Comments on: When the community doesn’t reach a consensus

by: MASA

Fri, 17 Nov 2006 07:23:29 +0000

It has to be a phish, see how it is asking for your SS number?

That’s like asking for your CC # but worse.

by: micha

Sat, 21 Oct 2006 10:24:24 +0000

This page surely is scam but –> NOT asking for any password. For me, the definition of “phishing” is still close to “password fishing”. Thus, of course voted NOT a phish

by: jaded

Thu, 19 Oct 2006 22:24:35 +0000

It’s not a phish. It may be a spam, it may be a scam, it may be legitimate, but the one thing it’s not is a phish. It might help if there were voting options for “spam” or “scam”. That way people who don’t like the content can label it as such, just not as a phish.

One of the things I do for every submission is compare the URL to the site’s name. If it looks like it might be legit, I google for the company. I just had one for Five Thirds Bank and the URL was something like http://administrator-53.com. When I googled for “five thirds bank”, google instead took me to http://www.53.com. That page looked exactly like the phish, so I knew it was a phish.

In this case I googled for “great student loan payoff” and this URL was google’s answer. Therefore this site is not a phish.

by: Dougie Lawson

Wed, 18 Oct 2006 01:06:06 +0000

It’s a lottery. Everyone gets a dollar. Everyone gets a salesman trying to sell a student loan consolidation loan. Someone gets a hundred grand. It’s sitting on a https site with a valid certificate issued by Verisign. It may not be wise to divulge all that personal data, but it’s not phishing. I voted “not a phish”.

My definition of phishing being a site that purports to be a legitimate bank or financial institution for the purpose of stealing your credentials for that bank or financial institution.

Perhaps someone needs to report this to your Federal Trade Commission.
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01

If this was in the United Kingdom I’d report this to the Financial Services Authority.

by: Ilgaz

Tue, 17 Oct 2006 20:41:54 +0000

Benz it is not a “phish” by definition, it is a scam.

Phish means like, a legit looking mail from a respected organisation such as bank.

You should check http://www.fraudwatchinternational.com , they are interested in scams.

by: Benz

Tue, 17 Oct 2006 13:44:48 +0000

Fuggedaboudit! I ain’t about to give out all my personal info to nobody! So what more does this no morals of a website want from a poor unsuspecting student? Geez! Go to a reliable source for the cash. Then, face to face, the loan officer will take down all the info they may need to make the loan. Not some jerk on the net who most likely doesn’t arrainge loans anyhow. They should be viewed as phish for their approach and what they’re up to. Avoid them like the plague!

by: astrogeek

Thu, 12 Oct 2006 17:38:51 +0000

Maybe this is a good case for a 3rd option - “Is Spam”. It is outside the scope of this project directly, but there are a number of posts that have come across that are 100% spam. Of course, by definition if it’s spam it’s not a phish, which is what I voted. It’s marketing, pure and simple (heaven help if you if you click it).

by: Blain

Thu, 12 Oct 2006 03:17:31 +0000

Unfortunately, the reliability of this system suffers when the rules get bent. This is not the place to solve all the problems on the net — this is a place to identify phishing schemes. If it can do that reliably, then it will have value and will help make things better, and that’s a good thing.

Taking time to figure out if a non-phish thing is a good thing or a bad thing, and, if it’s a bad thing, to identify it as phish when it isn’t, doesn’t really help anything IMO. It’s going to be a period of time before anybody’s going to be able to figure out how to use this data to actually impact the amount of phishing going on and the harm that it’s doing to people. Let’s not push that date back by giving reasons to doubt the reliability of the service. The concern about false-positive is something that should concern everybody — one false-positive is much more dangerous that 100 false-negatives.

by: someone1234

Wed, 11 Oct 2006 06:34:24 +0000

Yeah, it took me some time to vote on that one. I voted phish only because the target audience are students.
So, yeah, i slightly bent the rules.

by: Tim Wilde

Tue, 10 Oct 2006 23:16:11 +0000

I wonder if more context might help in a situation like this - what did the e-mail that the link was contained in look like? You’ve said you might be providing this information in past postings, and this would be a case that I think argues for it. If the e-mail is consistent with the URL itself and the web site, then I’d agree (and in fact that confirms what I voted), not a phish. But if the e-mail were to claim to be from someone other than this third party (such as if it claimed to be from the actual servicer of an indivdual’s student loan(s)), that might make it cross the line into “this is a phish” territory.