• Jake Vinson (cs)

    jvinson / hunter2

  • Arkamis (unregistered)

    College. Whar u go 2 lern... n stuff.

    Seriously, they should have kicked anyone that replied to that email out of school. "Sorry kid, you're too stupid to get a degree. Try going back to fourth grade to learn critical reading skills."

  • Kermos (cs)

    Looks like he should have used credit card information as an example instead.

  • Joe Butler (unregistered)

    Clearly, not everyone knows what 'phishing' means.

  • snoofle (cs)

    T.erminator / UwillBmine - @cyberdine.com

  • captain obvious (unregistered)

    whoever did that should get expelled from school for being way too stupid.

  • Chris (unregistered) in reply to Kermos
    Kermos:
    Looks like he should have used credit card information as an example instead.

    Greetings Cardholder,

    Please post all account information including number, exp date, mother's maiden name to this and any other forum to which you may post.

    Also, send that information out in a mass email to everyone you know, post it on facebook, myspace, etc., and spray paint the information on a building near your home.

    If you do not comply, we will ruin your credit and close your account with us.

    Thanks a bunch, Your Credit Card Company

  • jpers36 (cs)

    ATTENTION: DAILY WTF SUBSCRIBER:

    This comment is to inform all our {DAILY WTF} users that we will be upgrading our site in a couple of days from now. So you as a Subscriber of our site you are required to post your WTF account details so as to enable us know if you are still making use of our comment box. Further informed that we will be deleting all WTF account that is not functioning so as to create more space for new user. so you are to send us your WTF account details which are as follows:

    *User name: *Password:

    Failure to do this will immediately render your WTF account deactivated from our database.

    Your response should be post in the following comments.

  • Adriano (cs)

    Reminds me of "The Derek Zoolander Center For Kids Who Can't Read Good And Who Wanna Learn To Do Other Stuff Good Too". The principal must have wanted to cry, I'd bet.

  • JackD (unregistered)

    To all those that suggest the students get kicked out.. why would the school do that? If they stay in they fail a lot, have to retake classes, and thus the school gets more tuition money from stupid students than smart ones.

  • Florian Junker (unregistered)

    This is just depressing. How do these people manage to stay alive?

  • DaStoned (unregistered)

    When I read a formal and unnecessarily complex e-mail, my brain simply rejects it. I just skim over it.

    Important messages should be short and simple.

  • dave (unregistered) in reply to jpers36

    *User name: dave *Password: PaS5w0rd

    (well hey, atleast it contains letters/uppercase and numbers)

  • JD (unregistered)

    "Phishing" goes back decades through the mediums of telephone, fax and written letter but there is a single universal truth that is as relevant today as it ever was: you have nothing to fear unless you are a complete and utter moron who is happy to give your personal information to a complete stranger for the simple reason that they ask you nicely for it. Sometimes I find it hard to believe just how many people fall into this category.

  • SomeCoder (unregistered)

    pskroob / 12345

  • PIercy (unregistered) in reply to Florian Junker
    Florian Junker:
    This is just depressing. How do these people manage to stay alive?

    i agree however saying there is no correlation between regular users and irregular users is rubbbish.

    I reckon a person who uses a pc 5 times a week while at work is more likely to spot a phishing site. than my gran who occasionally checks her emails and plays solitaire...

  • Yep (unregistered)

    From: Anon Y. Mous, ASP. To: Everyone Priority: High Subject: Comment Trolling Warning

    We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

    Here is an example of a recent trolling attempt:

        -------------------------------------------
        Subject: Re: Serious Fricken Bureaucracy
    
        Re: Serious Fricken Bureaucracy
    
        I pretty much function as technical support for my
        team, setting up things like start menu shortcuts and 
        icons. I have even written some useful programs that I 
        gave to the corporate support group. You get better 
        response from them if they know they owe you for giving 
        them free programs.
    
        I have heard NO complaints from them, so I am very 
        pleased with a rate of zero defects. Every time I ask 
        my friend in tech support how they are working out, he 
        gets a big smile and says they are working perfectly.
    
        Here are some examples of programs I have written for 
        our technical support group:
    
        ud.exe - this goes up a directory, so instead of typing 
            "cd.." you can simply type "ud"
    
        ud2.exe - this goes up TWO directories at once, so it 
            is like doing ud twice.
    
        ud3.exe - this goes up THREE directories at once (you 
            get the picture by now I hope).
    
        mkdirrandom.exe - makes a new directory with a random 
            name, using a random number generator I wrote (I 
            adapted the code someone posted on this site).
    
        regall.exe - this recursively searches your hard drive 
            for all DLLs and runs regsvr32.exe on each one so 
            everything will work again if a DLL registration 
            gets messed up.
    
        backupall.exe - this backs up all exes, dlls, ocxs, and 
            tmp files in case you need to restore your 
            computer. It puts them in a folder called 
            C:\backupall. 
    
        (end of trolling example)
        -------------------------------------------
    

    Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

    When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

    If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

    Thank you,

    Anon Y. Mous, ASP. Chief Sarcasm Officer

  • <out of memory> (unregistered) in reply to SomeCoder
    SomeCoder:
    pskroob / 12345

    Hey, that's my luggage combination!

    Captcha: Causa as in Causa belli. This means war!

  • Anon (unregistered) in reply to SomeCoder

    Sadly, Auburn isn't the only place to have suffered this.

    The .edu I work at had the exact same thing happen. People replied to a message we sent with the subject "ATTN: Email scam" that also happened to include a sample phish with usernames and passwords.
    One person contacted the helpdesk because they weren't sure which password they should respond with.

    For bonus face-palming fun, it wasn't just students, but academics too.

  • bsaksida (cs)

    I got link to one of banks through email, and noticed it had psihing, i was curious and contiune.

    I filled some fields.

    Credit Card number: Keep Dreaming Securits number: TrippleX Email: www.microsoft.com

    And other information, i filled it as it could stand out as a fake. The one didint even check, it only said thank you for your cooperation.

    Second time i got to paypal, through some kind of proxy. Didn't even touch it

  • Anon (unregistered) in reply to Anon

    Let me try that again:

    People replied with usernames and passwords to a message we sent with the subject "ATTN: Email scam" that also happened to include a sample phish .

  • Vollhorst (unregistered)

    You shouldn't blade those people. That was a automatically generated email that is sent to everyone who sends a message containing something like "password", "mail", "username", "viagra" ...

    Saves a lot of time that can be used to drink some booze.

  • Steve H (unregistered) in reply to DaStoned
    DaStoned:
    When I read a formal and unnecessarily complex e-mail, my brain simply rejects it. I just skim over it.

    Important messages should be short and simple.

    Seconded. That's just how people read these things. The real idiot is the guy who sent the email, and didn't see it coming, not the students.

    (Having said that, if you've ever proof-read an American college student's work, man they're hopeless. The state of education in that country is terrifying).

  • kelly (unregistered) in reply to Chris

    Ha! The jokes on you! My credit is already ruined!

    BWAHAHAHA!

  • Ozz (unregistered)

    Give a man a fish, and he will eat for a day. But, teach a man to phish...

  • kennytm (cs) in reply to Yep
    Yep:
    From: Anon Y. Mous, ASP. To: Everyone Priority: High Subject: Comment Trolling Warning

    We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

    Here is an example of a recent trolling attempt:

        -------------------------------------------
        Subject: Re: Serious Fricken Bureaucracy
    
        Re: Serious Fricken Bureaucracy
    
        I pretty much function as technical support for my
        team, setting up things like start menu shortcuts and 
        icons. I have even written some useful programs that I 
        gave to the corporate support group. You get better 
        response from them if they know they owe you for giving 
        them free programs.
    
        I have heard NO complaints from them, so I am very 
        pleased with a rate of zero defects. Every time I ask 
        my friend in tech support how they are working out, he 
        gets a big smile and says they are working perfectly.
    
        Here are some examples of programs I have written for 
        our technical support group:
    
        ud.exe - this goes up a directory, so instead of typing 
            "cd.." you can simply type "ud"
    
        ud2.exe - this goes up TWO directories at once, so it 
            is like doing ud twice.
    
        ud3.exe - this goes up THREE directories at once (you 
            get the picture by now I hope).
    
        mkdirrandom.exe - makes a new directory with a random 
            name, using a random number generator I wrote (I 
            adapted the code someone posted on this site).
    
        regall.exe - this recursively searches your hard drive 
            for all DLLs and runs regsvr32.exe on each one so 
            everything will work again if a DLL registration 
            gets messed up.
    
        backupall.exe - this backs up all exes, dlls, ocxs, and 
            tmp files in case you need to restore your 
            computer. It puts them in a folder called 
            C:\backupall. 
    
        (end of trolling example)
        -------------------------------------------
    

    Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

    When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

    If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

    Thank you,

    Anon Y. Mous, ASP. Chief Sarcasm Officer

    ok, you are a retard because: <drum roll="">
    1) cd ..
    2) cd ..\..
    3) cd ..\..\..
    4) mkdir wqeipjfwvoefi
    5) that's not very a good idea.
    6) 'system restore'
    
    "he gets a big smile and says they are working perfectly"=="nod and smile at the retard"</drum>
  • rd (unregistered) in reply to Yep
    Yep:
    From: Anon Y. Mous, ASP. To: Everyone Priority: High Subject: Comment Trolling Warning

    We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

    Here is an example of a recent trolling attempt:

        -------------------------------------------
        Subject: Re: Serious Fricken Bureaucracy
    
        Re: Serious Fricken Bureaucracy
    
        I pretty much function as technical support for my
        team, setting up things like start menu shortcuts and 
        icons. I have even written some useful programs that I 
        gave to the corporate support group. You get better 
        response from them if they know they owe you for giving 
        them free programs.
    
        I have heard NO complaints from them, so I am very 
        pleased with a rate of zero defects. Every time I ask 
        my friend in tech support how they are working out, he 
        gets a big smile and says they are working perfectly.
    
        Here are some examples of programs I have written for 
        our technical support group:
    
        ud.exe - this goes up a directory, so instead of typing 
            "cd.." you can simply type "ud"
    
        ud2.exe - this goes up TWO directories at once, so it 
            is like doing ud twice.
    
        ud3.exe - this goes up THREE directories at once (you 
            get the picture by now I hope).
    
        mkdirrandom.exe - makes a new directory with a random 
            name, using a random number generator I wrote (I 
            adapted the code someone posted on this site).
    
        regall.exe - this recursively searches your hard drive 
            for all DLLs and runs regsvr32.exe on each one so 
            everything will work again if a DLL registration 
            gets messed up.
    
        backupall.exe - this backs up all exes, dlls, ocxs, and 
            tmp files in case you need to restore your 
            computer. It puts them in a folder called 
            C:\backupall. 
    
        (end of trolling example)
        -------------------------------------------
    

    Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

    When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

    If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

    Thank you,

    Anon Y. Mous, ASP. Chief Sarcasm Officer

    Two questions: how do I include the entire text of a long post in my short reply and how do I go up four directories?

  • mauhiz (unregistered)

    We could use phishing handling reactions from students as a standard to rank universities.

    Btw, my captcha is ******** (it may show as stars for you, because this is my own private captcha word. But to me it reads as ********).

  • Neo (unregistered) in reply to jpers36

    User ID: CollegeDude Password: Ir1$hWereDrunk!

  • SQLDave (cs) in reply to Kermos
    Kermos:
    Looks like he should have used credit card information as an example instead.

    FTW

  • Mike (unregistered) in reply to Jake Vinson

    Amazing! haha nice

  • rumpelstiltskin (unregistered) in reply to PIercy
    PIercy:
    Florian Junker:
    This is just depressing. How do these people manage to stay alive?

    i agree however saying there is no correlation between regular users and irregular users is rubbbish.

    I reckon a person who uses a pc 5 times a week while at work is more likely to spot a phishing site. than my gran who occasionally checks her emails and plays solitaire...

    Well heck, as long as you can reckon the results, there's no point in people doing studies anymore. We should just stop funding all of them, and give you the money for the answers instead.

  • Chris (unregistered)

    The ability to detect scams has a lot less to do with experience than it does raw intelligence. The intelligent person sees something out of the ordinary and asks the question, "What is going on here? Is this is a phishing attack?" Not much experience is require to be able to know that something is amiss. The stupid person, even with all the phishing training in the world, can't "spot" a place where someone is outsmarting them. You can't teach someone to not be outsmarted.

    That being said, someone who has used a computer for years and works as a web developer is a lot less likely to fall victim to something like this than my grandma is.

  • Code Dependent (cs)

    There was something phishy about that email.

  • Asiago Chow (unregistered)

    College student == wiseass.

    Reply to that email w/ user id and password (not necessarily valid or yours) == wiseass.

    Unless Jeff validated that the user IDs and passwords were in fact correct for those students it's safe to assume they were yanking his chain.

    Maybe Jeff isn't the brightest bulb on the tree and didn't see the joke.

  • Vincent Curry (unregistered) in reply to PIercy

    However, the occasional user may well be far more cautious, and check things more carefully.

  • Helix (unregistered) in reply to Chris

    I bet 100GBP that most of the students who replied with there apparent username and password did so as a joke....

    i would have

  • root (unregistered)

    12345

  • Anj (unregistered)

    Okay, I know every University would have a handful of pepole who would do the exact same thing... but I can't help but smirk at the fact that's it's AUBURN (albeit a branch school).

    But then, I am certainly biased. Roll Tide.

  • Miquel Fire (unregistered)

    I saw messages like that at my place of work (which is a university) and the trigger for me is the webmail team signature they used. Also, we don't call it username anyway.

  • MrsPost (cs)

    This is sadly common. I swear if you sent out an e-mail that said:

    Do NOT send us this information:

    • User name
    • Password

    you would get any number of responses.

    People don't read the e-mail. They scan it, see that there is a list of values to be provided, and send them. They don't read the text of the message. Especially if it's a dense block of text prior to the tidy little list.

  • Ty (unregistered) in reply to Jake Vinson

    The better way is to actually request their information and then revoke their systems access for 1 day. When they call us, you say

    "We phished your login information, which will now be change and re-issued to you in a card. We will periodically send you this request, and if you respond, we will revoke your systems access for 1-3 days, depending on when we feel like bringing it back up and when we do we'll issue you a new login and pass. This is for your own saftey and to teach you NEVER to give out your login and password, especially to us!"

  • postmast3r (unregistered)

    At the large .edu where I'm a postmaster, we found that almost none of the students or faculty who responded sent a fake password - they sent their real one. (Some did send choice comments for the phishers though). We also learned, as did the author of the warning message, that the term "phishing" means nothing at all to people who don't already know what the term means. Since these are the people we're trying to teach, we had to change our messages to use terms like "criminal". Sending a message with a Subject: line of "watch out for phishing" means as much to the people vulnerable to these scams as a Subject: line of "watch out for bilgevortexers", ie nothing.

  • Larry (unregistered)

    At our university, a department head emailed his department saying that he's sure that none of his people would be dumb enough to respond to any email with their username and passwords.

    3 people replied with their username and password to that email.

  • Captain Obvious (unregistered) in reply to kennytm
    kennytm:
    Yep:
    From: Anon Y. Mous, ASP. To: Everyone Priority: High Subject: Comment Trolling Warning

    We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

    Here is an example of a recent trolling attempt:

        -------------------------------------------
        Subject: Re: Serious Fricken Bureaucracy
    
        Re: Serious Fricken Bureaucracy
    
        I pretty much function as technical support for my
        team, setting up things like start menu shortcuts and 
        icons. I have even written some useful programs that I 
        gave to the corporate support group. You get better 
        response from them if they know they owe you for giving 
        them free programs.
    
        I have heard NO complaints from them, so I am very 
        pleased with a rate of zero defects. Every time I ask 
        my friend in tech support how they are working out, he 
        gets a big smile and says they are working perfectly.
    
        Here are some examples of programs I have written for 
        our technical support group:
    
        ud.exe - this goes up a directory, so instead of typing 
            "cd.." you can simply type "ud"
    
        ud2.exe - this goes up TWO directories at once, so it 
            is like doing ud twice.
    
        ud3.exe - this goes up THREE directories at once (you 
            get the picture by now I hope).
    
        mkdirrandom.exe - makes a new directory with a random 
            name, using a random number generator I wrote (I 
            adapted the code someone posted on this site).
    
        regall.exe - this recursively searches your hard drive 
            for all DLLs and runs regsvr32.exe on each one so 
            everything will work again if a DLL registration 
            gets messed up.
    
        backupall.exe - this backs up all exes, dlls, ocxs, and 
            tmp files in case you need to restore your 
            computer. It puts them in a folder called 
            C:\backupall. 
    
        (end of trolling example)
        -------------------------------------------
    

    Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

    When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

    If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

    Thank you,

    Anon Y. Mous, ASP. Chief Sarcasm Officer

    ok, you are a retard 

    He's not a retard, he's the Chief Sarcasm Officer. A position that people like you make clear is still terribly necessary.

  • Smash King (cs)

    When I was in Uni, we often shared information through a mailgroup (but it was mostly jokes, of course). Someday one of my classmates sent us a warning about how the jdbgmgr.exe virus was actually a hoax, and it contained a copy of the email that lots of people were falling for. If you don't remember or you never got that email, it says where to search for the "virus" and states that an infected file's icon would be a teddybear.

    A few hours later we received a response from another classmate : "Why, thank you Sabrina. Guess what, my computer was infected too." /facepalm

  • Evan (unregistered)

    Ha- when I was in college we had a class-wide, opt-out mailing list that was mostly used for events, people selling stuff, random nonsense, etc. Someone sent out a really obviously fake joke phishing email to the list- about a half dozen people hit reply-all and sent their username/password to a couple thousand people.

  • Thunder (unregistered) in reply to Miquel Fire
    Miquel Fire:
    I saw messages like that at my place of work (which is a university) and the trigger for me is the webmail team signature they used. Also, we don't call it username anyway.
    So you're saying if they change the wording of their email, then you'll respond? Nice...
  • Glow-in-the-dark (unregistered) in reply to bsaksida
    bsaksida:
    I got link to one of banks through email, and noticed it had psihing, i was curious and contiune.

    I filled some fields.

    Credit Card number: Keep Dreaming Securits number: TrippleX Email: www.microsoft.com

    And other information, i filled it as it could stand out as a fake. The one didint even check, it only said thank you for your cooperation.

    Second time i got to paypal, through some kind of proxy. Didn't even touch it

    Probably not that smart. You clicked for that probably on a weblink, which could have identified the specific email that was sent to you - thus confirming that email as live, active, and used by a usesr who clicks on things. Expect more spam soon..

  • curtmack (unregistered)

    I don't know why, but my college gets phished once every few weeks or so. The mailserver is pretty good at detecting mass spam attacks and (here's the evil part) stops acknowledging e-mail sent from that sender. This means that the would-be spammers get inundated with Postmaster errors from their own messages. Instant karma.

Leave a comment on “Go Phish”

Log In or post as a guest

Replying to comment #:

« Return to Article