Here’s an interesting site that turned up in an unexpected place. I was looking through a list of likely Proxy Avoidance sites, and one turned out to be a “false positive” — it was a Phishing site, targeting Hotmail (Windows Live) logins:
It gets interesting because you can see the name of the file in our logs that’s being uploaded, onto the phishing server, and you can download that file and see all of the logins it has phished. There are about 760 victims so far…
–A.S.
[Additional notes: This is a nice example of a trend we noted a couple of years ago: namely, the phishers are as likely to target a social networking or e-mail login these days as they are to go after banking logins. As for the downloaded victim list, it’s worth noting that there is a considerable amount of duplication — i.e., many victims submitted their data two or three times in a row. Also, several of the entries appear to be bogus data — i.e., the would-be victim recognized that this was a malicious site, and entered garbage data to annoy the phisherman. Still, there were enough legitimate accounts that it was worth a quick look to see how many of them were using weak passwords… Of the 760 logins, there were 24 that used “123456” (or “123456789”), and 2 that used “password”. Sigh. Many others weren’t quite as obvious, but would still be considered “weak”. Encouragingly, a good number were using passwords that I considered to be strong, although that doesn’t help you keep your data safe if you turn around and enter that strong password on a phishing page… –C.L.]
Leave a reply
