@Michael Molsner – thanks for all your help. You are doing a great job keeping the interwebs safe. :)

[quote post=”2324″]Do you not have a test bed apache (or Xampp) system that sits on a non-routable network block (192.168.x.x, 172.[16-31].x.x, 10.x.x.x) where you can demonstrate to your students without the risk of exposure to the big-bad-interwebbythingy.[/quote]

Nope. I’m an adjunct. I’m lucky that I get a mailbox on campus. :P

But yeah, you are right – not very smart on my part, and I totally deserved to be caught. I’m not complaining. In fact I’m totally impressed that it happened so fast. :) It’s a good thing!

Why would you publish this on the public Internet?

Do you not have a test bed apache (or Xampp) system that sits on a non-routable network block (192.168.x.x, 172.[16-31].x.x, 10.x.x.x) where you can demonstrate to your students without the risk of exposure to the big-bad-interwebbythingy.

You were caught, you deserved to be caught – it’s good to see that the anti-phishing systems work so well.

Hello,

This is definitely an interesting project and many of such should be done in order to educate as many people as possible about phishing matters. It is always a surprise to discover “drop files” and to see how many users did input their real credentials:-/

Much to do!

Cheers,
Michael
[KL Japan]

I am actually developing a website that will counter phishing in a whole new way un seen to the internet so far, its too new (and simple) of an idea to post here on your blog, but send me an email I will tell you about it. It will decrease phishing on the internet by at least 20% (a lot of you think about it) if websites give it a chance.

[quote post=”2324″]Btw, Copeland emailed me about 3pm – he was very nice about it, and said I can keep it up but asked to hide it from the outside world so that we don’t get flagged. )[/quote]

You see we have woodpeckers as well. :)

Sigh… I didn’t even get to use it yesterday. :(

@jambarama – I never considered that. :P Most of the stuff I do in class is pretty much straight out of the textbook. I don’t remember the title/authors of the top of my head but it is semi-decent. It comes with ppt slides for each chapter which I usually modify, splice and hack into shape.

@coaster – I don’t think that would be the case – considering none of them have seen it yet. I put the site up in the wee hours of the morning and it was already flagged when I got up for work. I didn’t actually show it in class.

@Miloš – heh! Woodpecked! lol You got to give it to them – they are fast.

Btw, Copeland emailed me about 3pm – he was very nice about it, and said I can keep it up but asked to hide it from the outside world so that we don’t get flagged. :)

@ZeWrestler – oh, I always thought it was pishing as in fishing with an f. Go figure. :P

I haven’t seen Robila the whole semester. He apparently is doing “off campus research” on Tuesdays which means I don’t see him at all these days. :(

Oh, and 3-30 days was what I was expecting – I thought i can put it up, early morning, show it in class the same day and then take it down without it being flagged. I did not expect it showing up on black lists mere hours after it hit the internets.

@Ricardo – Hmmm… Let’s see. I use faviconize, Fasterfox, adblock, greasemonkey, stylish, Google notebook, firebug, adsense notifier, and twitterfox

Hey Luke,

I have a question out of curiosity: What are the add-ons you are using on Firefox? I can reconize the FavicognizeTab, the Fasterfox, the Gmail plugin, the Firebug, and the adblock from your print screen.

What about the others?

Dude,

First, its phishing not pishing.

Second, have you shown this to Robila?

Third, according to APWG’s December report the avg lifetime of a phishing site was 3 days where the longest lived site is 31. So half of the worlds phishing sites are taken down in under 3 days of launch.

Good to hear phishing education is continuing there, even after I’m gone.

You got “woodpecked”! :) Kaspersky is big into 24/7/365 development and updates which you can read about here. Their business model is impressive and it is one of main reasons they keep improving and expanding every year.

On the other hand you are almost dead on when it comes to sys admins…but I would place the cut off to 5:05 PM for most of them.

Out of interest, what do you tell them in the way of how to recognise such sites?

The obvious one would be the domain not being ebay.com, although that can be hidden more cleverly using subdomains (e.g. http://signin.ebay.com.evilphishers.com, but with a slightly less obvious name than “evilphishers”). Anywhere where ebay would refer to you by name, like in their emails, will be a giveaway when the phishers just call you customer.. the links given in emails you can check the URL of too…

Obviously any mistakes in the reproduction of the real page will be a pretty big flag.

Easiest way to avoid all the crap is to always go to the homepage by typing it in yourself, instead of clicking links in emails – if there’s some important account upgrade they need you to do (not that there ever really is) then it’ll be available from logging into the main page.