Phish story

Boy howdy this one was good… but not quite good enough.

The back story – I am teaching a class on Content Management Systems. To help support the class, I registered several domains using the course name and number…, .us, .org, .com.

Getting ready for the class I went ahead and configured a multisite WordPress installation on (hosted here on the spareparts box). After deciding to use as the freeware hosting supplier for the course (they offer 3 months’ free service for students) I then moved over to siteground.

In order to move the domain over to siteground, I had to change the authoritative nameservers to siteground (common limitation on low-end hosting), and that generated a routine alert message from the registrar.

So far, so good.

Then came the phish, a day later. Disguised as a status alert message from the registrar, this suggested that the nameservers were being changed for a different (but related) domain: Yikes! So I went and signed in to the registrar (not using the convenient link in the email) and everything looked fine.

So I went back and studied the email a bit.

It was a phish.

But well-executed, Russian in origin, reasonably convincing, and I could see it being successful in many cases.

Don’t ever ever EVER click the link in an email without careful study first. 

One thought on “Phish story”

  1. I clicked on a link from an email to leave this comment. =) Phishing techniques have gotten much trickier to smell these days but you are giving sound advice to really analyze the email and do your own research. I am reminded of Jon Stewarts final words on his last day of The Daily Show where I will paraphrase and say, people — use vigilance. This also reminded me of a Radiolab episode on Darkode @

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s