02.16.06

a harmless little prank

Posted in fun, phished password fun at 7:36 am by Brandon

Holy crap. I write one post about whining about how I don’t have the time to blog and I get a day or two where I’ve got both the time and topics to write about. Let this be a lesson to all of you: Whining works!

Anyway, I had a stroke of genius recently. Well, maybe not genius, but this could be fun nonetheless.

You probably all get fake emails from Paypal and Ebay with ruthless and conniving internet sharks who are trying to ‘phish’ usernames and passwords from unsuspecting internet users. I thought it might be fun if we all fought back a little. I mean, there’s very little that either Paypal or Ebay can actually do to STOP account phishing. However, I suspect that an intrepid group of bloggers could actually prove to be, at very least, an annoyance to these illicit password phishing schemes.

Here’s how the scheme works: you’ll be sent an email from a company posing to be either Paypal or Ebay. They’ll request that you “update your records” or that you “have been bidding on an auction” (which you haven’t really). And, they’ll send you to a spoof website that is something other than paypal.com or ebay.com.

Here’s what I propose:

1. Remain diligent about detecting fake Paypal and Ebay pages. When you find one, email the URL to me at fake@badchristian.com. (You’ll be able to find this post by clicking on the Phished password fun category on the right sidebar.)
2. Here’s the fun part. Visit a few of the links that intrepid internet users have posted and go to those pages and fill out random bad information into the fake form (which looks like a real ebay or paypal site.) We may not be able to stop password phishers, but it would seem like a good idea to make them sort through huge quantities of useless information!
3. Be sure not to use your own, or any real information.
4. It would probably be best to make up new information for each time you visit a ‘phishing’ site. That way phishers wouldn’t be able to sort out repeat bad information.
5. Google bomb this post with something like “fake ebay email”.
6. Tell all your friends that in their spare internet time, the should make some trouble! Feel free to link to this post.

Questions? Let me know!

And, just to kick things off with a bang, here’s the first fake paypal phishing site:

http://ns1.bms.ac.th/~index/.confirm/index.php?MfcISAPICommand=SignInFPP

(Cut and paste the URL so as to avoid too much referrer garbage that could be picked up by the phishing site.)

ADDENDUM: Due to the sage advice of both James and Joe, who are clearly both more web saavy than I, I’ve offered a few suggestions. Instead of creating hyperlinks to the phishing sites, it would be most helpful, I think, to simply paste the URL in question into your comment. Also, if you do decide to participate in a little Googlebomb action, be sure NOT to include the “rel=”nofollow” ” tag in that URL so that this post IS registered with Google.

Also, if at some point you DO link to one of these phishing sites, be certain to include the aforementioned tag so that this site doesn’t get any extra ’search-engine-love’.

Finally, it might be most helpful email me the URL rather than to post it here…this will allow me to put your suggestion in the main post up in lights.

Tags: Fake Password Phishing, Ebay, Paypal

Permalink 4 Comments

a harmless little prank

Posted in fun, phished password fun at 7:36 am by Brandon

Holy crap. I write one post about whining about how I don’t have the time to blog and I get a day or two where I’ve got both the time and topics to write about. Let this be a lesson to all of you: Whining works!

Anyway, I had a stroke of genius recently. Well, maybe not genius, but this could be fun nonetheless.

You probably all get fake emails from Paypal and Ebay with ruthless and conniving internet sharks who are trying to ‘phish’ usernames and passwords from unsuspecting internet users. I thought it might be fun if we all fought back a little. I mean, there’s very little that either Paypal or Ebay can actually do to STOP account phishing. However, I suspect that an intrepid group of bloggers could actually prove to be, at very least, an annoyance to these illicit password phishing schemes.

Here’s how the scheme works: you’ll be sent an email from a company posing to be either Paypal or Ebay. They’ll request that you “update your records” or that you “have been bidding on an auction” (which you haven’t really). And, they’ll send you to a spoof website that is something other than paypal.com or ebay.com.

Here’s what I propose:

1. Remain diligent about detecting fake Paypal and Ebay pages. When you find one, email the URL to me at fake@badchristian.com. (You’ll be able to find this post by clicking on the Phished password fun category on the right sidebar.)
2. Here’s the fun part. Visit a few of the links that intrepid internet users have posted and go to those pages and fill out random bad information into the fake form (which looks like a real ebay or paypal site.) We may not be able to stop password phishers, but it would seem like a good idea to make them sort through huge quantities of useless information!
3. Be sure not to use your own, or any real information.
4. It would probably be best to make up new information for each time you visit a ‘phishing’ site. That way phishers wouldn’t be able to sort out repeat bad information.
5. Google bomb this post with something like “fake ebay email”.
6. Tell all your friends that in their spare internet time, the should make some trouble! Feel free to link to this post.

Questions? Let me know!

And, just to kick things off with a bang, here’s the first fake paypal phishing site:

http://ns1.bms.ac.th/~index/.confirm/index.php?MfcISAPICommand=SignInFPP

(Cut and paste the URL so as to avoid too much referrer garbage that could be picked up by the phishing site.)

ADDENDUM: Due to the sage advice of both James and Joe, who are clearly both more web saavy than I, I’ve offered a few suggestions. Instead of creating hyperlinks to the phishing sites, it would be most helpful, I think, to simply paste the URL in question into your comment. Also, if you do decide to participate in a little Googlebomb action, be sure NOT to include the “rel=”nofollow” ” tag in that URL so that this post IS registered with Google.

Also, if at some point you DO link to one of these phishing sites, be certain to include the aforementioned tag so that this site doesn’t get any extra ’search-engine-love’.

Finally, it might be most helpful email me the URL rather than to post it here…this will allow me to put your suggestion in the main post up in lights.

Tags: Fake Password Phishing, Ebay, Paypal

Permalink 4 Comments