Gone Phishing

Gone Phishing. Back at noon...ishWhen I woke up this morning I found a PayPal phishing scam in my email. Now, of course I get these on a daily basis just like the rest of the world but I usually don’t see them because they go straight to my junk folder. This particular email, however, had a special aura about it because it was sitting right in my precious inbox. So being the curious cat that I am, I decided to go take a look at the quality of the scam. To my surprise, this wasn’t the normal, obvious fake form that most people spot with the naked eye upon first sight… no, no, no friends and neighbors. This guy was obviously skilled in the dark side of the web development force. This scam would be the one that your grandmother fell for without a second thought; the one that your, somewhat Internet savvy, cousin wouldn’t catch until it was too late; the one that you yourself might only catch half way through populating the form with your life history.

So, of course, I couldn’t just let this stand. I fired up my Linux box and went backdoor hunting on the machine running the mock-up form but in the end, I turned up nada. Most likely, our phisherman was not the owner of this machine. He probably found some poor, unsuspecting guys unsecured box and had his own dirty way with it. But...If our phisherman got in remotely, either I’m getting rusty or he covered the hole well. I personally like to believe the latter.

Determined that it wasn’t over, I was trying to find another way and all of the sudden the skies opened up, a ray of light shone down on my web server and a harmonious voice called out in song, “ahhhhhhhhhhhh”. (I think I even saw a rainbow at one point). Then out of nowhere, the voice turned to a grumbling, drunken growl and said, “HEY STUPID! *hiccup* Just copy the form and put it to better use *hiccup*. “Why not!”, I exclaimed. (This was about the time that I realized I was talking to myself) I’ve done it plenty of times before but I was awake all those times. So I inhaled a bowl of Lucky Charms and got to it.

I started digging through the guy’s code and pulled his form out of a not-so-well-hidden I-frame and saved it on my web server as a trusty ol’ ColdFusion file under the brilliant name of “getajob.cfm”. Man, I’m clever… Then I called upon one of my favorite UDF, randStr, to generate some useless data with which to populate the new form. I began generating random first and last names, CVV numbers, PIN numbers, expiration dates, email addresses and of course, some very believable, 16 digit credit card numbers. Thanks to a recent project I did; I have a database full of every state, county, city and zip code in the United States so I also pulled random cities, states and zips to populate that portion of the form.

At this point, I had a form structure identical to the phisherman’s form. Only, my form was pre-populated with completely random, useless data every time the page was refreshed. Not to mention, I didn’t have to write an action page for the form to submit to. I’d like to take this opportunity to thank the considerate phisherman for taking care of the action template and allowing me to, so easily, utilize it for my own intentions. I set the action attribute of the form tag to his action template’s full URL and opened the form up in a browser. After I submitted it a couple of times to make sure the form was doing what I had anticipated, it was time for some automation.

I fired up MacroExpress (Don’t ever leave home without it!) and created a macro to harness the processing power of my surrounding, unoccupied PC’s. Three separate computers (plus, my firend's computer was added to the mix later on), all with the same macro, have been continuously adding random data records to the phisher’s precious database. As of the time of this writing, the total number of records that the macro had added was just over 15,000. I only wish I could see the guy’s face when he opens up his honey pot to find it full of crap!!.

There are no similarities in the data I’ve added so there will be no easy way to separate my records from any unsuspecting user’s real information. We already know the guy is lazy or he’d have a job rather than trying to rip off hard working, honest people. My bet is that he’ll just trash the database rather than sort through it. He’ll most likely setup shop again and start collecting new data but who knows; maybe he’ll be kind enough to send another email invitation my way when he gets that one setup as well.

Now, half of you are saying, “Cool! I’m going to go try that.” And the other half are saying, “That’s way too much work for a retaliation to a single scam.”. Actually, it wasn’t much work at all. I invested all of 20 minutes into getting the form setup and writing the macro to take care of the rest. The best part is that it’s reusable. 95% of the forms these scammers use are forms they’ve actually copied from PayPal or EBay (or wherever it is). So the forms are the same for the most part. The next time I get a similar phishing scam in my precious inbox, the odds are that the form fields will be identical. All I’ll have to do is change the action attribute of the form tag to the new scammer’s action template, and voila! It will be adding mounds of useless information to his database too!

There’s nothing stopping half of you from doing the same thing I’ve done with this guy’s database. PayPal makes money on every fraud claim you file so I wouldn’t expect any drastic changes in their security measures anytime soon. (I’ll save that rant for another article) Maybe the next time I do this, I’ll let the process go all the way through the final redirect to PayPal before starting the loop over. How could they avoid checking into 15,000+ failed login attempts from the same referring site every day?

Recently Added Photos

Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff Angie and I headed to New Jersey for Monster Mania Con 19 this year We had a blast met lots of people and bought lots of stuff