Saturday, October 22, 2005

Twitting Phishermen.

I love to twit phishermen, unfortunately their ISPs can be quick to pull the plug on them.

Phishing is the span you get from an e-mail doctored up to look like an Amazon or E-Bay not telling you your account may be suspended if you don't verify your billing information. They direct to their website setup to harvest this information with the purpose to steal your billing information so they can steal from you. The websites look can look very good and very authentic but they are not.

If you suspect you have a phishing e-mail, mouse over the link and see what the actual website you are going to is! For example XYZ's website is here does not take you to XYZ's website (they did have one at one time, no idea what happened to it) but another website, it is extremely easy to fake the link. When your mouse moves over the link your e-mail client (my e-mail client exposes the actual link as well, but I suppose MickeySoft clients do not) should expose the target website (the target in the above link is So, it should be relatively easy to detect a phishing scam (as Amazon & EBay etc have probably spent tens of thousands of dollars trying to tell us they will never send an e-mail soliciting such information) right away.

I love to get them actually. My general inbox is set up to NOT render HTML encoded pages so I have a quick idea that something is afoot. I sometimes (if I am feeling playful at the time) try to visit the phishing page and fill in bogus and insulting data. For example my name may be F.U. Ahole and similar. However, I have seen pages that run checks upon credit card numbers (all credit card numbers are specially encoded so as to be able to tell if they are a valid credit card number from performing a set of mathematical calculations on them, of course there are other checks but a checksum calculation is the first step), and if their phishing pages does that then I give up and report it.

I got a phishing spam about 15 minutes ago. I clicked on the link and the page came up as suspended. Good for that ISP, and oh-well I have better things to do (like write a blog on phishing).

August 8, 2006 7:22 anchor text chagned in link above.