Slashdot Mirror
Phishing Education Test Blocked For Phishing
An anonymous reader writes "It appears a website called ismycreditcardstolen.com, designed to 'educate users about the dangers of phishing,' has itself been flagged by Firefox as a reported web forgery. The site, which asks visitors to enter their credit card details to 'see if they've been stolen,' takes the hapless visitor to a page warning them about the perils of phishing, giving them advice on how to avoid similar scams and also provides a link to the Anti-Phishing Working Group's website. Or at least it did, until various browsers started blocking it. As the Sunbelt blog post notes, the project was likely doomed to failure, both because of the domain name itself and also because it uses anonymous Whois data, which isn't exactly going to make security people look at it in a positive light. Does anyone out there think this was a good idea? Or will malicious individuals start playing copycat on a public now trained to think sites like this are just 'harmless education?'"
Maybe the site's designers are actually phishing, and collecting people's credit card details. If they are ever challenged, they have the "hey, it was just an educational web site" defense to fall back on.
The form data isn't actually transmitted; the submit button is on a different form. Real hackery would have to change the HTML as well.
That it's registered to some place in George Town Cayman Islands. I would say that is a phishing scam since they want all pertinent info. Of course IE8 does not block it so if you really want to test it and not get a scam alert just use IE8.
The Navy Motto "IF it ain't broke Fix It" "A day is wasted if you don't learn something new"
In case you didn't understand my comment: the HTML input elements that are in the source to show those boxes on the page are NOT part of a form element. This means that absent some javascript, the data in those input elements will not be transmitted. Go ahead and try it with Wireshark for yourself, you'll see that the only result is a GET request for their 'you have failed' page.
If you look at the HTML code, the form fields that contain your credit card information was excluded from the form the web browser actually submits. The HTML code is essentially structured like this: [credit card issuer] [credit card number] [name on credit card] [expiration month] [expiration year] [start form] [submit button] [end form]. The form itself really only contains the submit button and nothing else. Hence, unless your browser is broken, none of the credit card information should be submitted anywhere.
However, the bit about Google Analytics javascript on the bottom of the HTML page could contain code to collect and transmit these form fields to somewhere else. The site could be hacked, and the hacker could alter the HTML code to submit the credit card information somewhere.
I once had a signature.
The site is clearly not malicious.
Really? "Clearly"? It's not clear to me. I am supposed to TRUST these people I don't know who have a hidden whois? Seems to me like an excellent way to acquire CC numbers from ignorant rubes.
If you want news from today, you have to come back tomorrow.
Blocked by intelligent people - the site doesn't pass the smell test.
And there's no reason to believe they didn't log the data.