Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing Education Test Blocked For Phishing

Posted by Soulskill on from the please-enter-your-opinion-and-credit-card-number-below dept.

An anonymous reader writes "It appears a website called ismycreditcardstolen.com, designed to 'educate users about the dangers of phishing,' has itself been flagged by Firefox as a reported web forgery. The site, which asks visitors to enter their credit card details to 'see if they've been stolen,' takes the hapless visitor to a page warning them about the perils of phishing, giving them advice on how to avoid similar scams and also provides a link to the Anti-Phishing Working Group's website. Or at least it did, until various browsers started blocking it. As the Sunbelt blog post notes, the project was likely doomed to failure, both because of the domain name itself and also because it uses anonymous Whois data, which isn't exactly going to make security people look at it in a positive light. Does anyone out there think this was a good idea? Or will malicious individuals start playing copycat on a public now trained to think sites like this are just 'harmless education?'"

4 of 113 comments (clear)

  1. Re:Hmmm... by Rijnzael · · Score: 5, Informative

    That's not the point of the site. The point is to show the vulnerable how easy it is to fall for phishing scams, and that you should never provide your credit card number to a site that you're unfamiliar with.

    The site is clearly not malicious. The form tag on the page doesn't include the card number and other identifying input elements, so that data isn't gathered or even transmitted over the network from what I can tell. The page just sends you to their 'you have failed page' any time you submit it.

  2. Re:Firefox could still be correct... by Anonymous Coward · · Score: 5, Informative

    RFTSC (source code):


    <!-- Start form here so credit card details aren't submitted. -->
    <form action="check.html">
        <input type="submit" value="Check if my credit card is stolen">
    </form>

    The browser never submits any of the entered information to the server.

  3. Re:Whois shows by broken_chaos · · Score: 3, Informative

    Oddly enough that doesn't work in "view source" mode. I had to use Firebug to check the source code instead.

  4. Re:Firefox is broken by Dumnezeu · · Score: 3, Informative

    Apparently, it's a bug in Firefox. Running 3.6.3 on Windows does the same thing: if you click the "Ignore this warning" in the window with the page's source, nothing happens.

    --
    Yes, it's sarcasm. Deal with it!