phased wrote: > look dont bother reporting these there are hundreds everyday, no one gives a > shit
Well, actually, many people do care. For one, there are those at the targeted organizations concerned that their "good name" is being further besmirched and confidence in their irganization being further eroded. There are law enforcement folk actively tracking some of the major fraudsters behind some of these scams. There are the folk at the ISPs, etc hosting the fraudulent sites concerned with improving the security of their systems (recently many of the phishing scam sites have been hosted on boxes compromised through awstats, PHP Gallery, phpBB and similar vulns and many of these boxes are at hosting services where it is the service's responsibility to provide and update those services). However, despite the existence of all these possibly interested folk, Full-Disclosure is not the right, or even a _useful_, place to report such things. As you and others have pointed out, there are literally dozens to hundreds of these every day (I have received about a dozen PayPal and various bank phishing scam messages at this address in the last few days and if anything that is down slightly from the norm). There are organizations like the Anti-Phishing Working Group where you can report ocasional phishing spams. More dedicated "anti-phishers" will have their own preferred mechanisms. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
