[Scspamcop] Re: Moral obligation to phishing victim?
Scott Grayban
REMOVE.sgrayban at REMOVE.gmail.com
Fri Apr 6 00:10:04 EDT 2007
I would submit the info directly on the paypal security website --
https://www.paypal.com/ewf/f=pps_spf
Kenneth Brody wrote:
> Scott Grayban wrote:
>> I would also forward the info to the PayPal security team as well.
>
> Is that a different address than spoof-at?
>
>> Include the URL you got the info from.
>
> Already did. (Strip the filename off the URL and you get a directory
> listing.)
>
> [...]
>>>>>> Okay, what are my moral obligations to someone I think has been a
>>>>>> victim of a phishing scam?
>>>>> [...]
>>>>>> a reverse phone number lookup give the same name and city as in
>>>>>> the phisher's .txt file. The SSN and credit card info loog like
>>>>>> they may be valid.
>>>>> [...]
>>>>>
>>>>> I decided "screw it", and called the phone number and left a message
>>>>> about the scam.
>>>> I think ya done right.
> [...]
>
> I got a call from the victim's husband, starting with "I got a very
> strange message on my voicemail". (I included my phone number in
> the message I left, as part of a "I'm a real person" aspect of the
> message.) I read him parts of the info that was in the file (street
> address, mother's maiden name, credit card bank name), and told him
> the city and ISP of the IP that posted it (he said that would be his
> wife's work location). I didn't want to give him the URL of the file,
> as it includes personal info from other victims. I told him that I
> had given the URL to PayPal.
>
> While it should be (relatively) easy to straighten out the PayPal
> situation, and cancel the credit card that she gave, the fact that
> her street address, social security number, date of birth, and
> mother's maiden name will be a major problem.
>
>
> I just re-checked the data capture file, and see that someone from
> rDNS tacoma.internetidentity.com submitted (false) info into the
> form. Their website says they are "expert phishing and response".
> Has anyone here heard of them? I don't like this line from their
> website -- "Kill phishing sites for only $400 per site".
>
More information about the SCspamcop
mailing list