| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed May 4 00:12:33 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Another PayPal phishing scam phased wrote: > look dont bother reporting these there are hundreds everyday, no one gives a shit Well, actually, many people do care. For one, there are those at the targeted organizations concerned that their "good name" is being further besmirched and confidence in their irganization being further eroded. There are law enforcement folk actively tracking some of the major fraudsters behind some of these scams. There are the folk at the ISPs, etc hosting the fraudulent sites concerned with improving the security of their systems (recently many of the phishing scam sites have been hosted on boxes compromised through awstats, PHP Gallery, phpBB and similar vulns and many of these boxes are at hosting services where it is the service's responsibility to provide and update those services). However, despite the existence of all these possibly interested folk, Full-Disclosure is not the right, or even a _useful_, place to report such things. As you and others have pointed out, there are literally dozens to hundreds of these every day (I have received about a dozen PayPal and various bank phishing scam messages at this address in the last few days and if anything that is down slightly from the norm). There are organizations like the Anti-Phishing Working Group where you can report ocasional phishing spams. More dedicated "anti-phishers" will have their own preferred mechanisms. Regards, Nick FitzGerald
Powered by blists - more mailing lists