Privacy guaranteed - Your email is not shared with anyone.

paypal phishing site got hacked

Discussion in 'Tech Talk' started by David_G17, May 23, 2005.

  1. David_G17

    David_G17 /\/\/\/\/\/\/\/

    Likes Received:
    Oct 7, 2002
    one of those fake sites trying to persuade people to give their paypal info got hacked, lol.

    As fraudsters continue to target their victims with increasingly elaborate phishing sites, the surprise appearance of anti-phishing vigilantes is now hampering their operations.

    A PayPal phishing site recently reported by the Netcraft Toolbar community was promptly taken down; not by the hoster or law enforcement agency, but seemingly by a vigilante with an interest in disabling such sites and protecting innocent web users:


    The phishing site was replaced with a warning page, created with the open source suite on Windows. The identity of "sickophish" is not known, nor is it known how he gained access to the web server to perform the act of vigilantism.

    Phishing sites are commonly found hosted on compromised web servers, where lack of security allows fraudsters to access machines and upload phishing content. If a fraudster exploits these security weaknesses without subsequently securing the machine, then online vigilantes are just as likely to exploit the weaknesses to go in and replace the fraudulent content.

    Another phishing site – this time imitating NatWest Bank in the UK – was recently defaced by The Lad Wrecking Crew, which has been involved in several previous defacements and even offers a selection of desktop wallpapers that can be placed on "captured" phishing sites.


    Typical messages added to captured sites include, "Were you looking for the bank that was supposed to be here? We trashed it because it wasn't real," continuing with, "You could have lost thousands of dollars of your hard-earned life-savings! There is no need to thank us, really."

    While phishing is undoubtedly an illegal activity, the legality of defacing phishing sites is also quite questionable, but in cases observed by Netcraft so far it is reasonable to assume that only the fraudsters themselves have been disadvantaged.

    Netcraft provides a free anti-phishing Toolbar which offers protection against phishing sites, as well as providing the opportunity to report new phishing sites. So far this year, the Netcraft Toolbar community has reported over 6,600 different phishing sites, and this list of sites is also available as a feed suitable for integration with web proxies and mail filters.
  2. fastvfr

    fastvfr Ancient Tech

    Likes Received:
    Mar 28, 2001
    SW Oregon
    There is quite a community of hackers working to better the Net these days, from what I gather.

    Good for them.

    The best part is, they are using the same vulnerabilities that the phishers used to hijack those pages and URLs in the first place!

    Poetic justice at its finest.

  3. MB-G26

    MB-G26 Canceled Lifetime Member

    Likes Received:
    Oct 9, 2001
    Missing Sharon
    Wish they c/disable multiple-repeat dictionary spammers the same way!
    And the original phishers' legally recoverable damages would be what, exactly?