Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

10/25/2007

Phisher Frustrator

Filed under: Advice from your Uncle Jim,Criticism, Marginalia, and Notes,Fun Work,Geek Work,News and Current Events,The Dark Side,The Network Geek at Home — Posted by the Network Geek during the Hour of the Monkey which is in the late afternoon or 5:36 pm for you boring, normal people.
The moon is Waning Gibbous

I probably shouldn’t have done this, but…

You know, sometimes, I just get so irritated with the scams I get via e-mail that I just can’t help myself. This morning I read one too many eBay phishing scams in my inbox and, well, I had to do something about it.

eBay Phishing e-Mail

So, this is the e-mail I got that sent me over the edge.
Notice how this looks like a legitimate e-mail from eBay. It has all the same things that the official notices from eBay would have, including links to what look like official notices and actual sign-in screens.
The only real problem with this is that it was sent to an account that’s not associated with my eBay account and I haven’t bought or sold anything on eBay in over a year. What bothered me, though, was that I know people who would click on this and get scammed.
For fun, I hovered over the links to see where they led. If you look at the bottom of the linked screen capture here, you’ll see what I saw, but with the IP address obscured for safety’s sake.

eBay Phishing Scam Page This is the page that the phisher wanted me to go to.
Again, notice how it looks like a legitimate page on eBay’s website. It looks so good because the phisher’s page actually links to the graphics on eBay’s site. But, if you look in the address bar in the browser in the linked screen capture, you’ll see what led me to mess with the scammer.
The link is to an FTP site and includes logon information, complete with password.
Naturally, this was just too good for me to resist.
So, I popped open a DOS prompt and loaded the default FTP client on my Windows machine. When I connected to the FTP address listed in the link, I was prompted for a userID and password. When I used the credentials in the link, the FTP server let me in!

Phishing Scam Warning Naturally, this was far too good an opportunity for me to pass up.
So, while keeping the connection open, I renamed the phisher’s scam page from “ne.html” to “nono.html”. Then, I created my own “ne.html” and uploaded it.
In the linked image to the left, you can see that it gives anyone who loads it a warning not to click on just any old link they get in e-mail. Hopefully, this will serve to not only frustrate the phisher, but also educate anyone who might click the link.

Naturally, I don’t expect this to be up for very long on the phisher’s site, but, I figure if I help anyone with this little stunt, it will have been worth it. Though, you will notice that I obscured the IP address in my graphics to protect anyone the phisher may have hacked to run his scam. Also, it’s entirely possible that I was technically breaking the law by doing this, but I don’t expect the phisher is going to actually try to prosecute. After all, just how would one explain this to a judge?

Oh, and when I checked on it just before posting this, the phisher had changed the files back.  So, I did it again.


Advice from your Uncle Jim:
"People who fight fire with fire usually end up with ashes."
   --Abigail Van Buren

3 Comments

  1. Oh my that is hilarious!!!!!!!!!

    Way to fight back dude!

    Comment by Pete — 10/26/2007 @ 12:42 pm

  2. Yeah, I was rather pleased with myself.
    I’ll probably do a quick update in a minute because someone totally wiped out the whole thing late last night.

    Comment by the Network Geek — 10/26/2007 @ 5:51 pm

  3. You are my hero 🙂

    Comment by Open Systems Guy — 10/30/2007 @ 8:59 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.