So yesterday I received a suspicious sms message with standard phishing speil asking to follow a link and renew a subscription to well known app.<p>Out of interest I followed the link to see how the attack would work, and before I knew it I had discovered that the attacker had left directory listings enabled on their server!<p>After looking through the PHP used to perform the scam, I could see that the results of the form victims are asked to fill out were being emailed to the attacker, and logged into a text file on the server. I just want to stress this is all publicly available if you know the url, not behind any kind of authentication.<p>After looking at the log file I could see that this scam was very and active and very effective. New entries were being added throughout the day including credit card and bank information. At this point I realised it was probably time to inform the police, and after many many painful hours I finally had a report logged.<p>Its now been 24 hours and I can still see the scam is active and collecting real peoples' details, the majority of whom are elderly.<p>What should I do? It feels wrong just to sit here and watch these people lose their details while the UK police take their time figuring out what a zipfile is. It would be very easy to disrupt the scam by flooding it with fake data. Good or bad idea?
Much of this sounds like a standard phish kit. Unfortunately I don't think the police can do much. Often you can actually find the perpetrator's info, but they're in Nigeria where nobody cares.<p>First of all, I'd report the site to Google Safe Browsing and to PhishTank:
<a href="https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en" rel="nofollow">https://safebrowsing.google.com/safebrowsing/report_phish/?h...</a>
<a href="https://www.phishtank.com/" rel="nofollow">https://www.phishtank.com/</a><p>Once Chrome starts blocking the site, that will stop the bleeding. The contact the host and domain registrar, if possible. If the phish kit is piggybacking on a WordPress site (very common), find the person who owns that site and message them if you can.
Its a hazardous menace affecting almost all Internet powerful nations of the world. If you are attacked, probably you won't be able to do much now and just wait for them to do something for you. I think the cyber cell will take care, it takes time but you'll get solution lately. From next time the first and the foremost you should do is to steer clear of spams and e-mails which are from suspicious senders. Read about the Cyber Plague..<a href="http://gotowebsecurity.com/cyber-phishing-attack/" rel="nofollow">http://gotowebsecurity.com/cyber-phishing-attack/</a>