• (cs) in reply to me
    The system is optimised for: Windows Microsoft Internet Explorer 5.5, 6.0 and 7.0, Windows Netscape 7.1 and 7.2, Windows AOL 9, Windows Firefox 1.0 and Macintosh Safari.
    Possibly the best part.
    me:
    TRWTF: IE7, which renders the "text source" as HTML.
    I'm convinced IE is designed to be as insecure as possible.

    Attempt 11. No, that's not a typo, it's a new record. This bug is TRWTF. Bad enough when it took up to 3 attempts. You'd think a site about bad code would be coded at least well enough to function. There also hasn't been a new comment in a while yet, so I'm guessing I'm not the only one it's broken for.

  • synp (unregistered)

    Yeah, like the contractor the government hired to make the real form is any better.

    Their effort is measured in LoC, as is their pay.

  • computerfreaker (unregistered)

    There are two real WTF's here. First, the JavaScript code is called "irs_reporting.js", but everything else points to a refund from the UK. Next, as soon as somebody turns off JavaScript or uses NoScript, all the "validation" goes down the toilet. hmm, I wonder how many headaches we could give that phisher if we all grabbed NoScript (I've already got it) or turned off JS, then started pouring fake CC numbers down his throat? }:)

  • Lee K-T (unregistered) in reply to Botia
    Botia:
    1234? That's the same combination as my luggage!

    I'm a Maug, Half-man, half-dog. I'm my own best friend!

  • icke (unregistered) in reply to SCSimmons
    SCSimmons:
    a victim of facilisis:
    No. I was a Microsoft Access application developer. :(

    FTFY

  • wtf (unregistered) in reply to Scarlet Manuka
    Scarlet Manuka:
    me:
    TRWTF: IE7, which renders the "text source" as HTML.
    No, TRWTF is expecting a valid HTML file not to be rendered as HTML just because the extension has been changed.

    No, it's nothing to do with the extension. The Mime type is text/plain, so it should not be rendered as HTML. IE7 is a WTF.

  • (cs)

    Actually I liked the all the references to "document.logonForm.pin"... which doesn't exist...

  • a victim of facilisis (unregistered) in reply to icke
    icke:
    SCSimmons:
    a victim of facilisis:
    No. I was a Microsoft Access application developer. :(

    FTFY

    Wow. How did you manage to fuck up the quoting?

  • plasmab (unregistered) in reply to Anonymous

    agreed! Keep it production.

  • shk (unregistered) in reply to Bluesman

    Do now and win sense of humour in big win loterry!

    Thanking you and most kindest regards,

    Sir Bobbleton Thacklewaite Rutherford King of Banking, Moldoverra Prince of Whales Loiyer to King Adababababababblewabble of Congo

  • shk (unregistered) in reply to Bluesman
    Bluesman:
    Anonymous:
    I'm not going to waste my time picking holes in phishing code. There has always been a rule here on TDWTF that if it's not in production it's not a WTF. Otherwise every 14 year old's personal home page would be up here as an example of bad code, which is hardly appropriate. Phishing code is no different - it's not production quality, it's not designed for production and it's not in production so it shouldn't be on TDWTF.

    Just my 2p (and my 2nd submit attempt)

    Fair enough.

    Captcha: iusto - Iusto love her, but it's all over now

    Just enter your Credit Card number and Pincode here and we'll refund you your 2p.

    Do now and win sense of humour in big win loterry!

    Thanking you and most kindest regards,

    Sir Bobbleton Thacklewaite Rutherford King of Banking, Moldoverra Prince of Whales Loiyer to King Adababababababblewabble of Congo

  • Norris (unregistered)

    I like the way he has added an icon in case anybody adds his site as a favourite.

    <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /</pre>
  • Steve the Cynic (unregistered) in reply to dwilliss
    dwilliss:
    gus:
    Anotehr glitch on the web page:

    It says "enter a credit card number to which 354.33 will be debited."

    Shouldn't it say "Credited"?

    Actually, the wording I saw was:

    Please enter your exactly credit card information where the 327.54 GBP will be debited.

    Nice English there. I think it should be "credited" too. Even if it's a credit card (as opposed to a debit card), it's a credit to the card holder. Or rather, it would be if it wasn't a scam.

    Another odd thing I saw was that it apparently includes the css and some images from irs.gov even though it pretends to be from the UK. They probably had a US one first.

    It's worse than that: accepting unsolicited credits on your credit card can be a really bad idea. I once had to get a credit limit increase so that I could buy something that was £400 or so over the clear limit. I could have just made a "payment" in advance to move the balance to a suitable level in my favour, but they recommended against that on the grounds that it would be picked up by their system as money laundering...

  • repeat of other posts (unregistered) in reply to Scarlet Manuka
    Scarlet Manuka:
    me:
    TRWTF: IE7, which renders the "text source" as HTML.
    No, TRWTF is expecting a valid HTML file not to be rendered as HTML just because the extension has been changed.
    Extension means nothing, the Content-Type is what counts.

    And that is: Content-Type: text/plain

  • (cs)

    What I find funny is that in attempting to replicate a webpage for the British tax agency, they steal the CSS files (and bandwidth) from the American tax agency.

  • (cs) in reply to Steve the Cynic
    gus:
    Anotehr glitch on the web page:

    It says "enter a credit card number to which 354.33 will be debited."

    Shouldn't it say "Credited"?

    Actually, "debited" is the correct, if non-standard term.

    "credit" is what you own, "debit" is what you have.

    When a bank says "You have a credit on your account", they really mean "WE have a credit on our account with you; you have a debit on your account with us"

  • Robert (unregistered) in reply to computerfreaker

    I always try to poison their list by providing very fake information.

  • (cs)
    dumb phishers:
    if(DisplayAllOkayMessage == "y" || DisplayAllOkayMessage == "Y" )

    Booleans are overrated. What's really 1337 is using strings as booleans.

  • Quirkafleeg (unregistered) in reply to grammer nasty
    grammer nasty:
    Mathematicians have proved that 3529 is the only safe pin. Bugger! We'd better move to 5-digits.
    How many of us would pick 78962?
  • Quirkafleeg (unregistered) in reply to Scarlet Manuka
    Scarlet Manuka:
    me:
    TRWTF: IE7, which renders the "text source" as HTML.
    No, TRWTF is expecting a valid HTML file not to be rendered as HTML just because the extension has been changed.
    No; it's hiding one (badly-configured servers) with another (assume that text/plain should really be something else), thus breaking some valid uses such as this.
  • (cs) in reply to grammer nasty
    grammer nasty:
    Mathematicians have proved that 3529 is the only safe pin.

    Well, not anymore! Nice going!

  • Jeremy (unregistered)

    Based on prior phishing sites that I've had to clean out of various servers - their javascript code is most likely actually copied from the bank that they're trying to mimic.

  • mort8104 (unregistered)

    if ((input_char < "0") || (input_char > "9"))

    Well, at least my PIN number ABCD was accepted. My friend has a bad habit of choosing simple PINs though, so his 1234 failed.

    CAPTCHA: veniam

    I do not eat green eggs and ham. I do not like them, Ven-I-am.

  • distineo - I make distinctions (unregistered) in reply to lolwtf
    Attempt 11. No, that's not a typo, it's a new record. This bug is TRWTF. Bad enough when it took up to 3 attempts. You'd think a site about bad code would be coded at least well enough to function. There also hasn't been a new comment in a while yet, so I'm guessing I'm not the only one it's broken for.

    TRWTF is that we are still hanging around and putting up with the forum sw.

  • Anonymous (unregistered) in reply to lolwtf
    lolwtf:
    Attempt 11. No, that's not a typo, it's a new record. This bug is TRWTF. Bad enough when it took up to 3 attempts. You'd think a site about bad code would be coded at least well enough to function.
    Yesterday I gave up trying to post after 20 attempts. Shame, my comment was probably awesome and hilarious.
  • Design Pattern (unregistered)
    here's a link to a local copy of the page so, preserved as it was originally.

    ... and it contains:

    United Kindgom

    http://www.urbandictionary.com/define.php?term=gom

    In Ireland a Gom is a fool. It comes from the Irish gamallóg, I imagine. That man's a total gom.
    United kind goms?

    CAPTCHA: delenit Please enter your exactly credit card information where the 327.54 GBP will be delenited.

  • fda (unregistered)

    Dofus Kamas|Prix Moins Cher Dofus Kamas|Kamas par allopass|Dofus kamas audiotel|Dofus kamas par telephone sur Virstock.com

    Meilleur prix www.virstock.com dofus kamas stock de www.virstock.com dofus kamas

    Prix moins cher www.virstock.com dofus kamas vente www.virstock.com dofus kamas sur www.virstock.com

    www.virstock.com/jsp/comments.jsp dofus kamas vente www.virstock.com

  • John Nagle / SiteTruth (unregistered)

    PhishTank has picked this up as a phishing page. See

    "http://www.phishtank.com/phish_detail.php?phish_id=923374"

    This automatically puts the entire domain "thedailywtf.com" on the SiteTruth blacklist at "http://www.sitetruth.com/reports".

    We follow PhishTank in this. If you can convince PhishTank it's not a real phishing page, the domain comes off the blacklist.

    Have a nice day.

  • John Nagle / SiteTruth (unregistered)

    PhishTank has picked this up as a phishing page. See

    "http://www.phishtank.com/phish_detail.php?phish_id=923374"

    This automatically puts the entire domain "thedailywtf.com" on the SiteTruth blacklist at "http://www.sitetruth.com/reports".

    We follow PhishTank in this. If you can convince PhishTank it's not a real phishing page, the domain comes off the blacklist.

    Have a nice day.

  • C (unregistered) in reply to Scarlet Manuka
    Scarlet Manuka:
    me:
    TRWTF: IE7, which renders the "text source" as HTML.
    No, TRWTF is expecting a valid HTML file not to be rendered as HTML just because the extension has been changed.
    No, TRWTF is you expecting your browser to take these kinds of decisions for you.

    PS Don't blame only 7, IE6 is rendering it too.

  • C (unregistered) in reply to C

    Correction, i should have investigated further... :-|

    The setting is at: Options -> Security -> Custom -> Miscellaneous: "open files based on content, not file extension"

Leave a comment on “Phishing for a Refund”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article