Why phishing works? (Was: Re: [LINK] Harvard arts-science requires open-access publishing)

Rick Welykochy rick at praxis.com.au
Sat Feb 16 17:33:13 EST 2008


rchirgwin at ozemail.com.au wrote:

> So anything purporting to be from "St George Bank" is bogus, because I 
> never signed on for e-mail from St George Bank. I don't need to stop and 
> think, or look for clues. And I don't seem to have lost any convenience 
> by staying out of the e-mail loop with my bank.

But as the Harvard paper cited in Marghanita's post mentioned, phishing
is working brilliantly. $ MILLIONS have been lost to the scams. The testing
the team did indicated that even IT "professionals" were often fooled by
good scamming techniques.

I do get lots of the St George Bank scams for some reason.

One thing I have done is check into which web server is being used for
dozens of phishing scams. They are all Apache running PHP/4 or PHP/5.
I do not think Apache itself is insecure, so I would put the blame
on PHP (full of holes) or else the owners of the servers are willingly
hosting the scam pages. I tend to think the former is the case.

> href="http://cpcruzdelrio.juntaextremadura.net/modules/welcome.htm">

Server: Apache/1.3.34 (Debian) PHP/4.4.4-8+etch4

I do get a kick out the phishing scams that mention in the text that
there have been a number phishing attacks on this particular bank
and would you please log in to their new security system which prevents
further phishing attacks. LOL.


cheers
rickw



-- 
_________________________________
Rick Welykochy || Praxis Services

A polar bear is a rectangular bear after a coordinate transform.
      -- Anon.


More information about the Link mailing list