Use access key #2 to skip to page content.

Gmail + Firefox = Phisher's dream

Recs

4

January 17, 2007 – Comments (2)

I'm always amused by the screams from the anti Internet Explorer camp about how much safer Firefox is than IE.

Phishing and identity theft are two of the most prevalent internet-enabled problems around today, and in contrast to the screamers' contention, the only browser on my system that does a decent job of protecting me from these scumbags is Internet Explorer.

Gmail has long proven to be unable to filter out phishing email (one attached below), which is pretty scary given just how "smart" everyone at Google is supposed to be. Several times a month, I get email purporting to be from some bank, or Paypal, or eBay, directing me to some random clone website and asking me for my login information. If I were as simple as most web users, I might actually fall for this, as Gmail does nothing to flag these messages as suspect -- not a single thing. And firefox -- the Google-coddled web browser, is completely happy to let me click right through to these scam sites again, with no warning whatsoever.

But a funny thing happens when I use bad old, "dangerous" Internet Explorer. When I click to these phishing sites, the IE phishing filter identifies them as scumbag sites. It already knows they're scams, and it alerts users accordingly.

This has been the way things have worked for several months now. The only thing I don't get is how the mainstream media out there gets off busting on IE all the time while giving Google and Firefox a free pass on this amazing vulnerability.

Well, not entirely true. I do get it. I've worked in newsrooms. Groupthink there is as thorough as in any corporation in the U.S., it's just that the bad guys are different. In newsrooms, you've got piles of people who consider themselves iconoclasts, freedom fighters sticking up for the little guy. As such, a product made by a big software compay MUST be the enemy.

Obviously, there's plenty of momentum (and its static pal, inertia) as well. So now that Google is as huge and evil as anything else, the fresh-face reporters out there who depend on it for "research" still believe it can do no wrong. And that kind of myopia colors reporting, which colors public perception, which, in turn, influences stock prices.

Appreciating such "wisdom" can give you a major edge in the stock market. When everyone thinks the same thing, you can be pretty sure no one is thinking much at all.

--------------------------------

SAMPLE PHISHING MAILS VIA OUR PALS AT GOOGLE

---------------------------------

NOTE: THIS MESSAGE IS NOW ABOUT 2 MONTHS OLD AND GMAIL IS STILL TOO STUPID TO REALIZE IT'S A PHISHING SCAM

Dear PayPal©member

You have recently updated your PayPal© account according to our standard security procedures.

Unfortunately the update procedure failed because some of the information you provided was incorrect.

Please take 5-10 minutes out of your online experience and update your personal records.

However, failure to update your records will result in account suspension.

To update your PayPal© records click on the following link: XXXXX [edit: removed by me. This was a fake paypal link hiding an unnamed background URL that appears to operate out of Ontario -- see record below]

Thank You.

PayPal© Service Department

Accounts Management As outlined in our User Agreement, PayPal© will periodically send you information about site changes and enhancements.

---------------------------------

Whois lookup on the IP address underlying the phishing link from the above message:

(This outfit appears to be hosting yet another iteration of the paypal phishing scam in a more recent email…)

OrgName: Rogers Cable Communications Inc.

OrgID: RCC-99

Address: One Mount Pleasant

City: Toronto

StateProv: ON

PostalCode: M4Y-2Y5

Country: CA

NetRange: 74.96.0.0 - 74.122.159.255

CIDR: 74.96.0.0/12, 74.112.0.0/13, 74.120.0.0/15, 74.122.0.0/17, 74.122.128.0/19

NetName: ROGERS-CAB-99

NetHandle: NET-74-96-0-0-1

Parent: NET-74-0-0-0-0

NetType: Direct Allocation

NameServer: NS2.YM.RNC.NET.CABLE.ROGERS.COM

NameServer: NS2.WLFDLE.RNC.NET.CABLE.ROGERS.COM

NameServer: NS3.YM.RNC.NET.CABLE.ROGERS.COM

NameServer: NS3.WLFDLE.RNC.NET.CABLE.ROGERS.COM

Comment:

RegDate: 2006-04-05

Updated: 2006-12-05

OrgTechHandle: IPMAN-ARIN

OrgTechName: IP MANAGE

OrgTechPhone: +1-416-935-4729

OrgTechEmail: ipmanage@rogers.wave.ca

# ARIN WHOIS database, last updated 2007-01-16 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

2 Comments – Post Your Own

#1) On January 19, 2007 at 1:08 AM, hlacheen (99.03) wrote:

That's odd.... gmail has warned me on basically every phishing email I have received (mostly ebay and paypal related.)

Report this comment
#2) On January 19, 2007 at 1:57 PM, TMFBent (99.81) wrote:

Got another one today in Gmail...

IE hadn't marked it as phishing yet either, but I reported it, so hopefully these German scammers are out of biz quick.

Report this comment

Featured Broker Partners


Advertisement