Response to Phishing

Discussion in 'malware problems & news' started by Rico, Feb 8, 2013.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Hi,

    Recently a club member told me,

    He responded to an email: Thinking it was from American Express > all data fields were supplied (SS, user ID etc) > after hitting 'Next' a maroon warning screen, appeared > he then closed the internet.

    He asked me, am I compromised. I replied, "not sure, but to be safe I would notify credit bureau's & credit card companies."

    The blocking entry maroon screen, I think was FF blocking.

    Shutting down at "blocking site" did the personal information get past?

    Or did FF warning & closing the bet save him from the scam?

    If WOT came up, would the infor have gotten through?
     
  2. java dude

    java dude Registered Member

    Joined:
    Aug 5, 2011
    Posts:
    75
    It's hard to say. If the form was submitted to the non-blacklisted domain, and then redirected to the blacklisted domain, his information could very well be compromised. But if the form submitted to the blacklisted domain and Firefox/WOT shut it down before the info was POSTed to the server, it should be ok. Does he still have the link from the email?

    In any case, he must assume that his information is compromised and do his best to protect it.
     
  3. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Java Dude,

    I agree assume worst case scenario!

    Could the former be determined by the link? If so I will ask if it can be forwarded to me?

    Thanks
    Rico
     
  4. java dude

    java dude Registered Member

    Joined:
    Aug 5, 2011
    Posts:
    75
    It could; just taking a look at the <form> action would reveal where it was being submitted to (assuming the phishing site hasn't been taken down yet).
     
Loading...
Thread Status:
Not open for further replies.