Your leaking thatched hut during the restoration of a pre-Enlightenment state.

 

Hello, my name is Judas Gutenberg and this is my blaag (pronounced as you would the vomit noise "hyroop-bleuach").



links

decay & ruin
Biosphere II
Chernobyl
dead malls
Detroit
Irving housing

got that wrong
Paleofuture.com

appropriate tech
Arduino μcontrollers
Backwoods Home
Fractal antenna

fun social media stuff


Like asecular.com
(nobody does!)

Like my brownhouse:
   how to collect credit card numbers with PINs
Sunday, August 10 2003
Today was the Sunday I discovered that there are no hardware stores open on Sunday in Saugerties. I desperately needed some romex clamps, but the closest I came to obtaining some was at one of those liquidator places that stays open on Sundays. The liquidators (who had set up shop in a beautiful old 19th Century factory - had some things that were pretty close to romex clamps - they had spools of romex wire, electrical tape, and even pipe clamps) but they didn't have what I'd come for. Neither did the mirror-façaded Price Chopper, the ugliest structure within walking distance of downtown Saugerties. It turned out to be nothing more than a supersized grocery store, the sort building codes should strictly prohibit.

The following content appeared today in my inbox as an HTML email message:


PayPal
Dear PayPal Customer

 

This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

The inactive customers are subject to restriction and removal in the next 3 months.

Please confirm your email address and credit card information by logging in to your PayPal account using the form below:

 

Email Address:
Password:
Full Name: 
Credit Card #: 
Exp.Date(mm/yyyy): 
ATM PIN (For Bank Verification) #: 


This notification expires September 31, 2003


Thanks for using PayPal!


Superficially, I was fooled into thinking this actually was a message from PayPal. It looked like other PayPal emails I've received, but what was this about asking me for my credit card number and PIN number? That seemed pretty suspicious. So I did a "view source" to see where the form intended to send my data. This is where:

http://www.paypal.com@pitstylehomepage.port5.com/000pp.php

Notice the use of an "@" in the URL. That's an old spammer trick to hide the true form's target, the part that follows the @. If I were to type my info into that form and hit "Log In," the information would go to pitstylehomepage.port5.com/000pp.php. As far as I can tell, port5.com is a free webpage provider, sort of like Geocities. Imagine someone filling that form out and sending their information to an anonymous web account! I'll bet a sizable fraction of the people receiving this email did just that. It only takes one or two to make the sending of this "social hack" spam an extremely valuable endeavor.


For linking purposes this article's URL is:
http://asecular.com/blog.php?030810

feedback
previous | next