mailing list archives
Re: Another PayPal phishing scam
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 04 May 2005 09:03:06 +1200
look dont bother reporting these there are hundreds everyday, no one gives a shit
Well, actually, many people do care.
For one, there are those at the targeted organizations concerned that
their "good name" is being further besmirched and confidence in their
irganization being further eroded. There are law enforcement folk
actively tracking some of the major fraudsters behind some of these
scams. There are the folk at the ISPs, etc hosting the fraudulent
sites concerned with improving the security of their systems (recently
many of the phishing scam sites have been hosted on boxes compromised
through awstats, PHP Gallery, phpBB and similar vulns and many of these
boxes are at hosting services where it is the service's responsibility
to provide and update those services).
However, despite the existence of all these possibly interested folk,
Full-Disclosure is not the right, or even a _useful_, place to report
such things. As you and others have pointed out, there are literally
dozens to hundreds of these every day (I have received about a dozen
PayPal and various bank phishing scam messages at this address in the
last few days and if anything that is down slightly from the norm).
There are organizations like the Anti-Phishing Working Group where you
can report ocasional phishing spams. More dedicated "anti-phishers"
will have their own preferred mechanisms.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/