Slashdot Mirror
Phishing Education Test Blocked For Phishing
An anonymous reader writes "It appears a website called ismycreditcardstolen.com, designed to 'educate users about the dangers of phishing,' has itself been flagged by Firefox as a reported web forgery. The site, which asks visitors to enter their credit card details to 'see if they've been stolen,' takes the hapless visitor to a page warning them about the perils of phishing, giving them advice on how to avoid similar scams and also provides a link to the Anti-Phishing Working Group's website. Or at least it did, until various browsers started blocking it. As the Sunbelt blog post notes, the project was likely doomed to failure, both because of the domain name itself and also because it uses anonymous Whois data, which isn't exactly going to make security people look at it in a positive light. Does anyone out there think this was a good idea? Or will malicious individuals start playing copycat on a public now trained to think sites like this are just 'harmless education?'"
It was designed to look like a phising site, and it did!
It's just a bloody website. Whether the site was a brilliant idea or not, it's really stupid to put your credit details anywhere on the web.
It doesn't seem like having users enter their credit card to check if it's been stolen is a good idea. All it takes is the site getting hacked and viola! Real stealing on every query!
Who's to say it isn't a credit card number stealing web site disguised as a web site "designed to 'educate users about the dangers of phishing'" disguised as a web site to help users determine whether their credit card numbers are stolen?
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
Post your full name, address, credit card number and cvv as a reply to this post and we will get back to you if your card has been exposed to the threats on internet.
There are no atheists when recovering from tape backup.
I'm just sayin'. It has all the hallmarks of a IT grad student behavioral study experiment or perhaps a prank or a hoax. Are people really that stupid?
"If you want to know what happens to you when you die, go look at some dead stuff."
Society is broken, not the ideas that circulate freely, no matter what anyone would wish. GPS in phones - useful to owners, and to thieves, as in http://pleaserobme.com/. P2P and copyrights, anonymity, credit info, privacy rights, games. Lots of things have good and bad, legal and illegal, moral and immoral sides. I believe that in most instances, society is just having trouble adapting and finding the right way to do it, but it will change regardless, it's up to our actions to guide it. And simple easy answers that worked in the past won't do any good sometimes. Credit cards? Silly details, society and economics is totally broken.
Build your own energy sources from scratch. http://otherpower.com/
http://www.google.com/safebrowsing/report_error/?tpl=googlechrome&continue=http://www.google.com/tools/firefox/toolbar/FT2/intl/en/submit_success.html&url=http://ismycreditcardstolen.com/&hl=en-US
An even larger percent are people.
Yeah well, it's better than being anything else. ;)
I love when jealous people post snide remarks on American web sites, it just makes it all so clear how inferior they feel. :)
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
How much time did it take from when the site was published to when the various browsers had it blocked?
Bite me
It's amusing that you think of it as a "snide remark", when I intended it as merely factual.
Trolls trolling trolls -- /b/ has nothing on this place...
Contrary to the popular belief, there indeed is no God.
...are people still this gullible? Even if the site is 100% legit, what would possess someone to give out their information on an site that had no ssl encryption? They put freaking graphics of "Secured!" with a green check mark on the page...honestly if people can't see through that they deserve to get their card information stolen.
Now that I think about it, perhaps that is the secondary purpose of the site. Force people to learn not to give out their card information otherwise some guy in China will start buying his internet service and iPhone apps on your account! (happened to several people I know after using Meritline.com).
The first purpose being to steal credit card info of course. ;)
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
When we were kids, many of us received immunizations against a host of nasty diseases. The purpose of these vaccines was to expose our immune systems to "fake badness," so that when we were exposed "real badness," the immune system would be pre-primed to deal with it.
Phishing is a problem precisely because most of the email that your average (l)user gets and most of the sites they visit are legitimate, with no badness (of this type) involved. When you've never been exposed to phishing behavior, it's much easier to fall for a scam.
You can run all the "awareness" campaigns you want, but users tend to ignore that sort of stuff, thinking, "right, I get it, but I'm smarter than that."
We need to inoculate users to teach them to be wary. There should be more sites like this out there. Some geared toward credit card data, some geared toward username & password, and others yet for other forms of PII.
Once a user is brought up short a few times by information pages like you see after you hit submit, they will be more cautious on all sites.
That it's registered to some place in George Town Cayman Islands. I would say that is a phishing scam since they want all pertinent info. Of course IE8 does not block it so if you really want to test it and not get a scam alert just use IE8.
The Navy Motto "IF it ain't broke Fix It" "A day is wasted if you don't learn something new"
It makes me think of my friend when he was going to apply to Kmart, The first thing they ask for at the website is your full social security number. Needless to say that is a great target for phishing, Try this, open your cli in windows and tracert www.google.com. It returns as www.l.google.com but, on a Linux box it returns as www.google.com with ***.l.*****.com being the prime giveaway in a phishing scam some people report Google owns www.l.google.com. What is your take ? Ron
I think that this is actually a good thing. It means that Firefox (and other browsers that are blocking the site) is working! The site _is_ phishing - they just aren't/weren't using the information they tricked users into entering (or at least they claimed not to).
It's all clear to me now. Your nationality makes you feel inferior.
For instance, SonicWall blocks phishtank. Yup, SonicWall blocks a site to help protect users against phishing by being able to check links against known phishing sites (http://www.stevemilner.org/blog/2010/01/20/sonicwall-silly/). The less technical the data owners are the less helpful the the rule sets are.
To be honest, this site in question does look like a phishing site and thus, if someone went to the site and knew what phishing was, they would most likely flag it if they did not click through (aka it isn't a verified phishing site but it sure looks like one at first glance).
I'm just sayin'. It has all the hallmarks of a IT grad student behavioral study experiment or perhaps a prank or a hoax. Are people really that stupid?
Ever heard of this site about the dangers of dihydrogen monoxide?
"Dihydrogen monoxide can even be lethal if inhaled!" Dihydrogen monoxide is, of course, water. Their link that says it's "for the press" will explain the intent behind the site. It aims to do for critical thinking what this phishing education site does for phishing.
It is a miracle that curiosity survives formal education. - Einstein
Phishing education phishy phished for phishy phishing the pish. pish.
Read radical news here
Yeah well, it's better than being anything else. ;)
I love when jealous people post snide remarks on American web sites, it just makes it all so clear how inferior they feel. :)
I am an American and I have to admit that the USA's general public is dumb. Not in the sense that they don't have intellectual capacity, but in the sense that they seem quite unwilling to use it. They'd generally rather play follow-the-leader and go whichever way the wind blows. They seem to want someone to do their thinking for them, the same way that the aristocracy of old wanted someone (domestic servants) to do their cooking and cleaning for them. This is bad, very bad.
If I thought they were truly stupid and just couldn't help it, then there'd be no point in saying anything. It would be in very poor taste, sort of like asking a paraplegic why he isn't getting up and walking. But the truth is, they can help it, they can do much better, they can value things like logic and critical thinking. They just refuse.
It is a miracle that curiosity survives formal education. - Einstein
It's amusing that you think of it as a "snide remark", when I intended it as merely factual.
I'd mod you up except that I have already posted in this discussion. I am an American and I strongly agree with you. Being honest about this and not trying to cover it up would be this country's first step towards recognizing and dealing with this problem.
It is a miracle that curiosity survives formal education. - Einstein
Good troll dumbshit, now go have tea using your shitty teeth.
Yes I know I could save the page or use wget but why doesn't Firefox let me look at the suspected page's SOURCE? How could that possibly be harmful?
If you look at the HTML code, the form fields that contain your credit card information was excluded from the form the web browser actually submits. The HTML code is essentially structured like this: [credit card issuer] [credit card number] [name on credit card] [expiration month] [expiration year] [start form] [submit button] [end form]. The form itself really only contains the submit button and nothing else. Hence, unless your browser is broken, none of the credit card information should be submitted anywhere.
However, the bit about Google Analytics javascript on the bottom of the HTML page could contain code to collect and transmit these form fields to somewhere else. The site could be hacked, and the hacker could alter the HTML code to submit the credit card information somewhere.
I once had a signature.
Resolves to 209.85.225.147 witch I know to be a good IP address and yes MAC addresses can be spoofed and IP addresses can be spoofed as well. Security is just complication. And you can follow your route to primary DNS servers and look up routing tables as well. Im saying its odd that a very popular phishing trick is to slightly change the name record witch is what appears to happen when looking up google.com in tracert.
Try out the Netcraft Toolbar! FAQ OS Server Last changed IP address Netblock Owner
Linux Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8g DAV/2 SVN/1.6.9 mod_fcgid/2.3.4 24-Apr-2010 66.220.0.89 EGIHosting
The Navy Motto "IF it ain't broke Fix It" "A day is wasted if you don't learn something new"
I love it when conservatards take time away from visiting WalMart and calling the President a socialist to blindly flame anything that makes them feel even slightly inadequate. Now go back to whacking it to Sarah Palin photos and Ayn Rand.
Malicious individuals will start building copycat sites hoping to hoodwink a public now trained to think sites like this are just 'harmless education."
Damping absorbs vibrations. Dampening is caused by moisture.
There is the wrong way, and the Phishme.com way. cheers!
The site is clearly not malicious.
Really? "Clearly"? It's not clear to me. I am supposed to TRUST these people I don't know who have a hidden whois? Seems to me like an excellent way to acquire CC numbers from ignorant rubes.
If you want news from today, you have to come back tomorrow.
Actually in my experience, in meeting people from all over the world, and visiting many other places, it's not Americans that are dumb. It's most people in general. Stereotypes do fit some people, because they are created from a subset of a culture.
By categorizing Americans as dumb, you therefore categorize the general population of the whole world as dumb. Only approximately 1.5% of the United States population is Native American. The remainder migrated here, and their "American" ancestry spans one to a few dozen generations.
Serious? Seriousness is well above my pay grade.
But they need to be more realistic now. They are realistic enough for browsers to consider them phishers (which they probably are, technically), so they need to act just a little more like real phishers.
They need to do what all phishers do and get hundreds more domains and IP addresses.
And put sneaky Ad listings in sponsored search results with various search engines.
If people are entering their information, how is blocking an educational site a smart move? I mean, if they are entering their CC #, then they already have big problems. That said, I wouldn't be telling people to go there.
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
My corporate net blocks a website dedicated to fighting racism and hate speech on the basis that it 'has' racism and hate speech.
DERP.
> Are people really that stupid?
The answer to this question is always going to be the same, no matter what context you put around the question.
Are people stupid enough to send money to 419 scammers? Stupid enough to waste thousands of hours *baiting* 419 scammers and getting them to pose for photos in various ridiculous settings and attire? Stupid enough to *be* baited? Sure enough, some people are.
Are people stupid enough to give their credit cards details to any random person who claims to represent their bank and/or be looking out for their interests? Yep, some people are.
Are people stupid enough to leave young children unattended for extended periods of time? Stupid enough to show up at the police station and ask to have their confiscated contraband returned to them? Stupid enough to install pink fiberglass insulation all day wearing shorts and a t-shirt? Are women stupid enough to continue to date obviously abusive boyfriends? Are people stupid enough to shoot themselves in the sensitive bits with firearms, attempt to operate dangerous equipment (chainsaws, motor vehicles, you name it) when they're too tired to keep their eyes, deliberately ingest carelessly-measured quantities of poison without even knowing what the safe does is just to see how much they can take, stick random inappropriate objects where the sun don't shine, drill holes in their own skulls under unsanitary conditions, hijack commercial jets and fly them into the sides of buildings, buy shares in SCO, play Russian roulette, buy bottled spring water for pets, and give their computer password from work to a stranger for chocolate? These are all things people have actually done, so yeah, I'd say people are that stupid. At least, some people are.
Cut that out, or I will ship you to Norilsk in a box.
You have seen nothing.
Actually in my experience, in meeting people from all over the world, and visiting many other places, it's not Americans that are dumb. It's most people in general. Stereotypes do fit some people, because they are created from a subset of a culture.
By categorizing Americans as dumb, you therefore categorize the general population of the whole world as dumb. Only approximately 1.5% of the United States population is Native American. The remainder migrated here, and their "American" ancestry spans one to a few dozen generations.
I don't consider it important who migrated where, because that's more of a racial/ethnic issue. I don't think that's what this is about. I think it's our culture. That's something we have been exporting for some time now, and just about the only thing we still seem to massively export these days.
I spoke specifically of Americans because that's who is around me for handy observation. The Slashdot crowd seems slow to realize that making a claim about Americans is not the same thing as making the claim that everyone else is exempt. There's a difference between saying "Americans don't want to use their minds" versus saying "Americans don't want to use their minds, unlike everyone else." I said the former and did not say the latter, for a reason, yet I suppose people think that's all a big coincidence. I've all but given up explaining basic things like this, figuring that the people who don't notice or appreciate the difference have chosen not to, and there's nothing I can do for that. I suppose it makes them feel clever to point out such things as though they've made a grand discovery.
At any rate, I have observed during my lifetime a dumbing down of Western culture in general. According to John Taylor Gatto, middle and high schools a few generations ago would cover reading materials that are usually considered college-level today. And on and on it goes, countless examples of same.
It is a miracle that curiosity survives formal education. - Einstein
I'm thinking of setting up a service where people send me all their paper money ($20 notes and up), and I check to see if they're counterfeit or not. If any notes are counterfeit I destroy them so that my clients won't get into trouble by passing dud notes.
What do you think? Does this have possibilities?
Google is their own ISP ; e100.net is Google.
Registrant:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 9404
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..