[Fwd: Re: [SWLUG] How I deal with Bank phishing]

Pete Prior swlug at nermal.org
Wed Dec 14 17:08:11 UTC 2005 

Some people have way too much free time... ;)

Neil Jones wrote:
> 
> ------------------------------------------------------------------------
> 
> Subject:
> Re: [SWLUG] How I deal with Bank phishing
> From:
> Neil Jones <neil at nwjones.demon.co.uk>
> Date:
> Wed, 14 Dec 2005 17:14:56 +0000
> To:
> Steve Hill <steve at nexusuk.org>
> 
> To:
> Steve Hill <steve at nexusuk.org>
> 
> 
> On Wed, 2005-12-14 at 13:47, Steve Hill wrote:
>> On Wed, 14 Dec 2005, Neil Jones wrote:
>>
>>> I act on them. I go to the sites and fill in the forms with completely
>>> false details.
>>>
>>> Anyone have a better idea?
>> Report the abuse to the ISPs who are hosting the linked websites.  Some 
>> ISPs are quite good and will pull the site quickly (infact you may well 
>> find they already have by the time you report it), others are useless and 
>> don't care.
> 
> Of course that is an obvious thing to do but these guys have got it
> worked so they get the info before they get shut down. They know they're
> going to get reported. Quite often anyway they are running sites with no
> domain name and only and IP address which is a bit more difficult to
> trace down with absolute certainty.
> 
> AS to the other problems people have suggested. The chances of randomly
> hitting anyone's personal details are astronomically high. So
> astronomically high as to be impossible. I doubt for example that there
> is anyone anywhere called Ceri Grafu and there is no Cwmderi in
> Carmarthenshire. That is a real example I have used. ( Cer i grafu means
> Go and scratch or get lost in Welsh. Cwmderi is a fictional place out of
> a soap opera. Chinese or Russian spammers are not going to know that.) 
> 
> Secondly I am aware of spammers adding things to URLs to identify
> responding addresses but if you check the actual url in the  email to be
> sure you can tell if this is being done. Phishers don't seem to do this
> as it isn't worth their while.
> 
> I don't know exactly how phishers access the money from the account
> details they get. I get the basic idea of course, but it is difficult to
> get cash out of a system without risking getting caught by the
> electronic trail. By adding fake data to their databases I am corrupting
> them. It makes things more difficult and
> just may increase the chances of someone spotting what they doing and
> catching them.
> 
> 
> Neil Jones
> Neil at nwjones.demon.co.uk
> 
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> SWLUG Discussion List - Discuss at swlug.org
> http://swlug.org/mailman/listinfo/discuss

More information about the Swlug mailing list