Virginia Tech tragedy, phishing, and helping out
posted by John Roberts on April 22nd, 2007 in PhishTank, Community, Developers, Lists
As posted to the user mailing list, the Virginia Tech tragedy has prompted some unscrupulous folks to set up fake donation sites. Several of these possible scams and phishes have been submitted to the Tank by edgester, who also helps on the technology side of PhishTank.
Judge them carefully. Scams are not necessarily phish, so apply your judgment appropriately.
VTFamilies.org is a site doing the right thing. I’ve checked it out personally, after an appeal by one of the site administrators. If you want to help, or simply remember, you should visit.
I wouldn’t normally call attention to tragedies: there are simply too many. But the (possible) intersection of phishing and this story called for an exception.
Leave a response below, or send a trackback from your own site.
Ilgaz
I have checked edgesters submissions and surprised that some of his submissions actually from VERY credible ISC are marked invalid.
I think people should think a second about the entries as this service relies on actual human knowledge, not some custom ai scripts passing over hundreds of megabytes.
If not sure, press “I don’t know”. I do it every time, it doesn’t harm the system. If site is down, press “I don’t know” and click “something wrong with this submission”, not “not a phish”. Consider the fact that some hosting providers really care about the phishing sites up and running on their network and shut them down immediately either via “access forbidden” or a plain rm -rf command which will result in 404.
As we deal with criminals here, what if the site is coded in a way that will go up and down randomly waiting for victims? So, the site which you say “not a phish” because of that 404 would be up and running again in 15 mins, victimising people.
There are also people who started to reference phishtank phish URLs in their spamcop.net (not .com) reports which results in very fast take down of phishing sites.
— posted by Ilgaz on April 22nd, 2007 at 10:10 pm
Punkki
I have checked edgesters submissions as well, and not one of the ones currently resolving to anything (including the already voted ones) are currently phishes.
They might be scams, or scams waiting to happen, or even phishes waiting to happen, but none of them was (IMHO) currently phishes.
By ISC I believe Ilgaz means “Internet Storm Center”, specifically this story: http://isc.sans.org/diary.html?storyid=2664 . What they did was gather up a batch of domain names that looked like they were somehow connected with Virginia Tech. They didn’t claim they all were frauds or phishes, they just asked people to verify the status.
As things are now at ISC, they’ve found only 1 phish. And even that is not a phish by any stretch of imagination, since it doesn’t collect any personal data, nor does it impersonate anything.
We might be dealing with criminals, but a scam does not a phish make.
As things are now,
— posted by Punkki on April 24th, 2007 at 6:08 am
Mads Dam
Maybe phishtank.com could use a sister site: scamtank.com
In lack of that I could recommend siteadvisor.com…
— posted by Mads Dam on June 26th, 2007 at 2:28 am