NEWS FROM THE LAB - Monday, October 8, 2007

How Gullible Can You Get? Posted by Mikko @ 08:53 GMT

Most of the new phishing we see is done with phishing kits, like the Rock Phish kit.

But every now and then we run into "old skool" phishing. Like the site we're looking at today, servicecenter-us-eu.dk. This domain was registered to Mr. "Asger Trier Bing" in Copenhagen three weeks ago. Quite surprisingly, the site is even hosted in Denmark.

When visiting the front page of the site, you get redirected to a standard PayPal phishing site. Once you log in (with any credentials), you get redirected to a page for some "additional security checks".

Now, take a look at the list of questions they're asking.

It's quite astonishing that anybody would be gullible enough to go through the full form and type in all the required information. Like your e-mail password? Your father's day of birth? Your PIN? Then again… somebody will fall for this. Someone always does.

Huge PayPal Phish

Sorry for the big screenshot. The site has been reported and should be down soon.

Editor's Note: The registrant noted above, Mr. Bing, is the victim of identity theft.