| « Sponsor Appreciation, Banzai Bouncer, Untraditional Data Rack, & More | The Missing Interview, Infantile Expectancies, & More » |
As I'm sure is the case with many of you, I sure do love me some tax refund. Once my W2's and other year-end tax forms documents come in the mail, I get my e-File in and wait for my refund to be direct deposited.
Now, since the whole refund process involves computers and the internet, of course, it's a prime target for spammers and phishers who want nothing more than to ignite a little FUD and get some of your hard earned cash.
The below snippet comes courtesy of Andy F. who writes, "Idiotic spammers and phishers probably provide your site with a glut of terrible code, but I got a chuckle out of this credit card validation function found in an HTML file attached to a 'UK Department of Energy Refund Notice.' It also included a variety of non-valid PIN number checks."
function Validate() {
if (document.logonForm.my_card.value == "") {
alert("Please enter your card number !");
document.logonForm.my_card.focus();
return false;
}
if (document.logonForm.my_card.value == 0000000000000000)
{ alert("Invalid card number."); return false; }
if (document.logonForm.my_card.value == 1111111111111111)
{ alert("Invalid card number."); return false; }
if (document.logonForm.my_card.value == 1112223344443231)
{ alert("Invalid card number."); return false; }
if (document.logonForm.my_card.value == 2222222222222222)
{ alert("Invalid card number."); return false; }
if (document.logonForm.my_card.value == 3333333333333333)
{ alert("Invalid card number."); return false; }
if (document.logonForm.my_card.value == 4444444444444444)
{ alert("Invalid card number."); return false; }
...
}
A pretty WTF bit of code to be sure, but Andy's last sentence got my gears turning - Could there really be...MORE?! So, after scanning Google, I found that it was a piece of hot debate and included the original web page in its full glory.
As it turns out dear readers, the above code snippet is merely the tip of the iceberg. The entire file itself is the quintessence of WTF. Of course, I never expected that a phishing site would be a beau ideal of good coding practices, but...ugh...you really have to view the source to see what I mean.
Here's a link to the source - as a text file
However, for the adventurous - here's a link to a local copy of the page so, preserved as it was originally.
|
Minister of Revenue
HM Revenue & Customs 100 Queen Street Binghamshireton, England 1G3A8-G1 Dear Minister Bolton, I recently submitted a request for a tax refund of 327.54 L's on your web site. Unfortunately, the web site would not take the number of my Royal Express card: 1111-2222-3333-4444. In addition, my PIN number of 1234 was not accepted either! When you get the opportunity, could you please repair your web site so that I may apply for my refund? Thank you, Jameson Q. Kinglingston 12 Ogden Heath Yorkshire Puddington, RQ A8ADI-7A |
Re: Phishing for a Refund
2010-02-08 11:04
•
by
Bluesman
(unregistered)
|
Fair enough. Captcha: iusto - Iusto love her, but it's all over now Just enter your Credit Card number and Pincode here and we'll refund you your 2p. |
| « Sponsor Appreciation, Banzai Bouncer, Untraditional Data Rack, & More | The Missing Interview, Infantile Expectancies, & More » |
Anonymous:
