• (cs) in reply to Steve
    Steve:
    What the fuck is your problem, friend? Didn't your mother ever teach you that if you don't have anything nice to say...

    Apparently yours didn't educate you well at all, if you feel the need to rant profanely for no reason.

    I don't have a problem, other than total morons wasting my time. Thanks for joining them.

  • John Hardin (unregistered) in reply to JD
    JD:
    ... you have nothing to fear unless you are a complete and utter moron who is happy to give your personal information to a complete stranger for the simple reason that they ask you nicely for it.
    Just like the lottery, phishing is a stupidity tax.

    +1 on the opinion that those students who responded to the original email with their account credentials should have been expelled for not having the minimum reading skills a University student should possess. If you make stupidity painless, you only encourage it.

  • Virtually Brillant (unregistered) in reply to Azeroth
    Azeroth:
    Actually, when you post your password here (mine is *******), it gets replaced by asterixes.

    That's so Gauling.

  • IT Girl (unregistered) in reply to kelly

    That's exactly what I tell anyone who threatens to ruin my credit. Especially the debt collectors. I mean what makes them think my credit is any good if they're calling me anyway?

  • IT Girl (unregistered) in reply to IT Girl

    Oops meant to reply to Kelly's comment.

  • Worf (unregistered) in reply to Technical Thug
    Technical Thug:
    ender:
    Rob F:
    Unfortunately, valid spoofed e-mail addresses mean that unsuspecting people suddenly encounter thousands of postmaster errors in what has been named backscatter and the original spammer doesn't receive any kind of comeuppance. It is manifested by poorly set up mail systems that obsessively send auto-response messages without even verifying if the original e-mail address was bona-fide.
    Actually, since 99% of these e-mails come from infected computers directly, the message is just discarded (worms won't bother relaying the 500 response from your SMTP server to whichever random sender they used).
    You're making way too many assumptions. And I know they are wrong, because I've seen people's mailboxes get crushed under a pile of NDR and bounce messages for stuff they never sent.

    If your mail server bounces mails back to senders, you lose at Internet.

    Unfortunately, there are still a LOT of mailservers that accept by default, and bounce when they fail to deliver, plus a LOT of "virus scanners" that bounce messages when it fails a virus scan, and finally, a LOT of "antispam" that bounce a message because it appears to be spam or because the idiotic recipient has chosen to be a problem and use a whitelist.

    Even if 99% of the world's mailservers check before accepting (and fail to accept), that 1% still causes a big problem due to the numbers.

    The proper behavior is to fail to accept the message - return a permanent failure before the DATA stage. That way the sending mailserver can send the bounce back, and if it's properly set up to not be an open relay, will most likely go back to the originator. The exception are the bots that use the user's configured server to relay spam through. But those are a lot less common (as a single user sending thousands of emails a day... tends to be a red flag).

    Of course, the worst solution I've seen are those "mailcheck" programs - they detect the email isn't on some whitelist, then they send back a challenge. These are the most annoying backscatter to receive - it means the recipient has decided to solve their spam problem by offloading it onto innocent third parties. (As I only receive them once in a while, I always do the challenge - it corrupts their whitelist and they get spam. And usually, I forward a nasty reply back calling THEM a spammer for sending unsolicited and unwanted email.

    Greylisting works much better - whitelisted emails are sent through, and the rest are scanned. If it's obviously spam, it's dropped silently, if it's got the potential to be valid, it's bounced back (a trickle rather than a flood), or it's held by the server for the user to decide to accept or delete.

  • (cs) in reply to WhiskeyJack
    WhiskeyJack:
    I always liked to submit the forms with data that looked very plausible, but was made up. It's fairly easy to spoof a valid-looking credit card number. Might as well decrease the scammer's signal-to-noise ratio.

    Why do that when you can send them something like

    4030000010001234 5100000010001004 or 6011500080009080

    They're all perfectly valid test credit cards. If they try to use them, one of two things will happen:

    1. It'll be on a really crappy website and it'll actually authenticate the payment, in which case they're ripping off a place that should be featured here
    2. More likely, it'll be rejected as a test on a live server. The transaction will be flagged as "suspicious", and hopefully so will their account. It might be much, but it might help shine a light on their illicit activities and make them easier to find later.
  • nB (unregistered) in reply to kennytm
    kennytm:
    Yep:
    From: Anon Y. Mous, ASP. To: Everyone Priority: High Subject: Comment Trolling Warning

    We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

    Here is an example of a recent trolling attempt:

        -------------------------------------------
    Subject: Re: Serious Fricken Bureaucracy

    Re: Serious Fricken Bureaucracy

    I pretty much function as technical support for my
    team, setting up things like start menu shortcuts and 
    icons. I have even written some useful programs that I 
    gave to the corporate support group. You get better 
    response from them if they know they owe you for giving 
    them free programs.

    I have heard NO complaints from them, so I am very 
    pleased with a rate of zero defects. Every time I ask 
    my friend in tech support how they are working out, he 
    gets a big smile and says they are working perfectly.

    Here are some examples of programs I have written for 
    our technical support group:

    ud.exe - this goes up a directory, so instead of typing 
        "cd.." you can simply type "ud"

    ud2.exe - this goes up TWO directories at once, so it 
        is like doing ud twice.

    ud3.exe - this goes up THREE directories at once (you 
        get the picture by now I hope).

    mkdirrandom.exe - makes a new directory with a random 
        name, using a random number generator I wrote (I 
        adapted the code someone posted on this site).

    regall.exe - this recursively searches your hard drive 
        for all DLLs and runs regsvr32.exe on each one so 
        everything will work again if a DLL registration 
        gets messed up.

    backupall.exe - this backs up all exes, dlls, ocxs, and 
        tmp files in case you need to restore your 
        computer. It puts them in a folder called 
        C:\backupall. 

    (end of trolling example)
    -------------------------------------------

    Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

    When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

    If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

    Thank you,

    Anon Y. Mous, ASP. Chief Sarcasm Officer

    ok, you are a retard because: <drum roll>
1) cd ..
2) cd ..\..
3) cd ..\..\..
4) mkdir wqeipjfwvoefi
5) that's not very a good idea.
6) 'system restore'

"he gets a big smile and says they are working perfectly"=="nod and smile at the retard"
    I think #4 should be:

    md %RANDOM% (at least on Win boxes)

  • (cs) in reply to nB
    nB:
    kennytm:
    4) mkdir wqeipjfwvoefi
    I think #4 should be: md %RANDOM% (at least on Win boxes)
    No, the problem is that wqeipjfwvoefi was clearly generated by a human typing.

    The right answer is: 4) md 1xr2pdceglees2s61a45nh3oe7dx7nmi66a6xkf

    That was generated by a series of coin flips, and guaranteed to be random!!

    http://forums.thedailywtf.com/forums/p/9836/179015.aspx#179015

  • Kuba (unregistered) in reply to Chris
    Chris:
    The stupid person, even with all the phishing training in the world, can't "spot" a place where someone is outsmarting them. You can't teach someone to not be outsmarted.

    You've nailed it, Chris. Couldn't agree more. That's also one of the reasons why so many people voted Bush for the second term.

  • Kuba (unregistered) in reply to MrsPost
    MrsPost:
    This is sadly common. I swear if you sent out an e-mail that said:

    Do NOT send us this information:

    • User name
    • Password

    you would get any number of responses.

    People don't read the e-mail. They scan it, see that there is a list of values to be provided, and send them. They don't read the text of the message. Especially if it's a dense block of text prior to the tidy little list.

    The biggest problem is that people somehow vindicate their non-reading of "long" text by (choose one or more options):

    1. It takes too long (and how long will it take you to untangle the mess you've got yourself into?)
    2. They have better things to do (see above)
    3. They can't understand "legalese" anyway (reading comp, anyone?)
    4. You are not supposed to read that stuff anyway (which is why we are in a credit mess) ...

    I am generally sorry for the wicked minds which raise such "arguments" (and those in similar vein).

    Cheers, Kuba

  • Kuba (unregistered) in reply to Ty
    Ty:
    The better way is to actually request their information and then revoke their systems access for 1 day. When they call us, you say

    "We phished your login information, which will now be change and re-issued to you in a card. We will periodically send you this request, and if you respond, we will revoke your systems access for 1-3 days, depending on when we feel like bringing it back up and when we do we'll issue you a new login and pass. This is for your own saftey and to teach you NEVER to give out your login and password, especially to us!"

    This is actually a great idea. I'm dead serious. Otherwise people will never learn. It's like with small children -- either you give them timeout/take their "treats" away/whatnot, or they just pretend nothing happened...

  • Warlord (unregistered)

    Dear students,

    Again I must emphasize you should never send any information via email. Doing so may result in illegal activity.

    At campus security, we will actively scan for your private information and protect you.

    Please acknowledge your receipt and understanding of this email by filling out the form below:

    Name (first, last): Social security number: Date of Birth: Mother's maiden name: Drivers license number: Checking account routing number: Checking account number:

    Thank you, and remember to surf safe,

    -Hackz0rs

  • Kuba (unregistered) in reply to dave
    dave:
    rd:
    Two questions: how do I include the entire text of a long post in my short reply and how do I go up four directories?
    1) it appears solved 2) ud3 & ud

    Udders?

  • Mark Jonson (unregistered)

    In my community's local school district, the tech coordinator sent an example email to all staff almost identical to this one instructing staff and teachers to never send their username and password to anyone via email. Later that day I encountered one of the staff who complained of having a problem logging on. Turned out they were trying to reply to the email by filling in their username and password in the original message. Having to explain the intention of the email turned out to be quite difficult.

  • (cs) in reply to curtmack
    curtmack:
    I don't know why, but my college gets phished once every few weeks or so. The mailserver is pretty good at detecting mass spam attacks and (here's the evil part) stops acknowledging e-mail sent from that sender. This means that the would-be spammers get inundated with Postmaster errors from their own messages. Instant karma.

    What makes you think the incoming message comes from a fully functional and standard MTA? The zombie just goes on to the next, maybe even logging the bad receiving server and moving on to a new server.

  • The Great Quux (unregistered)

    Sorry I'm late folks, I hope my account didn't get deleted... ok here it is:

    Username: PhishFan Password: YouEnjoyMyself12-9-95 (one of the best YEMs ever, complete with a silent jam in the middle, from the raging Fall '95 tour)

  • Ricky (unregistered)

    username: licensed password: 123

    (anyone who remember this will win a free dinner with the Irish girl)

  • (cs)

    You sometimes wonder how those people manage to not forget to breathe during the course of their day, slip on their own saliva, hit their head on the edge of the table and die, and most of all how absolutely terrifying the future is.

  • Pingmaster (unregistered) in reply to rd
    rd:
    Yep:
    From: Anon Y. Mous, ASP. To: Everyone Priority: High Subject: Comment Trolling Warning

    We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

    Here is an example of a recent trolling attempt:

        -------------------------------------------
    Subject: Re: Serious Fricken Bureaucracy

    Re: Serious Fricken Bureaucracy

    I pretty much function as technical support for my
    team, setting up things like start menu shortcuts and 
    icons. I have even written some useful programs that I 
    gave to the corporate support group. You get better 
    response from them if they know they owe you for giving 
    them free programs.

    I have heard NO complaints from them, so I am very 
    pleased with a rate of zero defects. Every time I ask 
    my friend in tech support how they are working out, he 
    gets a big smile and says they are working perfectly.

    Here are some examples of programs I have written for 
    our technical support group:

    ud.exe - this goes up a directory, so instead of typing 
        "cd.." you can simply type "ud"

    ud2.exe - this goes up TWO directories at once, so it 
        is like doing ud twice.

    ud3.exe - this goes up THREE directories at once (you 
        get the picture by now I hope).

    mkdirrandom.exe - makes a new directory with a random 
        name, using a random number generator I wrote (I 
        adapted the code someone posted on this site).

    regall.exe - this recursively searches your hard drive 
        for all DLLs and runs regsvr32.exe on each one so 
        everything will work again if a DLL registration 
        gets messed up.

    backupall.exe - this backs up all exes, dlls, ocxs, and 
        tmp files in case you need to restore your 
        computer. It puts them in a folder called 
        C:\backupall. 

    (end of trolling example)
    -------------------------------------------

    Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

    When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

    If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

    Thank you,

    Anon Y. Mous, ASP. Chief Sarcasm Officer

    Two questions: how do I include the entire text of a long post in my short reply and how do I go up four directories?
    that's silly. no-one goes up FOUR directories!

  • John Beaner (unregistered)

    Wow, now THAT is pretty scary isnt it? Wussup with people now days?

    Jess http://www.Ultimate-Anonymity.com

  • Ricky (unregistered) in reply to John Beaner
    John Beaner:
    Wow, now THAT is pretty scary isnt it? Wussup with people now days?

    Jess http://www.Ultimate-Anonymity.com

    thank you, mr. spammer i'll add your product to my personal never-ever-buy-no-matter-how-awesome-they-say-it-is list

  • Zdenek (unregistered) in reply to PIercy

    Actually, the paper does not claim that there is no correlation, just that they did not find any. Given the size of their study (22 persons) and the way they recruited the participants (getting volunteers for $15), that is not all that surprising.

  • (cs) in reply to Technical Thug
    Technical Thug:
    If your mail server bounces mails back to senders, you lose at Internet.
    Bouncing is something else than rejecting the message with 5xx error - if my e-mail server refuses to accept a message with 5xx error, it'll be the sending server that would generate the bounce - if it's capable of that (spambots aren't, and if there's a legitimate e-mail server on the other side, it's that server's fault for relaying the spam in the first place).

    I've seen mailboxes crushed under a pile of NDRs myself (first time it happened to me was in 2001, when I was still on dial-up) - but around 95% of these were from antivirus gateways helpfully informing the "sender" that the message was infected.

  • The Troll (unregistered) in reply to KenW
    KenW:
    Dirk Diggler:
    You might want to check that backupall.exe program because if you lose the C drive you won't be able to restore them.

    You might want to check and realize that you're responding to a trollish joke post made here weeks ago that was used here for humor.

    Also, you might want to learn enough about the proper behavior on the internet forums to know that you don't quote 100+ lines of text to add a single line comment, unless you're a total moron.

    Thanks for playing the "Am I Smarter Than An Internet Troll?", hosted by Alex P. and Jake V. Now, face the camera and tell the world, "No, I am NOT smarter than an internet troll."

    All I gotta say: self-pwned And now, face the camera and tell the world, "No, I am NOT smarter than an internet troll."

  • Dino (unregistered) in reply to curtmack
    curtmack:
    I don't know why, but my college gets phished once every few weeks or so. The mailserver is pretty good at detecting mass spam attacks and (here's the evil part) stops acknowledging e-mail sent from that sender. This means that the would-be spammers get inundated with Postmaster errors from their own messages. Instant karma.

    That's great, except most spammers don't use their actual e-mail addresses to send the spam. In fact, the From and Reply To addresses are usually spoofed. So the person who gets inundated with NDRs is most likely another innocent luser who has no idea where all the returned mail messages are coming from.

  • Jay (unregistered) in reply to Rob F
    Rob F:
    curtmack:
    I don't know why, but my college gets phished once every few weeks or so. The mailserver is pretty good at detecting mass spam attacks and (here's the evil part) stops acknowledging e-mail sent from that sender. This means that the would-be spammers get inundated with Postmaster errors from their own messages. Instant karma.

    Yes I wish that was the way the world worked.

    Unfortunately, valid spoofed e-mail addresses mean that unsuspecting people suddenly encounter thousands of postmaster errors in what has been named backscatter and the original spammer doesn't receive any kind of comeuppance. It is manifested by poorly set up mail systems that obsessively send auto-response messages without even verifying if the original e-mail address was bona-fide.

    I got several thousand emails like that a few days ago. Apparently a spammer used my email address.

    I periodically think that a fun thing to do would be to track down the real email of a spammer -- they must provide some means to contact them for the gullible idiots who actually want to buy their products -- and then post this information on a number of web sites, replicated many times. Get hundreds of sites to post the spammers email addresses. Provide an automated mechanism to keep the list updated. Then the other spammers automated trolling programs would find them, and start sending spam to the spammers. Maybe if we could get them tied up spamming each other, they'd burn themselves out.

  • Yep (unregistered) in reply to Jay
    Jay:
    Rob F:
    curtmack:
    I don't know why, but my college gets phished once every few weeks or so. The mailserver is pretty good at detecting mass spam attacks and (here's the evil part) stops acknowledging e-mail sent from that sender. This means that the would-be spammers get inundated with Postmaster errors from their own messages. Instant karma.

    Yes I wish that was the way the world worked.

    Unfortunately, valid spoofed e-mail addresses mean that unsuspecting people suddenly encounter thousands of postmaster errors in what has been named backscatter and the original spammer doesn't receive any kind of comeuppance. It is manifested by poorly set up mail systems that obsessively send auto-response messages without even verifying if the original e-mail address was bona-fide.

    I got several thousand emails like that a few days ago. Apparently a spammer used my email address.

    I periodically think that a fun thing to do would be to track down the real email of a spammer -- they must provide some means to contact them for the gullible idiots who actually want to buy their products -- and then post this information on a number of web sites, replicated many times. Get hundreds of sites to post the spammers email addresses. Provide an automated mechanism to keep the list updated. Then the other spammers automated trolling programs would find them, and start sending spam to the spammers. Maybe if we could get them tied up spamming each other, they'd burn themselves out.

    In a blaze of gory.. er.. glory.

  • Hmm (unregistered)

    These comments illustrate EXACTLY why developers should not be UI Designers.

    The original problem was NOT the users' fault, it was down to the layout of the original email. Usability studies (by Niesen et al) have shown that people do not read email newsletters/web pages word by word, rather, they scan. It is also well known that users do not read instructional text, rather they attempt to complete the task at hand first.

    Thus it is perfectly logicial that people would respond to the email, as it would have been from a trusted source, and the salient area requests a username and password.

  • OBA (unregistered)

    a story much like this happened at my university....

  • hoangphuong (unregistered)

    Welcome to 五島列島 Welcome to 水産加工 Come to 牡蠣 Come to きびなご

  • (cs)
  • (cs)
  • (cs)
  • (cs)
  • (cs)
  • (cs)
  • (cs)
  • freefallerTam (unregistered)

    A similar situation occurred at the university I work at (developing software for researchers). The admin took a slightly different approach though, and locked down the accounts of people who had returned their details, resetting their passwords only after making them visit him in person, to receive a rather stern verbal warning...

  • jgdr20 (unregistered)

    I'm sad to say my University had the same issue. I wept for the fate of mankind that day.

  • SomeName (unregistered)

    I see nothing wrong with ignoring certificate error - at least not in the way it is presented in the article. My line of thought would be: "okay, certificate is not correct so I won't enter any private information, but I want to / should see what is this page", clicks link in the email "aw shit, address looks wrong / suspicious, let's just leave".

  • hydroclorquin (unregistered)

    chloroquine malaria https://chloroquineorigin.com/# dosage for hydroxychloroquine

  • cialis price (unregistered)

    cialis 20mg https://cialiswithdapoxetine.com/

  • cialis online (unregistered)
    Comment held for moderation.
  • druntense (unregistered)
    Comment held for moderation.
  • Douglastab (unregistered)

    pharmacies en ligne certifiГ©es http://kamagraenligne.com/# pharmacie en ligne avec ordonnance

Leave a comment on “Go Phish”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article