Response to Phishing

Hi,

Recently a club member told me,

He responded to an email: Thinking it was from American Express > all data fields were supplied (SS, user ID etc) > after hitting 'Next' a maroon warning screen, appeared > he then closed the internet.

He asked me, am I compromised. I replied, "not sure, but to be safe I would notify credit bureau's & credit card companies."

The blocking entry maroon screen, I think was FF blocking.

Shutting down at "blocking site" did the personal information get past?

Or did FF warning & closing the bet save him from the scam?

If WOT came up, would the infor have gotten through?

 

It's hard to say. If the form was submitted to the non-blacklisted domain, and then redirected to the blacklisted domain, his information could very well be compromised. But if the form submitted to the blacklisted domain and Firefox/WOT shut it down before the info was POSTed to the server, it should be ok. Does he still have the link from the email?

In any case, he must assume that his information is compromised and do his best to protect it.

 

Java Dude,

I agree assume worst case scenario!

Could the former be determined by the link? If so I will ask if it can be forwarded to me?

Thanks
Rico

 

It could; just taking a look at the <form> action would reveal where it was being submitted to (assuming the phishing site hasn't been taken down yet).