Many weeks, six emails, one complaint lidged in the ISP’s automated ticketing software, and the phish sites I talked about here remained active and functioning.
But two hours after I make a LiveJournal post about it, the site is knocked offline and I get the following email in my mailbox:
We are aware of this but can’t comment further at this time however please be assured that it is being handeled inline with the local police
It’s possible the timing was a coincidence, of course, and the site being knocked offline had nothing to do with talking about the phish fraud openly. It’s possible, but it seems pretty weird to me.
So a couple weeks back, I get an email in my mailbox telling me that there is a problem with my PayPal account, and asking me to click a link to verify my account information.
Since I don’t have a PayPal account, it didn’t take a great deal of intellectual prowess to figure out that it was a “phish” email–an email designed to trick the credulous and unwary into going to a phony site and handing over their PayPal password. I get about a half-dozen of them a day, and I fired off emails to the appropriate Web hosts and forgot about it.
Next day, I got another phish asking me to validate my Bank of America account information. I don’t have an account with Bank of America, naturally. Again, a standard phish.
The only weird part was that the phony Bank of America site was hosted on the same Web server as the phony PayPal site. Fired off another email to the ISP hosting the fake sites and forgot it.
And got another phish email. And another, and another after that, and another after that. All advertising phony Web sites hosted on the same server.
“Huh,” I thought. “This is weird.”
We are, of course, about to get technical here