Phisher Frustrator
I probably shouldn’t have done this, but…
You know, sometimes, I just get so irritated with the scams I get via e-mail that I just can’t help myself. This morning I read one too many eBay phishing scams in my inbox and, well, I had to do something about it.
So, this is the e-mail I got that sent me over the edge.
Notice how this looks like a legitimate e-mail from eBay. It has all the same things that the official notices from eBay would have, including links to what look like official notices and actual sign-in screens.
The only real problem with this is that it was sent to an account that’s not associated with my eBay account and I haven’t bought or sold anything on eBay in over a year. What bothered me, though, was that I know people who would click on this and get scammed.
For fun, I hovered over the links to see where they led. If you look at the bottom of the linked screen capture here, you’ll see what I saw, but with the IP address obscured for safety’s sake.
This is the page that the phisher wanted me to go to.
Again, notice how it looks like a legitimate page on eBay’s website. It looks so good because the phisher’s page actually links to the graphics on eBay’s site. But, if you look in the address bar in the browser in the linked screen capture, you’ll see what led me to mess with the scammer.
The link is to an FTP site and includes logon information, complete with password.
Naturally, this was just too good for me to resist.
So, I popped open a DOS prompt and loaded the default FTP client on my Windows machine. When I connected to the FTP address listed in the link, I was prompted for a userID and password. When I used the credentials in the link, the FTP server let me in!
Naturally, this was far too good an opportunity for me to pass up.
So, while keeping the connection open, I renamed the phisher’s scam page from “ne.html” to “nono.html”. Then, I created my own “ne.html” and uploaded it.
In the linked image to the left, you can see that it gives anyone who loads it a warning not to click on just any old link they get in e-mail. Hopefully, this will serve to not only frustrate the phisher, but also educate anyone who might click the link.
Naturally, I don’t expect this to be up for very long on the phisher’s site, but, I figure if I help anyone with this little stunt, it will have been worth it. Though, you will notice that I obscured the IP address in my graphics to protect anyone the phisher may have hacked to run his scam. Also, it’s entirely possible that I was technically breaking the law by doing this, but I don’t expect the phisher is going to actually try to prosecute. After all, just how would one explain this to a judge?
Oh, and when I checked on it just before posting this, the phisher had changed the files back. So, I did it again.
Advice from your Uncle Jim:
"Get busy livin', or get busy dyin'.
--from "The Shawshank Redemption