PhishTank is operated by OpenDNS, a free service that makes your Internet safer, faster, and smarter. Get started today!

Phishing for clicks, at my expense

posted by John Roberts on September 7th, 2007 in PhishTank, Verifying phishes, Yahoo

Banks, credit unions, PayPal, eBay, Amazon, the IRS… all of these organizations suffer from phishing attacks on a regular basis. (Sad, but true.)

Yesterday morning, I personally received an example of a new (to me) category of phish: someone trying to get me to provide Yahoo credentials. Not my personal Yahoo credentials, but my “Sponsored Search” account, where I’d control my advertising spend with Yahoo Search Marketing…if I had an account!

I suppose the purpose was to steal my credentials and then have “me” schedule and pay for pay-per-click advertising on behalf of the criminal. Phishers keep following the money, even via more indirect routes.

The phisher even copied the Javascript popup from the legitimate site encouraging me to bookmark this new location!

Note: Besides the community’s vote (thank you!), I’ve notified someone at Yahoo Search Marketing, so I would expect and hope this site will be taken offline rapidly. It’s already blocked for OpenDNS customers, of course.

whois info:

Domain name: yahincmarketing.com

Registrant:
   Jim Johnson  (SROW-615849)
   mdumi82u@aol.com
   5 rue de Thorigny
   PAris   PARIS
   75003   FR
   +33 42719715
 
Follow responses to this post through the RSS 2.0 feed.
Leave a response below, or send a trackback from your own site.

4 Responses

  1. M M

    I got the same stupid thing myself, not once but thrice! I also flagged my entry to
    PhishTank’s moderator that this was indeed a new type of phish. I likely received
    this one because I have a Yahoo account myself, although there are some others in
    the Society with different addresses they pool into this account with their received
    phishes.

    Your ally at the London Antiphishing Society, near Arkansas Nuclear One

    — posted by M M on September 12th, 2007 at 7:30 pm

  2. DougieLawson

    John, some interesting observations. It’s clear that the phony pharmacy, the spam email, the phishing email, the phishing sites and the money laundering (money mule) sites are all closely coupled.

    We in the ‘tank are working on one aspect. Folks like SpamCop are working on another aspect. Law enforcement (the High Tech Crime Unit in the United Kingdom) need to work on some of the “more illegal” aspects (working with the FBI and the FTC).

    Until you can break the loop (until all the banks use HTTPS (secure HTTP)) for their websites; we’ll all be plaugued with the bucket of crud in our inboxes. [My wife gets about 10 NatWest phishes every day - she banks with NatWest Online - but isn’t stupid enough to click a link in an email.]

    That brings the other aspect that needs to be tackled. Lets see if we can get folks to stop buying phony viagra, lets see if we can get folks tuned in to the fact that their bank, PayPal, eBay will NOT send email with a link to click for security issues. My credit card company, for example, used SNAIL MAIL and the plain old telephone for a recent set of strange transactions that went on my account (they were benign, but tripped their security monitoring).

    — posted by DougieLawson on September 19th, 2007 at 6:33 am

  3. Russ Price

    Just curious - do Phishtank reports get passed onto any law enforcement agencies? If not, it just seems to me that the criminals doing the phishing will simply be able to move on to other hacked web sites with no penalty or risk (a practice known as “whack-a-mole” in the antispam community).

    Are any law enforcement agencies actively pursuing phishers?

    — posted by Russ Price on September 25th, 2007 at 12:33 am

  4. Aubrey Jones

    Great information. This is likely a side effect of the security upgrades that most financial institutions have put into place over the last year. The value of a stolen online banking creditial has gone down tremendously, so getting ‘free’ pay-per-clicks is a great way to generate a whole new round of traffic. The criminals definitely work hard to keep one step ahead of the good guys.

    — posted by Aubrey Jones on December 17th, 2007 at 7:39 pm

Leave a Reply

Server: pt1