Wednesday, November 24, 2004

Foiling phish

I received a phishing e-mail claiming to come from paypal.co.uk today. I looked at it because it claimed that some abnormal trading had been going on on my account.

Of course the site showed it's true IP address, which I thought I'd look up. It came from a machine in a co.uk domain, which was odd. I checked out the owner and it was a specialist in HPTC - an unlikely organised crime syndicate.

I telephoned their support number and got put through to their technical manager immediately once I'd stated the problem. Obviously, they were initially suspicious of me and my motives, but they investigated quickly (while talking to me on the 'phone) and foind out that an old Red Hat Linux 9 box had been compromised. They immediately stopped the webserver (thus foiling the phishers). I left them at that point to mop up.

I won't name them as they would clearly be embarrassed by being hacked and then (ab)used in this manner, but they were quick, decisive, clearly clued up and willing to listen which makes them a good company in my book.

They're probably still confused as to why I bothered investigating and them informing them but so am I. Just some communal, British sysadmin love-in I guess.

No comments: