Hacker Dan should really post a big notice on the main site to alert anyone (if any) who doesn't read their email or browse the forums.
Edit: Just realized how stupid I sound. If they didn't read their email, how would they get the phishing attempt?
Computer Science Canada ATTN: DWITE Email |
| Author: | manitoba98 [ Sun Nov 11, 2007 11:46 pm ] |
| Post subject: | ATTN: DWITE Email |
Has anyone else received this email (303 people in the To field, presumably all of the DWITE participants): Quote: hi guys tis is Dan unfortunatly sumon ganed control of dwite.org and we ned to setup a new siet for teh upcmoing dwite contset on wednsday i wil ned yuor dwite.org accnot naes and passwords if you wnat to participtae on the contets on windsday sory for the inconventence, Dan Unless it is confirmed otherwise (by someone more connected with DWITE than myself), [b]DO NOT TRUST THIS MESSAGE[b]. Its veracity is highly doubtful, especially considering the request (asking for dwite.org usernames and passwords? please...). The site appears to be fully intact, and the email appears to originate from an imposter (the From address is dwitecontest@gmail.com. I'm not sure if that's the actual address, just spoofed, or an illegitimate email, but it doesn't really matter). Most likely, the participant addresses were simply farmed from the DWITE site programmatically (why are they public, anyways?). Unless the real DWITE administrators can verify this information, I highly recommend against compliance. Thank you.[/quote] |
|
| Author: | Tony [ Sun Nov 11, 2007 11:49 pm ] |
| Post subject: | RE:ATTN: DWITE Email |
This is most definitely fake. |
|
| Author: | manitoba98 [ Sun Nov 11, 2007 11:51 pm ] |
| Post subject: | Re: ATTN: DWITE Email |
Of course it is. I'm just putting it here in case any na?ve participants fall for it. There's been plenty of discussion (using Reply All) for all to hear, but I think this is probably a better place for such discussion. A programming contest is probably the least likely group of people to fall for such a simple phishing attempt (does it even warrant that title?). |
|
| Author: | Tony [ Mon Nov 12, 2007 12:01 am ] |
| Post subject: | Re: ATTN: DWITE Email |
manitoba98 @ Sun Nov 11, 2007 11:46 pm wrote: Most likely, the participant addresses were simply farmed from the DWITE site programmatically (why are they public, anyways?).
Also, the DWITE emails are JavaScript rendered -- they are not indexable, unless JavaScript is executed first, and have the result spliced in. |
|
| Author: | manitoba98 [ Mon Nov 12, 2007 12:06 am ] |
| Post subject: | Re: ATTN: DWITE Email |
I didn't realize that they were, but that's trivial to remove. (Write a simple script that scans the boilerplate JS for the escaped/crypted version, then undo it yourself. A few minutes work, tops. We are, after all, a crowd of programmers.) |
|
| Author: | Tony [ Mon Nov 12, 2007 12:08 am ] |
| Post subject: | RE:ATTN: DWITE Email |
I realize that. Though I'm surprised that anyone would put effort into mining all the emails, yet followup with such a poor execution of an email. |
|
| Author: | manitoba98 [ Mon Nov 12, 2007 12:09 am ] |
| Post subject: | Re: ATTN: DWITE Email |
Meh, who knows. You get all kinds on the Internet. Unless you think this person went to the trouble of manually entering 303 email addresses by hand? |
|
| Author: | manitoba98 [ Mon Nov 12, 2007 12:11 am ] |
| Post subject: | Re: ATTN: DWITE Email |
Hacker Dan should really post a big notice on the main site to alert anyone (if any) who doesn't read their email or browse the forums. Edit: Just realized how stupid I sound. If they didn't read their email, how would they get the phishing attempt? |
|
| Author: | Nick [ Mon Nov 12, 2007 12:18 am ] |
| Post subject: | RE:ATTN: DWITE Email |
of all the sites to phish the sender chose DWITE kinda weird seeing how anyone actually caught in the phish could either talk to Dan or Tony or simply create a new account |
|
| Author: | Mazer [ Mon Nov 12, 2007 8:52 am ] |
| Post subject: | Re: RE:ATTN: DWITE Email |
momop @ Mon Nov 12, 2007 12:18 am wrote: kinda weird seeing how anyone actually caught in the phish could either talk to Dan or Tony or simply create a new account
Except that now someone has their password. Would the type of person who uses the same password for email/facebook/dwite/compsci.ca seem like the type to not question an email like this? I can imagine a few people falling for it. |
|
| Author: | Dan [ Mon Nov 12, 2007 9:45 am ] |
| Post subject: | RE:ATTN: DWITE Email |
Can some one who got one of thess e-mails post the ful e-mail header. |
|