Phish story

Boy howdy this one was good… but not quite good enough.

The back story – I am teaching a class on Content Management Systems. To help support the class, I registered several domains using the course name and number… cisy222.net, .us, .org, .com.

Getting ready for the class I went ahead and configured a multisite WordPress installation on cisy222.net (hosted here on the spareparts box). After deciding to use siteground.com as the freeware hosting supplier for the course (they offer 3 months’ free service for students) I then moved cisy222.us over to siteground.

In order to move the domain over to siteground, I had to change the authoritative nameservers to siteground (common limitation on low-end hosting), and that generated a routine alert message from the registrar.

So far, so good.

Then came the phish, a day later. Disguised as a status alert message from the registrar, this suggested that the nameservers were being changed for a different (but related) domain: cisy222.net. Yikes! So I went and signed in to the registrar (not using the convenient link in the email) and everything looked fine.

So I went back and studied the email a bit.

It was a phish.

But well-executed, Russian in origin, reasonably convincing, and I could see it being successful in many cases.

Don’t ever ever EVER click the link in an email without careful study first. 

Advertisements

One thought on “Phish story”

  1. I clicked on a link from an email to leave this comment. =) Phishing techniques have gotten much trickier to smell these days but you are giving sound advice to really analyze the email and do your own research. I am reminded of Jon Stewarts final words on his last day of The Daily Show where I will paraphrase and say, people — use vigilance. This also reminded me of a Radiolab episode on Darkode @ http://www.radiolab.org/story/darkode/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s