Do you not have a test bed apache (or Xampp) system that sits on a non-routable network block (192.168.x.x, 172.[16-31].x.x, 10.x.x.x) where you can demonstrate to your students without the risk of exposure to the big-bad-interwebbythingy.

Nope. I’m an adjunct. I’m lucky that I get a mailbox on campus.

But yeah, you are right - not very smart on my part, and I totally deserved to be caught. I’m not complaining. In fact I’m totally impressed that it happened so fast. It’s a good thing!

Do you not have a test bed apache (or Xampp) system that sits on a non-routable network block (192.168.x.x, 172.[16-31].x.x, 10.x.x.x) where you can demonstrate to your students without the risk of exposure to the big-bad-interwebbythingy.

You were caught, you deserved to be caught - it’s good to see that the anti-phishing systems work so well.

This is definitely an interesting project and many of such should be done in order to educate as many people as possible about phishing matters. It is always a surprise to discover “drop files” and to see how many users did input their real credentials:-/

Much to do!

Cheers,
Michael
[KL Japan]

Btw, Copeland emailed me about 3pm - he was very nice about it, and said I can keep it up but asked to hide it from the outside world so that we don’t get flagged. )

You see we have woodpeckers as well.

@jambarama - I never considered that. Most of the stuff I do in class is pretty much straight out of the textbook. I don’t remember the title/authors of the top of my head but it is semi-decent. It comes with ppt slides for each chapter which I usually modify, splice and hack into shape.

@coaster - I don’t think that would be the case - considering none of them have seen it yet. I put the site up in the wee hours of the morning and it was already flagged when I got up for work. I didn’t actually show it in class.

@Miloš - heh! Woodpecked! lol You got to give it to them - they are fast.

Btw, Copeland emailed me about 3pm - he was very nice about it, and said I can keep it up but asked to hide it from the outside world so that we don’t get flagged.

@ZeWrestler - oh, I always thought it was pishing as in fishing with an f. Go figure.

I haven’t seen Robila the whole semester. He apparently is doing “off campus research” on Tuesdays which means I don’t see him at all these days.

Oh, and 3-30 days was what I was expecting - I thought i can put it up, early morning, show it in class the same day and then take it down without it being flagged. I did not expect it showing up on black lists mere hours after it hit the internets.

@Ricardo - Hmmm… Let’s see. I use faviconize, Fasterfox, adblock, greasemonkey, stylish, Google notebook, firebug, adsense notifier, and twitterfox

I have a question out of curiosity: What are the add-ons you are using on Firefox? I can reconize the FavicognizeTab, the Fasterfox, the Gmail plugin, the Firebug, and the adblock from your print screen.

What about the others?

First, its phishing not pishing.

Second, have you shown this to Robila?

Third, according to APWG’s December report the avg lifetime of a phishing site was 3 days where the longest lived site is 31. So half of the worlds phishing sites are taken down in under 3 days of launch.

Good to hear phishing education is continuing there, even after I’m gone.

On the other hand you are almost dead on when it comes to sys admins…but I would place the cut off to 5:05 PM for most of them.

The obvious one would be the domain not being ebay.com, although that can be hidden more cleverly using subdomains (e.g. http://signin.ebay.com.evilphishers.com, but with a slightly less obvious name than “evilphishers”). Anywhere where ebay would refer to you by name, like in their emails, will be a giveaway when the phishers just call you customer.. the links given in emails you can check the URL of too…

Obviously any mistakes in the reproduction of the real page will be a pretty big flag.

Easiest way to avoid all the crap is to always go to the homepage by typing it in yourself, instead of clicking links in emails - if there’s some important account upgrade they need you to do (not that there ever really is) then it’ll be available from logging into the main page.