide your credit card number to a site that you're unfamiliar with.

The site is clearly not malicious. The form tag on the page doesn't include the card number and other identifying input elements, so that data isn't gathered or even transmitted over the network from what I can tell. The page just sends you to their 'you have failed page' any time you submit it.

Re:Hmmm... (1)

tverbeek (457094) | more than 4 years ago | (#31967484)

Creating a site that invites people to do Something Really Stupid as a way to educate people not to do Something Really Stupid is practically begging to get flagged as malicious. It is, in fact, Something Really Stupid.

Re:Hmmm... (2, Insightful)

MoldySpore (1280634) | more than 4 years ago | (#31967588)

Right but all they have done is create an unsecured form where they are entering in a clear text credit card number. It is just an unnecessary risk regardless if it is a legit site or not. What if they have malware that is collecting form field entries? They just made a nice clear text form for that malicious software to extract from.

Re:Hmmm... (1)

causality (777677) | more than 4 years ago | (#31967708)

Right but all they have done is create an unsecured form where they are entering in a clear text credit card number. It is just an unnecessary risk regardless if it is a legit site or not. What if they have malware that is collecting form field entries? They just made a nice clear text form for that malicious software to extract from.

If they already have malware installed that is collecting and transmitting their data, then they already have bigger problems. It's sort of like worrying about dirty windows when the whole house has already been swallowed by a sinkhole.

Netcraft (1)

captnbmoore (911895) | more than 4 years ago | (#31967968)

http://ismycreditcardstolen.com/ [ismycreditcardstolen.com] was running Apache on Linux when last queried at 24-Apr-2010 17:15:46 GMT - refresh now Site Report

Try out the Netcraft Toolbar! FAQ OS Server Last changed IP address Netblock Owner

Linux Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8g DAV/2 SVN/1.6.9 mod_fcgid/2.3.4 24-Apr-2010 66.220.0.89 EGIHosting

Re:Hmmm... (1)

nautsch (1186995) | more than 4 years ago | (#31967720)

Look at the source. No info is transmitted.

Re:Hmmm... (3, Interesting)

Rijnzael (1294596) | more than 4 years ago | (#31967868)

In case you didn't understand my comment: the HTML input elements that are in the source to show those boxes on the page are NOT part of a form element. This means that absent some javascript, the data in those input elements will not be transmitted. Go ahead and try it with Wireshark for yourself, you'll see that the only result is a GET request for their 'you have failed' page.

Re:Hmmm... (0)

Anonymous Coward | more than 4 years ago | (#31968060)

absent some javascript

And any JavaScript that would cause this data to be transmitted is definitely absent. Only JS on there is for Google Analytics.

Re:Hmmm... (1)

sqlrob (173498) | more than 4 years ago | (#31967734)

It isn't malicious *now*.

How do you know it isn't going to turn so?

Re:Hmmm... (1)

Loconut1389 (455297) | more than 4 years ago | (#31968236)

That brings up an exceptional point, it seems like all page form elements should have a little triangle at the far right corner or a hover tool tip or something that indicates whether the action is a secure page, insecure page, or whether the form elements are standalone?

Re:Hmmm... (1)

jibjibjib (889679) | more than 4 years ago | (#31970174)

It wouldn't be useful for security, because Javascript can take the form data and send it anywhere at any time, independent of whether the element is actually in a form or not and where it submits to.

It'd be a "This form is probably secure but might possibly not be" indication, which is completely useless and misleading to any non-web-developer.

Re:Hmmm... (1)

cgenman (325138) | more than 4 years ago | (#31968508)

Yes.

And while we're at it, you should visit my other sites, HasYourPasswordBeenCompromised.com and DoesAnyoneHaveThisHotPictureOfMeNaked.com.

FAIL! (2, Interesting)

Frosty Piss (770223) | more than 4 years ago | (#31968532)

The site is clearly not malicious.

Really? "Clearly"? It's not clear to me. I am supposed to TRUST these people I don't know who have a hidden whois? Seems to me like an excellent way to acquire CC numbers from ignorant rubes.

Re:Hmmm... (2, Interesting)

Anonymous Coward | more than 4 years ago | (#31967446)

The form data isn't actually transmitted; the submit button is on a different form. Real hackery would have to change the HTML as well.

Re:Hmmm... (2, Informative)

u38cg (607297) | more than 4 years ago | (#31967608)

From the page source, goddammit:

This site is intended to be a lesson for people who are susceptible to getting phished. The goal here is for no credit card information to ever be sent across the wire. To accomplish this, all credit card info is outside the form. That way, clicking on the submit button doesn't submit any credit card info.

Godaddy was smart enough to detect some evil keywords in the domain and require a human being to look at the site. If you are reading this, Godaddy: Our intention is to educate and inform people of phishing, in a particularly memorable way: http://ismycreditcardstolen.com/anti-phishing.jpg [ismycreditcardstolen.com]

BTW there is no form validation so just click the submit button if you want to see the "you have failed" message, visible here: http://ismycreditcardstolen.com/check.html [ismycreditcardstolen.com]

Re:Hmmm... (1)

ICantFindADecentNick (768907) | more than 4 years ago | (#31967738)

I thought TFA said that it had no whois data - but use seem to know it's run by someone called Viola. Maybe her surname's Walla.

Downward Spiral (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31967320)

Is it just me or does Firefox really suck anymore?

It used to be a nice browser but it's just gotten bloated and slow.

Re:Downward Spiral (-1, Offtopic)

ProdigyPuNk (614140) | more than 4 years ago | (#31967372)

I really don't see why this is modded down "Troll" as I'm inclined to think the same thing. I'm using IceWeasel aka FireFox, and it really doesn't seem as put-together as it once did. I've experienced more FF crashes in the past year than I have since I started using it. Firefox is still a great browser, and still one of the best out there, but IMO I must agree with the "Troll" - it's not what it used to be.

Re:Downward Spiral (1)

Alex Belits (437) | more than 4 years ago | (#31967530)

Trolls trolling trolls -- /b/ has nothing on this place...

Re:Downward Spiral (0)

Anonymous Coward | more than 4 years ago | (#31970120)

You have seen nothing.

Firefox could still be correct... (1, Insightful)

Ichijo (607641) | more than 4 years ago | (#31967358)

Who's to say it isn't a credit card number stealing web site disguised as a web site "designed to 'educate users about the dangers of phishing'" disguised as a web site to help users determine whether their credit card numbers are stolen?

Re:Firefox could still be correct... (1)

5pp000 (873881) | more than 4 years ago | (#31967456)

Who's to say it isn't a credit card number stealing web site disguised as a web site "designed to 'educate users about the dangers of phishing'"

Even if this one isn't, you can be sure those will start to appear now.

Re:Firefox could still be correct... (1)

data2 (1382587) | more than 4 years ago | (#31967542)

This one, as mentioned elsewhere, does not even transmit your information as it is not included in the form. So this one seems legit.

Re:Firefox could still be correct... (1)

abigsmurf (919188) | more than 4 years ago | (#31967682)

It's not too hard to code a page to store things typed in despite not sending anything through post or get. How many people would notice heavily obfuscated javascript like that?

Re:Firefox could still be correct... (1)

data2 (1382587) | more than 4 years ago | (#31968226)

Probably no one, unless someone really looked.
  But i guess the intersection of people who would enter their data and the people who would understand the code is empty anyway.

Re:Firefox could still be correct... (1)

Bigjeff5 (1143585) | more than 4 years ago | (#31967460)

That's the point.

While these guys may have been doing a good deed, if it looks like a duck, walks like a duck, and quacks like a duck, you really have no choice but to treat it like a duck.

The only safe way to deal with even a friendly site that takes credit card numbers to trick users (in this case, to educate them instead of steal from them) is to block them. Tomorrow they may start recording the card numbers, or worse they've been collecting them for months, and now that they are shut down they start using them. It would be just another variation on a common con.

Re:Firefox could still be correct... (1)

JWSmythe (446288) | more than 4 years ago | (#31967948)

You're absolutely right. If it was designed to look and act like a phishing site, regardless if it does currently capture any information, and the filters catch it, then the phishing filters are working properly.

    Or, as you say, treat it like a duck [alexross.com] .

Re:Firefox could still be correct... (5, Informative)

Anonymous Coward | more than 4 years ago | (#31967470)

RFTSC (source code):


<!-- Start form here so credit card details aren't submitted. -->
<form action="check.html">
    <input type="submit" value="Check if my credit card is stolen">
</form>

The browser never submits any of the entered information to the server.

Re:Firefox could still be correct... (1)

snl2587 (1177409) | more than 4 years ago | (#31967744)

Well, clearly you aren't the technical user the site says to use to verify that no data has been submitted.

Re:Firefox could still be correct... (0)

Anonymous Coward | more than 4 years ago | (#31968008)

Besides that the source says it is safe... I think it is a good idea to have firefox flag it. If the user still falls into the trap, then they are that much more gullible.

Sadly the site is down, meanwhile.. (3, Funny)

Keruo (771880) | more than 4 years ago | (#31967360)

Post your full name, address, credit card number and cvv as a reply to this post and we will get back to you if your card has been exposed to the threats on internet.

Re:Sadly the site is down, meanwhile.. (4, Funny)

Anonymous Coward | more than 4 years ago | (#31967852)

Name: Todd Davis
SSN: 457-55-5462
Credit Card Number 4844 2257 9987 3655
CW: 887
Occupation: CEO of LifeLock

Re:Sadly the site is down, meanwhile.. (3, Funny)

JWSmythe (446288) | more than 4 years ago | (#31967984)

    Funny, that's the same as one of my aliases. For some reason my card seems to be maxed out now.

Re:Sadly the site is down, meanwhile.. (1)

dangitman (862676) | more than 4 years ago | (#31970552)

That's amazing! I've got the same combination on my luggage.

Maybe this is an intelligence test or experiment (1)

Dr_Ken (1163339) | more than 4 years ago | (#31967376)

I'm just sayin'. It has all the hallmarks of a IT grad student behavioral study experiment or perhaps a prank or a hoax. Are people really that stupid?

Re:Maybe this is an intelligence test or experimen (-1, Flamebait)

Peet42 (904274) | more than 4 years ago | (#31967412)

Are people really that stupid?

Yes. Remember that a large percentage of English-language web users are American.

Re:Maybe this is an intelligence test or experimen (0)

Anonymous Coward | more than 4 years ago | (#31967462)

An even larger percent are people.

Re:Maybe this is an intelligence test or experimen (2, Funny)

Bigjeff5 (1143585) | more than 4 years ago | (#31967472)

Yeah well, it's better than being anything else. ;)

I love when jealous people post snide remarks on American web sites, it just makes it all so clear how inferior they feel. :)

Re:Maybe this is an intelligence test or experimen (0, Troll)

Peet42 (904274) | more than 4 years ago | (#31967526)

It's amusing that you think of it as a "snide remark", when I intended it as merely factual.

Re:Maybe this is an intelligence test or experimen (0, Troll)

causality (777677) | more than 4 years ago | (#31967770)

It's amusing that you think of it as a "snide remark", when I intended it as merely factual.

I'd mod you up except that I have already posted in this discussion. I am an American and I strongly agree with you. Being honest about this and not trying to cover it up would be this country's first step towards recognizing and dealing with this problem.

Re:Maybe this is an intelligence test or experimen (0)

Anonymous Coward | more than 4 years ago | (#31967802)

Good troll dumbshit, now go have tea using your shitty teeth.

Re:Maybe this is an intelligence test or experimen (0)

Anonymous Coward | more than 4 years ago | (#31967636)

It's all clear to me now. Your nationality makes you feel inferior.

Re:Maybe this is an intelligence test or experimen (1)

causality (777677) | more than 4 years ago | (#31967760)

Yeah well, it's better than being anything else. ;)

I love when jealous people post snide remarks on American web sites, it just makes it all so clear how inferior they feel. :)

I am an American and I have to admit that the USA's general public is dumb. Not in the sense that they don't have intellectual capacity, but in the sense that they seem quite unwilling to use it. They'd generally rather play follow-the-leader and go whichever way the wind blows. They seem to want someone to do their thinking for them, the same way that the aristocracy of old wanted someone (domestic servants) to do their cooking and cleaning for them. This is bad, very bad.

If I thought they were truly stupid and just couldn't help it, then there'd be no point in saying anything. It would be in very poor taste, sort of like asking a paraplegic why he isn't getting up and walking. But the truth is, they can help it, they can do much better, they can value things like logic and critical thinking. They just refuse.

Re:Maybe this is an intelligence test or experimen (2, Insightful)

JWSmythe (446288) | more than 4 years ago | (#31968566)

    Actually in my experience, in meeting people from all over the world, and visiting many other places, it's not Americans that are dumb. It's most people in general. Stereotypes do fit some people, because they are created from a subset of a culture.

    By categorizing Americans as dumb, you therefore categorize the general population of the whole world as dumb. Only approximately 1.5% of the United States population is Native American. The remainder migrated here, and their "American" ancestry spans one to a few dozen generations.

Re:Maybe this is an intelligence test or experimen (0)

Anonymous Coward | more than 4 years ago | (#31968214)

I love it when conservatards take time away from visiting WalMart and calling the President a socialist to blindly flame anything that makes them feel even slightly inadequate. Now go back to whacking it to Sarah Palin photos and Ayn Rand.

Re:Maybe this is an intelligence test or experimen (0)

Anonymous Coward | more than 4 years ago | (#31967496)

Bite me

Re:Maybe this is an intelligence test or experimen (1)

causality (777677) | more than 4 years ago | (#31967724)

I'm just sayin'. It has all the hallmarks of a IT grad student behavioral study experiment or perhaps a prank or a hoax. Are people really that stupid?

Ever heard of this site about the dangers of dihydrogen monoxide? [dhmo.org]

"Dihydrogen monoxide can even be lethal if inhaled!" Dihydrogen monoxide is, of course, water. Their link that says it's "for the press" will explain the intent behind the site. It aims to do for critical thinking what this phishing education site does for phishing.

Re:Maybe this is an intelligence test or experimen (2)

jonadab (583620) | more than 4 years ago | (#31969904)

> Are people really that stupid?

The answer to this question is always going to be the same, no matter what context you put around the question.

Are people stupid enough to send money to 419 scammers? Stupid enough to waste thousands of hours *baiting* 419 scammers and getting them to pose for photos in various ridiculous settings and attire? Stupid enough to *be* baited? Sure enough, some people are.

Are people stupid enough to give their credit cards details to any random person who claims to represent their bank and/or be looking out for their interests? Yep, some people are.

Are people stupid enough to leave young children unattended for extended periods of time? Stupid enough to show up at the police station and ask to have their confiscated contraband returned to them? Stupid enough to install pink fiberglass insulation all day wearing shorts and a t-shirt? Are women stupid enough to continue to date obviously abusive boyfriends? Are people stupid enough to shoot themselves in the sensitive bits with firearms, attempt to operate dangerous equipment (chainsaws, motor vehicles, you name it) when they're too tired to keep their eyes, deliberately ingest carelessly-measured quantities of poison without even knowing what the safe does is just to see how much they can take, stick random inappropriate objects where the sun don't shine, drill holes in their own skulls under unsanitary conditions, hijack commercial jets and fly them into the sides of buildings, buy shares in SCO, play Russian roulette, buy bottled spring water for pets, and give their computer password from work to a stranger for chocolate? These are all things people have actually done, so yeah, I'd say people are that stupid. At least, some people are.

Lots of software and Net things are that way (1)

h00manist (800926) | more than 4 years ago | (#31967384)

Society is broken, not the ideas that circulate freely, no matter what anyone would wish. GPS in phones - useful to owners, and to thieves, as in http://pleaserobme.com/ [pleaserobme.com] . P2P and copyrights, anonymity, credit info, privacy rights, games. Lots of things have good and bad, legal and illegal, moral and immoral sides. I believe that in most instances, society is just having trouble adapting and finding the right way to do it, but it will change regardless, it's up to our actions to guide it. And simple easy answers that worked in the past won't do any good sometimes. Credit cards? Silly details, society and economics is totally broken.

Re:Lots of software and Net things are that way (0)

Anonymous Coward | more than 4 years ago | (#31967620)

Nice try, but you ain't got nothin' on Billy Joel.

We didn't start the fire... but we pissed on it!

Report It (1)

The MAZZTer (911996) | more than 4 years ago | (#31967458)

Re:Report It (0)

Anonymous Coward | more than 4 years ago | (#31967782)

Already did.

How much time? (1)

will_die (586523) | more than 4 years ago | (#31967480)

How much time did it take from when the site was published to when the various browsers had it blocked?

How the heck... (1)

MoldySpore (1280634) | more than 4 years ago | (#31967566)

...are people still this gullible? Even if the site is 100% legit, what would possess someone to give out their information on an site that had no ssl encryption? They put freaking graphics of "Secured!" with a green check mark on the page...honestly if people can't see through that they deserve to get their card information stolen.

Now that I think about it, perhaps that is the secondary purpose of the site. Force people to learn not to give out their card information otherwise some guy in China will start buying his internet service and iPhone apps on your account! (happened to several people I know after using Meritline.com).

The first purpose being to steal credit card info of course. ;)

Antivirus for Your Brain (Immunization) (5, Insightful)

Don Faulkner (138856) | more than 4 years ago | (#31967572)

When we were kids, many of us received immunizations against a host of nasty diseases. The purpose of these vaccines was to expose our immune systems to "fake badness," so that when we were exposed "real badness," the immune system would be pre-primed to deal with it.

Phishing is a problem precisely because most of the email that your average (l)user gets and most of the sites they visit are legitimate, with no badness (of this type) involved. When you've never been exposed to phishing behavior, it's much easier to fall for a scam.

You can run all the "awareness" campaigns you want, but users tend to ignore that sort of stuff, thinking, "right, I get it, but I'm smarter than that."

We need to inoculate users to teach them to be wary. There should be more sites like this out there. Some geared toward credit card data, some geared toward username & password, and others yet for other forms of PII.

Once a user is brought up short a few times by information pages like you see after you hit submit, they will be more cautious on all sites.

Re:Antivirus for Your Brain (Immunization) (0)

Anonymous Coward | more than 4 years ago | (#31967606)

Phishing is a problem precisely because most of the email that your average (l)user gets and most of the sites they visit are legitimate, with no badness (of this type) involved. When you've never been exposed to phishing behavior, it's much easier to fall for a scam.

You can run all the "awareness" campaigns you want, but users tend to ignore that sort of stuff, thinking, "right, I get it, but I'm smarter than that."

Most users are dumber than a rock. If someone falls for a blatant scam, then they deserve everything that happens to them.

Whois shows (2, Interesting)

captnbmoore (911895) | more than 4 years ago | (#31967612)

That it's registered to some place in George Town Cayman Islands. I would say that is a phishing scam since they want all pertinent info. Of course IE8 does not block it so if you really want to test it and not get a scam alert just use IE8.

Re:Whois shows (2, Informative)

RichardJenkins (1362463) | more than 4 years ago | (#31967688)

No, the site is structured so if you enter any details in the form, they won't be submitted by your browser when you click the form. Since the site doesn't offer me any means to enter details and have them sent (and you'd want to give it more than the cursory glance I did to prove this) then why flag it as a phishing site?

Re:Whois shows (2, Informative)

icebraining (1313345) | more than 4 years ago | (#31967716)

Except if you read its source code, you'd see it doesn't actually send the data to the server.

By the way, in Firefox you can click "ignore this warning" in the lower right corner.

Re:Whois shows (3, Informative)

broken_chaos (1188549) | more than 4 years ago | (#31968072)

Oddly enough that doesn't work in "view source" mode. I had to use Firebug to check the source code instead.

something worse (1)

ron-l-j (1725874) | more than 4 years ago | (#31967626)

It makes me think of my friend when he was going to apply to Kmart, The first thing they ask for at the website is your full social security number. Needless to say that is a great target for phishing, Try this, open your cli in windows and tracert www.google.com. It returns as www.l.google.com but, on a Linux box it returns as www.google.com with ***.l.*****.com being the prime giveaway in a phishing scam some people report Google owns www.l.google.com. What is your take ? Ron

Re:something worse (1)

icebraining (1313345) | more than 4 years ago | (#31967746)

You seem confused about domain names. Any combination of *******.google.com is just a subdomain of google.com, which is owned by Google. So yes, as long as it ends in ".google.com" it's safe (well, unless that first dot is not a real dot - I don't know how is the whole issue around UTF-8 characters in URLs).

Re:something worse (1)

ron-l-j (1725874) | more than 4 years ago | (#31967786)

Thank you for waking me up :D

Re:something worse (0)

Anonymous Coward | more than 4 years ago | (#31967906)

unless their broken site allows redirects, this was a common problem several years ago & as of a week ago, some are still able to do this.

Re:something worse (0)

Anonymous Coward | more than 4 years ago | (#31967764)

google owns *.google.com

Here is www.google.com on a Linux box

~$ host -a www.google.com
Trying "www.google.com"
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN ANY

;; ANSWER SECTION:
www.google.com. 176558 IN CNAME www.l.google.com.

;; AUTHORITY SECTION:
google.com. 3747 IN NS ns1.google.com.
google.com. 3747 IN NS ns2.google.com.
google.com. 3747 IN NS ns4.google.com.
google.com. 3747 IN NS ns3.google.com.

Received 124 bytes from 192.168.250.22#53 in 1 ms


~$ host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 209.85.225.106
www.l.google.com has address 209.85.225.147
www.l.google.com has address 209.85.225.99
www.l.google.com has address 209.85.225.103
www.l.google.com has address 209.85.225.104
www.l.google.com has address 209.85.225.105
www.l.google.com has IPv6 address 2001:4860:b007::69
www.l.google.com has IPv6 address 2001:4860:b007::6a
www.l.google.com has IPv6 address 2001:4860:b007::93
www.l.google.com has IPv6 address 2001:4860:b007::63
www.l.google.com has IPv6 address 2001:4860:b007::67
www.l.google.com has IPv6 address 2001:4860:b007::68

Re:something worse (2, Informative)

Pentium100 (1240090) | more than 4 years ago | (#31967842)

I don't get what you are saying...

www.google.com is a DNS CNAME record, a record which does not point to an IP address, but to another name. Windows tracert (and ping) utilities report the IP and the name returned by the server. CNAME records are useful if you want to have multiple (sub)domains that all point to a single IP address. You can, for example, create DNS A record that points realserver.google.com to the actual IP(s) of the server(s) and a bunch of other domains that point to realserver.google.com. Now, if the IP of the server changes, you only need to update one record.

Tracert and Linux traceroute also do reverse DNS lookup, they ask the server for a name for that IP address. This depends primarily on the ISP, without their assistance I cannot change my reverse lookup entry, for example. While multiple domain names can point to a single IP, the IP only points to one domain name.

So, with google it's like this:

www.google.com is a CNAME record that points to www.l.google.com
www.l.google.com is a A record that points to 74.125.77.147, 74.125.77.104 and 74.125.77.99
74.125.77.147 points to ew-in-f147.1e100.net
74.125.77.104 pints to ew-in-f104.1e100.net

1e100.net is probably the ISP of that server. It looks like the reverse record is made using the last octet of the IP, what does ew-in-f mean you woud have to ask that IPS.

In any case, that's why tracert reports:
Tracing route to www.l.google.com [74.125.77.104]
over a maximum of 30 hops: ...

  11 80 ms 80 ms 79 ms ew-in-f104.1e100.net [74.125.77.104]

Re:something worse (1)

value_added (719364) | more than 4 years ago | (#31968942)

I think the OP's concerns would be satisfied with a simple WHOIS lookup, using either the IP address or the domain name, or both. Windows users can use a web-based service for lookups.

This is a good thing! (0)

Anonymous Coward | more than 4 years ago | (#31967630)

I think that this is actually a good thing. It means that Firefox (and other browsers that are blocking the site) is working! The site _is_ phishing - they just aren't/weren't using the information they tricked users into entering (or at least they claimed not to).

Happens All The Time (1)

Ashcrow (469400) | more than 4 years ago | (#31967712)

For instance, SonicWall blocks phishtank. Yup, SonicWall blocks a site to help protect users against phishing by being able to check links against known phishing sites (http://www.stevemilner.org/blog/2010/01/20/sonicwall-silly/). The less technical the data owners are the less helpful the the rule sets are.

To be honest, this site in question does look like a phishing site and thus, if someone went to the site and knew what phishing was, they would most likely flag it if they did not click through (aka it isn't a verified phishing site but it sure looks like one at first glance).

Sounds more like (1)

unity100 (970058) | more than 4 years ago | (#31967740)

Phishing education phishy phished for phishy phishing the pish. pish.

Firefox is broken (2)

laing (303349) | more than 4 years ago | (#31967856)

OK I'm running Firefox (3.5.9) on Ubuntu Linux and I went to the site. It warned me that the site was a forgery and I clicked the "ignore this warning" button. The site prompted me to enter some credit card information which I did (false of course) and on the next page it said that I failed the test and that my information was not transmitted so I shouldn't worry but that I should have someone who is technically competent verify this. I decided to have a quick look at the previous page source to see if the submit form included the card number and when I selected 'View->Page Source' from Firefox I got the same forgery warning instead of viewing the source. The "ignore this warning" button didn't work at this point so I guess I cannot verify the claim on the page withe Firefox alone. This seems rather broken to me as the page source display doesn't execute malicious code.

Yes I know I could save the page or use wget but why doesn't Firefox let me look at the suspected page's SOURCE? How could that possibly be harmful?

Re:Firefox is broken (3, Informative)

Dumnezeu (1673634) | more than 4 years ago | (#31968222)

Apparently, it's a bug in Firefox. Running 3.6.3 on Windows does the same thing: if you click the "Ignore this warning" in the window with the page's source, nothing happens.

Re:Firefox is broken (1)

misexistentialist (1537887) | more than 4 years ago | (#31968658)

You can turn off blocking under Tools>Options>Security. Maybe FF doesn't work properly, but functionality to bypass security warnings can't be much of a high priority

Re: (1)

ron-l-j (1725874) | more than 4 years ago | (#31967942)

Resolves to 209.85.225.147 witch I know to be a good IP address and yes MAC addresses can be spoofed and IP addresses can be spoofed as well. Security is just complication. And you can follow your route to primary DNS servers and look up routing tables as well. Im saying its odd that a very popular phishing trick is to slightly change the name record witch is what appears to happen when looking up google.com in tracert.

Yes. (1)

newdsfornerds (899401) | more than 4 years ago | (#31968474)

Malicious individuals will start building copycat sites hoping to hoodwink a public now trained to think sites like this are just 'harmless education."

Phishme.com does it the right way.. (1)

higapleez (1448139) | more than 4 years ago | (#31968522)

There is the wrong way, and the Phishme.com way. cheers!

It's not doomed to failure (1)

mysidia (191772) | more than 4 years ago | (#31968594)

But they need to be more realistic now. They are realistic enough for browsers to consider them phishers (which they probably are, technically), so they need to act just a little more like real phishers.

They need to do what all phishers do and get hundreds more domains and IP addresses.

And put sneaky Ad listings in sponsored search results with various search engines.

OH COME ON! (1)

OrwellianLurker (1739950) | more than 4 years ago | (#31968922)

If people are entering their information, how is blocking an educational site a smart move? I mean, if they are entering their CC #, then they already have big problems. That said, I wouldn't be telling people to go there.

Anti racist website blocked for hate speech (1)

gelfling (6534) | more than 4 years ago | (#31969830)

My corporate net blocks a website dedicated to fighting racism and hate speech on the basis that it 'has' racism and hate speech.

DERP.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>