Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Another PayPal phishing scam
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 04 May 2005 09:03:06 +1200

phased wrote:

look dont bother reporting these there are hundreds everyday, no one gives a shit

Well, actually, many people do care.

For one, there are those at the targeted organizations concerned that 
their "good name" is being further besmirched and confidence in their 
irganization being further eroded.  There are law enforcement folk 
actively tracking some of the major fraudsters behind some of these 
scams.  There are the folk at the ISPs, etc hosting the fraudulent 
sites concerned with improving the security of their systems (recently 
many of the phishing scam sites have been hosted on boxes compromised 
through awstats, PHP Gallery, phpBB and similar vulns and many of these 
boxes are at hosting services where it is the service's responsibility 
to provide and update those services).

However, despite the existence of all these possibly interested folk, 
Full-Disclosure is not the right, or even a _useful_, place to report 
such things.  As you and others have pointed out, there are literally 
dozens to hundreds of these every day (I have received about a dozen 
PayPal and various bank phishing scam messages at this address in the 
last few days and if anything that is down slightly from the norm).

There are organizations like the Anti-Phishing Working Group where you 
can report ocasional phishing spams.  More dedicated "anti-phishers" 
will have their own preferred mechanisms.


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]