As I'm sure is the case with many of you, I sure do love me some tax refund. Once my W2's and other year-end tax forms documents come in the mail, I get my e-File in and wait for my refund to be direct deposited.

Now, since the whole refund process involves computers and the internet, of course, it's a prime target for spammers and phishers who want nothing more than to ignite a little FUD and get some of your hard earned cash.

The below snippet comes courtesy of Andy F. who writes, "Idiotic spammers and phishers probably provide your site with a glut of terrible code, but I got a chuckle out of this credit card validation function found in an HTML file attached to a 'UK Department of Energy Refund Notice.' It also included a variety of non-valid PIN number checks."


function Validate() {
   if (document.logonForm.my_card.value == "") { 
      alert("Please enter your card number !"); 
      document.logonForm.my_card.focus();
      return false; 
   }

   if (document.logonForm.my_card.value == 0000000000000000) 
      { alert("Invalid card number."); return false; }

   if (document.logonForm.my_card.value == 1111111111111111)
      { alert("Invalid card number."); return false; }

   if (document.logonForm.my_card.value == 1112223344443231)
      { alert("Invalid card number."); return false; }

   if (document.logonForm.my_card.value == 2222222222222222)
      { alert("Invalid card number."); return false; }

   if (document.logonForm.my_card.value == 3333333333333333)
      { alert("Invalid card number."); return false; }

   if (document.logonForm.my_card.value == 4444444444444444)
      { alert("Invalid card number."); return false; }
...
}

A pretty WTF bit of code to be sure, but Andy's last sentence got my gears turning - Could there really be...MORE?! So, after scanning Google, I found that it was a piece of hot debate and included the original web page in its full glory.

As it turns out dear readers, the above code snippet is merely the tip of the iceberg. The entire file itself is the quintessence of WTF. Of course, I never expected that a phishing site would be a beau ideal of good coding practices, but...ugh...you really have to view the source to see what I mean.

Here's a link to the source - as a text file

However, for the adventurous - here's a link to a local copy of the page so, preserved as it was originally.

UPDATE: replaced links with a .zip file, as several anti-virus/anti-phishing systems reported this page as "unsafe". Heh

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!