ATTN: DWITE Email

[manitoba98]

Has anyone else received this email (303 people in the To field, presumably all of the DWITE participants):

Quote:

hi guys tis is Dan

unfortunatly sumon ganed control of dwite.org and we ned to setup a new
siet for teh upcmoing dwite contset on wednsday

i wil ned yuor dwite.org accnot naes and passwords if you wnat to
participtae on the contets on windsday

sory for the inconventence,

Dan

Unless it is confirmed otherwise (by someone more connected with DWITE than myself), [b]DO NOT TRUST THIS MESSAGE[b]. Its veracity is highly doubtful, especially considering the request (asking for dwite.org usernames and passwords? please...). The site appears to be fully intact, and the email appears to originate from an imposter (the From address is dwitecontest@gmail.com. I'm not sure if that's the actual address, just spoofed, or an illegitimate email, but it doesn't really matter).

Most likely, the participant addresses were simply farmed from the DWITE site programmatically (why are they public, anyways?). Unless the real DWITE administrators can verify this information, I highly recommend against compliance.

Thank you.[/quote]

[Tony]

This is most definitely fake.

[manitoba98]

Of course it is. I'm just putting it here in case any na?ve participants fall for it. There's been plenty of discussion (using Reply All) for all to hear, but I think this is probably a better place for such discussion. A programming contest is probably the least likely group of people to fall for such a simple phishing attempt (does it even warrant that title?).

[Tony]

manitoba98 @ Sun Nov 11, 2007 11:46 pm wrote:

Most likely, the participant addresses were simply farmed from the DWITE site programmatically (why are they public, anyways?).

Also, the DWITE emails are JavaScript rendered -- they are not indexable, unless JavaScript is executed first, and have the result spliced in.

[manitoba98]

I didn't realize that they were, but that's trivial to remove. (Write a simple script that scans the boilerplate JS for the escaped/crypted version, then undo it yourself. A few minutes work, tops. We are, after all, a crowd of programmers.)

[Tony]

I realize that. Though I'm surprised that anyone would put effort into mining all the emails, yet followup with such a poor execution of an email.

[manitoba98]

Meh, who knows. You get all kinds on the Internet. Unless you think this person went to the trouble of manually entering 303 email addresses by hand?

[manitoba98]

Hacker Dan should really post a big notice on the main site to alert anyone (if any) who doesn't read their email or browse the forums.

Edit: Just realized how stupid I sound. If they didn't read their email, how would they get the phishing attempt?

[Nick]

of all the sites to phish the sender chose DWITE

kinda weird seeing how anyone actually caught in the phish could either talk to Dan or Tony or simply create a new account

[Mazer]

momop @ Mon Nov 12, 2007 12:18 am wrote:

kinda weird seeing how anyone actually caught in the phish could either talk to Dan or Tony or simply create a new account

Except that now someone has their password. Would the type of person who uses the same password for email/facebook/dwite/compsci.ca seem like the type to not question an email like this? I can imagine a few people falling for it.

[Dan]

Can some one who got one of thess e-mails post the ful e-mail header.