Comment On Go Phish

A few years ago, researchers at Harvard University and UC Berkeley published a rather interesting study about phishing. After running a usability study to see how well people can detect phishing attempts, they found that: 23% of the study's participants did not look at the address bar, status bar, or the security indicators 68% proceeded without hesitation when presented with popup warnings about fraudulent certificates 90% were fooled by good phishing websites. Neither education, age, sex, previous experience, nor hours of computer use showed a statistically significant correlation with vulnerability to phishing. [expand full text]
« PrevPage 1 | Page 2 | Page 3 | Page 4 | Page 5Next »

Re: Go Phish

2008-11-06 10:05 • by Jake Vinson
jvinson / hunter2

Re: Go Phish

2008-11-06 11:03 • by Arkamis (unregistered)
College. Whar u go 2 lern... n stuff.

Seriously, they should have kicked anyone that replied to that email out of school. "Sorry kid, you're too stupid to get a degree. Try going back to fourth grade to learn critical reading skills."

Re: Go Phish

2008-11-06 11:04 • by Kermos
Looks like he should have used credit card information as an example instead.

Re: Go Phish

2008-11-06 11:10 • by Joe Butler (unregistered)
Clearly, not everyone knows what 'phishing' means.

Re: Go Phish

2008-11-06 11:13 • by snoofle

T.erminator / UwillBmine - @cyberdine.com

Re: Go Phish

2008-11-06 11:14 • by captain obvious (unregistered)
whoever did that should get expelled from school for being way too stupid.

Re: Go Phish

2008-11-06 11:14 • by Chris (unregistered)
227373 in reply to 227364
Kermos:
Looks like he should have used credit card information as an example instead.


Greetings Cardholder,

Please post all account information including number, exp date, mother's maiden name to this and any other forum to which you may post.

Also, send that information out in a mass email to everyone you know, post it on facebook, myspace, etc., and spray paint the information on a building near your home.

If you do not comply, we will ruin your credit and close your account with us.

Thanks a bunch,
Your Credit Card Company

ATTENTION: DAILY WTF SUBSCRIBER

2008-11-06 11:14 • by jpers36
ATTENTION: DAILY WTF SUBSCRIBER:

This comment is to inform all our {DAILY WTF} users that we will be upgrading our site in a couple of days from now. So you as a Subscriber of our site you are required to post your WTF account details so as to enable us know if you are still making use of our comment box.
Further informed that we will be deleting all WTF account that is not functioning so as to create more space for new user. so you are to send us your WTF account details which are as follows:

*User name:
*Password:

Failure to do this will immediately render your WTF account deactivated from our database.

Your response should be post in the following comments.

Re: Go Phish

2008-11-06 11:15 • by Adriano
Reminds me of "The Derek Zoolander Center For Kids Who Can't Read Good And Who Wanna Learn To Do Other Stuff Good Too". The principal must have wanted to cry, I'd bet.

Re: Go Phish

2008-11-06 11:17 • by JackD (unregistered)
To all those that suggest the students get kicked out.. why would the school do that? If they stay in they fail a lot, have to retake classes, and thus the school gets more tuition money from stupid students than smart ones.

Re: Go Phish

2008-11-06 11:18 • by Florian Junker (unregistered)
This is just depressing. How do these people manage to stay alive?

Re: Go Phish

2008-11-06 11:18 • by DaStoned (unregistered)
When I read a formal and unnecessarily complex e-mail, my brain simply rejects it. I just skim over it.

Important messages should be short and simple.

Re: ATTENTION: DAILY WTF SUBSCRIBER

2008-11-06 11:25 • by dave (unregistered)
227384 in reply to 227374
*User name: dave
*Password: PaS5w0rd

(well hey, atleast it contains letters/uppercase and numbers)

Re: Go Phish

2008-11-06 11:26 • by JD (unregistered)
"Phishing" goes back decades through the mediums of telephone, fax and written letter but there is a single universal truth that is as relevant today as it ever was: you have nothing to fear unless you are a complete and utter moron who is happy to give your personal information to a complete stranger for the simple reason that they ask you nicely for it. Sometimes I find it hard to believe just how many people fall into this category.

Re: Go Phish

2008-11-06 11:26 • by SomeCoder (unregistered)
pskroob / 12345

Re: Go Phish

2008-11-06 11:26 • by PIercy (unregistered)
227388 in reply to 227378
Florian Junker:
This is just depressing. How do these people manage to stay alive?


i agree however saying there is no correlation between regular users and irregular users is rubbbish.

I reckon a person who uses a pc 5 times a week while at work is more likely to spot a phishing site. than my gran who occasionally checks her emails and plays solitaire...


Re: Go Phish

2008-11-06 11:29 • by Yep (unregistered)
From: Anon Y. Mous, ASP.
To: Everyone
Priority: High
Subject: Comment Trolling Warning

We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

Here is an example of a recent trolling attempt:

-------------------------------------------
Subject: Re: Serious Fricken Bureaucracy

Re: Serious Fricken Bureaucracy

I pretty much function as technical support for my
team, setting up things like start menu shortcuts and
icons. I have even written some useful programs that I
gave to the corporate support group. You get better
response from them if they know they owe you for giving
them free programs.

I have heard NO complaints from them, so I am very
pleased with a rate of zero defects. Every time I ask
my friend in tech support how they are working out, he
gets a big smile and says they are working perfectly.

Here are some examples of programs I have written for
our technical support group:

ud.exe - this goes up a directory, so instead of typing
"cd.." you can simply type "ud"

ud2.exe - this goes up TWO directories at once, so it
is like doing ud twice.

ud3.exe - this goes up THREE directories at once (you
get the picture by now I hope).

mkdirrandom.exe - makes a new directory with a random
name, using a random number generator I wrote (I
adapted the code someone posted on this site).

regall.exe - this recursively searches your hard drive
for all DLLs and runs regsvr32.exe on each one so
everything will work again if a DLL registration
gets messed up.

backupall.exe - this backs up all exes, dlls, ocxs, and
tmp files in case you need to restore your
computer. It puts them in a folder called
C:\backupall.

(end of trolling example)
-------------------------------------------

Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

Thank you,

Anon Y. Mous, ASP.
Chief Sarcasm Officer

Re: Go Phish

2008-11-06 11:30 • by <out of memory> (unregistered)
227391 in reply to 227387
SomeCoder:
pskroob / 12345


Hey, that's my luggage combination!

Captcha: Causa as in Causa belli. This means war!

Re: Go Phish

2008-11-06 11:33 • by Anon (unregistered)
227392 in reply to 227387
Sadly, Auburn isn't the only place to have suffered this.

The .edu I work at had the exact same thing happen. People replied to a message we sent with the subject "ATTN: Email scam" that also happened to include a sample phish with usernames and passwords.
One person contacted the helpdesk because they weren't sure which password they should respond with.

For bonus face-palming fun, it wasn't just students, but academics too.

Re: Go Phish

2008-11-06 11:36 • by bsaksida
I got link to one of banks through email, and noticed it had psihing, i was curious and contiune.

I filled some fields.

Credit Card number: Keep Dreaming
Securits number: TrippleX
Email: www.microsoft.com

And other information, i filled it as it could stand out as a fake. The one didint even check, it only said thank you for your cooperation.

Second time i got to paypal, through some kind of proxy. Didn't even touch it

Re: Go Phish

2008-11-06 11:37 • by Anon (unregistered)
227395 in reply to 227392
Let me try that again:

People replied with usernames and passwords to a message we sent with the subject "ATTN: Email scam" that also happened to include a sample phish .

Re: Go Phish

2008-11-06 11:40 • by Vollhorst (unregistered)
You shouldn't blade those people. That was a automatically generated email that is sent to everyone who sends a message containing something like "password", "mail", "username", "viagra" ...

Saves a lot of time that can be used to drink some booze.

Re: Go Phish

2008-11-06 11:41 • by Steve H (unregistered)
227399 in reply to 227379
DaStoned:
When I read a formal and unnecessarily complex e-mail, my brain simply rejects it. I just skim over it.

Important messages should be short and simple.


Seconded. That's just how people read these things. The real idiot is the guy who sent the email, and didn't see it coming, not the students.





(Having said that, if you've ever proof-read an American college student's work, man they're hopeless. The state of education in that country is terrifying).

Re: Go Phish

2008-11-06 11:44 • by kelly (unregistered)
227400 in reply to 227373
Ha! The jokes on you! My credit is already ruined!

BWAHAHAHA!

Re: Go Phish

2008-11-06 11:45 • by Ozz (unregistered)
Give a man a fish, and he will eat for a day.
But, teach a man to phish...

Re: Go Phish

2008-11-06 11:47 • by kennytm
227404 in reply to 227390
Yep:
From: Anon Y. Mous, ASP.
To: Everyone
Priority: High
Subject: Comment Trolling Warning

We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

Here is an example of a recent trolling attempt:

-------------------------------------------
Subject: Re: Serious Fricken Bureaucracy

Re: Serious Fricken Bureaucracy

I pretty much function as technical support for my
team, setting up things like start menu shortcuts and
icons. I have even written some useful programs that I
gave to the corporate support group. You get better
response from them if they know they owe you for giving
them free programs.

I have heard NO complaints from them, so I am very
pleased with a rate of zero defects. Every time I ask
my friend in tech support how they are working out, he
gets a big smile and says they are working perfectly.

Here are some examples of programs I have written for
our technical support group:

ud.exe - this goes up a directory, so instead of typing
"cd.." you can simply type "ud"

ud2.exe - this goes up TWO directories at once, so it
is like doing ud twice.

ud3.exe - this goes up THREE directories at once (you
get the picture by now I hope).

mkdirrandom.exe - makes a new directory with a random
name, using a random number generator I wrote (I
adapted the code someone posted on this site).

regall.exe - this recursively searches your hard drive
for all DLLs and runs regsvr32.exe on each one so
everything will work again if a DLL registration
gets messed up.

backupall.exe - this backs up all exes, dlls, ocxs, and
tmp files in case you need to restore your
computer. It puts them in a folder called
C:\backupall.

(end of trolling example)
-------------------------------------------

Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

Thank you,

Anon Y. Mous, ASP.
Chief Sarcasm Officer


ok, you are a retard because: <drum roll>

1) cd ..
2) cd ..\..
3) cd ..\..\..
4) mkdir wqeipjfwvoefi
5) that's not very a good idea.
6) 'system restore'

"he gets a big smile and says they are working perfectly"=="nod and smile at the retard"

Re: Go Phish

2008-11-06 11:49 • by rd (unregistered)
227405 in reply to 227390
Yep:
From: Anon Y. Mous, ASP.
To: Everyone
Priority: High
Subject: Comment Trolling Warning

We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

Here is an example of a recent trolling attempt:

-------------------------------------------
Subject: Re: Serious Fricken Bureaucracy

Re: Serious Fricken Bureaucracy

I pretty much function as technical support for my
team, setting up things like start menu shortcuts and
icons. I have even written some useful programs that I
gave to the corporate support group. You get better
response from them if they know they owe you for giving
them free programs.

I have heard NO complaints from them, so I am very
pleased with a rate of zero defects. Every time I ask
my friend in tech support how they are working out, he
gets a big smile and says they are working perfectly.

Here are some examples of programs I have written for
our technical support group:

ud.exe - this goes up a directory, so instead of typing
"cd.." you can simply type "ud"

ud2.exe - this goes up TWO directories at once, so it
is like doing ud twice.

ud3.exe - this goes up THREE directories at once (you
get the picture by now I hope).

mkdirrandom.exe - makes a new directory with a random
name, using a random number generator I wrote (I
adapted the code someone posted on this site).

regall.exe - this recursively searches your hard drive
for all DLLs and runs regsvr32.exe on each one so
everything will work again if a DLL registration
gets messed up.

backupall.exe - this backs up all exes, dlls, ocxs, and
tmp files in case you need to restore your
computer. It puts them in a folder called
C:\backupall.

(end of trolling example)
-------------------------------------------

Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

Thank you,

Anon Y. Mous, ASP.
Chief Sarcasm Officer

Two questions: how do I include the entire text of a long post in my short reply and how do I go up four directories?

Re: Go Phish

2008-11-06 11:49 • by mauhiz (unregistered)
We could use phishing handling reactions from students as a standard to rank universities.

Btw, my captcha is ******** (it may show as stars for you, because this is my own private captcha word. But to me it reads as ********).

Re: ATTENTION: DAILY WTF SUBSCRIBER

2008-11-06 11:51 • by Neo (unregistered)
227408 in reply to 227374
User ID: CollegeDude
Password: Ir1$hWereDrunk!

Re: Go Phish

2008-11-06 11:53 • by SQLDave
227409 in reply to 227364
Kermos:
Looks like he should have used credit card information as an example instead.


FTW

Re: Go Phish

2008-11-06 11:53 • by Mike (unregistered)
227410 in reply to 227341
Amazing! haha nice

Re: Go Phish

2008-11-06 11:53 • by rumpelstiltskin (unregistered)
227411 in reply to 227388
PIercy:
Florian Junker:
This is just depressing. How do these people manage to stay alive?


i agree however saying there is no correlation between regular users and irregular users is rubbbish.

I reckon a person who uses a pc 5 times a week while at work is more likely to spot a phishing site. than my gran who occasionally checks her emails and plays solitaire...




Well heck, as long as you can reckon the results, there's no point in people doing studies anymore. We should just stop funding all of them, and give you the money for the answers instead.

Re: Go Phish

2008-11-06 11:54 • by Chris (unregistered)
The ability to detect scams has a lot less to do with experience than it does raw intelligence. The intelligent person sees something out of the ordinary and asks the question, "What is going on here? Is this is a phishing attack?" Not much experience is require to be able to know that something is amiss. The stupid person, even with all the phishing training in the world, can't "spot" a place where someone is outsmarting them. You can't teach someone to not be outsmarted.

That being said, someone who has used a computer for years and works as a web developer is a lot less likely to fall victim to something like this than my grandma is.

Re: Go Phish

2008-11-06 11:55 • by Code Dependent
There was something phishy about that email.

Re: Go Phish

2008-11-06 11:55 • by Asiago Chow (unregistered)
College student == wiseass.

Reply to that email w/ user id and password (not necessarily valid or yours) == wiseass.

Unless Jeff validated that the user IDs and passwords were in fact correct for those students it's safe to assume they were yanking his chain.

Maybe Jeff isn't the brightest bulb on the tree and didn't see the joke.

Re: Go Phish

2008-11-06 11:57 • by Vincent Curry (unregistered)
227415 in reply to 227388
However, the occasional user may well be far more cautious, and check things more carefully.

Re: Go Phish

2008-11-06 11:58 • by Helix (unregistered)
227416 in reply to 227412
I bet 100GBP that most of the students who replied with there apparent username and password did so as a joke....


i would have

Re: Go Phish

2008-11-06 12:04 • by root (unregistered)
12345

Re: Go Phish

2008-11-06 12:04 • by Anj (unregistered)
Okay, I know every University would have a handful of pepole who would do the exact same thing... but I can't help but smirk at the fact that's it's AUBURN (albeit a branch school).

But then, I am certainly biased. Roll Tide.

Re: Go Phish

2008-11-06 12:07 • by Miquel Fire (unregistered)
I saw messages like that at my place of work (which is a university) and the trigger for me is the webmail team signature they used. Also, we don't call it username anyway.

Re: Go Phish

2008-11-06 12:08 • by MrsPost
This is sadly common. I swear if you sent out an e-mail that said:

Do NOT send us this information:

* User name
* Password

you would get any number of responses.

People don't read the e-mail. They scan it, see that there is a list of values to be provided, and send them. They don't read the text of the message. Especially if it's a dense block of text prior to the tidy little list.

Re: Go Phish

2008-11-06 12:12 • by Ty (unregistered)
227423 in reply to 227341
The better way is to actually request their information and then revoke their systems access for 1 day. When they call us, you say

"We phished your login information, which will now be change and re-issued to you in a card. We will periodically send you this request, and if you respond, we will revoke your systems access for 1-3 days, depending on when we feel like bringing it back up and when we do we'll issue you a new login and pass. This is for your own saftey and to teach you NEVER to give out your login and password, especially to us!"

Re: Go Phish

2008-11-06 12:17 • by postmast3r (unregistered)
At the large .edu where I'm a postmaster, we found that almost none of the students or faculty who responded sent a fake password - they sent their real one. (Some did send choice comments for the phishers though). We also learned, as did the author of the warning message, that the term "phishing" means nothing at all to people who don't already know what the term means. Since these are the people we're trying to teach, we had to change our messages to use terms like "criminal". Sending a message with a Subject: line of "watch out for phishing" means as much to the people vulnerable to these scams as a Subject: line of "watch out for bilgevortexers", ie nothing.

Re: Go Phish

2008-11-06 12:19 • by Larry (unregistered)
At our university, a department head emailed his department saying that he's sure that none of his people would be dumb enough to respond to any email with their username and passwords.

3 people replied with their username and password to that email.

Re: Go Phish

2008-11-06 12:20 • by Captain Obvious (unregistered)
227429 in reply to 227404
kennytm:
Yep:
From: Anon Y. Mous, ASP.
To: Everyone
Priority: High
Subject: Comment Trolling Warning

We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

Here is an example of a recent trolling attempt:

-------------------------------------------
Subject: Re: Serious Fricken Bureaucracy

Re: Serious Fricken Bureaucracy

I pretty much function as technical support for my
team, setting up things like start menu shortcuts and
icons. I have even written some useful programs that I
gave to the corporate support group. You get better
response from them if they know they owe you for giving
them free programs.

I have heard NO complaints from them, so I am very
pleased with a rate of zero defects. Every time I ask
my friend in tech support how they are working out, he
gets a big smile and says they are working perfectly.

Here are some examples of programs I have written for
our technical support group:

ud.exe - this goes up a directory, so instead of typing
"cd.." you can simply type "ud"

ud2.exe - this goes up TWO directories at once, so it
is like doing ud twice.

ud3.exe - this goes up THREE directories at once (you
get the picture by now I hope).

mkdirrandom.exe - makes a new directory with a random
name, using a random number generator I wrote (I
adapted the code someone posted on this site).

regall.exe - this recursively searches your hard drive
for all DLLs and runs regsvr32.exe on each one so
everything will work again if a DLL registration
gets messed up.

backupall.exe - this backs up all exes, dlls, ocxs, and
tmp files in case you need to restore your
computer. It puts them in a folder called
C:\backupall.

(end of trolling example)
-------------------------------------------

Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

Thank you,

Anon Y. Mous, ASP.
Chief Sarcasm Officer


ok, you are a retard 

He's not a retard, he's the Chief Sarcasm Officer. A position that people like you make clear is still terribly necessary.

Re: Go Phish

2008-11-06 12:20 • by Smash King
When I was in Uni, we often shared information through a mailgroup (but it was mostly jokes, of course). Someday one of my classmates sent us a warning about how the jdbgmgr.exe virus was actually a hoax, and it contained a copy of the email that lots of people were falling for. If you don't remember or you never got that email, it says where to search for the "virus" and states that an infected file's icon would be a teddybear.

A few hours later we received a response from another classmate : "Why, thank you Sabrina. Guess what, my computer was infected too."
/facepalm

Re: Go Phish

2008-11-06 12:22 • by Evan (unregistered)
Ha- when I was in college we had a class-wide, opt-out mailing list that was mostly used for events, people selling stuff, random nonsense, etc. Someone sent out a really obviously fake joke phishing email to the list- about a half dozen people hit reply-all and sent their username/password to a couple thousand people.

Re: Go Phish

2008-11-06 12:23 • by Thunder (unregistered)
227435 in reply to 227420
Miquel Fire:
I saw messages like that at my place of work (which is a university) and the trigger for me is the webmail team signature they used. Also, we don't call it username anyway.

So you're saying if they change the wording of their email, then you'll respond? Nice...

Re: Go Phish

2008-11-06 12:31 • by Glow-in-the-dark (unregistered)
227440 in reply to 227393
bsaksida:
I got link to one of banks through email, and noticed it had psihing, i was curious and contiune.

I filled some fields.

Credit Card number: Keep Dreaming
Securits number: TrippleX
Email: www.microsoft.com

And other information, i filled it as it could stand out as a fake. The one didint even check, it only said thank you for your cooperation.

Second time i got to paypal, through some kind of proxy. Didn't even touch it


Probably not that smart. You clicked for that probably on a weblink, which could have identified the specific email that was sent to you - thus confirming that email as live, active, and used by a usesr who clicks on things. Expect more spam soon..

Re: Go Phish

2008-11-06 12:32 • by curtmack (unregistered)
I don't know why, but my college gets phished once every few weeks or so. The mailserver is pretty good at detecting mass spam attacks and (here's the evil part) stops acknowledging e-mail sent from that sender. This means that the would-be spammers get inundated with Postmaster errors from their own messages. Instant karma.
« PrevPage 1 | Page 2 | Page 3 | Page 4 | Page 5Next »

Add Comment