Hello, everyone. Today I'd like to make a little proposal. I'd like to form a little taskforce to combat the recent phishing problem. An "Anti-Phishing Guild", if you will. No more spreading "awareness", no more complaining to Square, we'll deal with the problem ourselves.
"Hah," I say you mutter to yourself, "what are you going to do, send a bunch of tickets to Square? Like that'll work!" And you're right... that hasn't been working. Square hasn't been doing a very good job of dealing with the problem. But I know something that DOES work, something you can help with. Let me explain.
One day, like many of you, I was sitting alone in my apartment in the Goblet when I got in in-game DM from someone.
"Square cannot do this update", yadda yadda, you know the drill, followed by a link that looked like a forum link.
Thankfully, I realized it was a phishing scam. Remembering a video I saw on YouTube once, I booted up PyCharm and started to write a quick little python script, one that would spam the website with an endless stream of fake usernames and passwords.
You're probably wondering if this even works. The answer is... I would assume so, considering the reaction it gets! If I happen to do this while they're paying attention, eventually I get a 403 error, which means they've blocked me. To this day my home IP address is blocked by their servers, so I have to be a bit creative to get around that. Sometimes, mere moments after I start messing with them, they go through the trouble of completely changing URLs to the scam. Sometimes, the site even goes down completely for extended periods of time!
Right now, the biggest obstacle to my continued scammer-trolling efforts is the fact that when they change URLs, I have to either wait for the scammers to contact me in-game, or start a lengthy proccess of finding their new URL. This is where you guys come in!
All I need is people to tell me the URL of any phishing scams when they get them. If I had a wide enough network of people relaying this information to me, I theorize I could grind their operation to a complete halt. It'd be as simple as joining a Discord server and reporting a scam when you see one. Me (and anybody else with basic programming knowledge) can handle the rest.
So, how about it, anybody interested?
Continue reading...
"Hah," I say you mutter to yourself, "what are you going to do, send a bunch of tickets to Square? Like that'll work!" And you're right... that hasn't been working. Square hasn't been doing a very good job of dealing with the problem. But I know something that DOES work, something you can help with. Let me explain.
One day, like many of you, I was sitting alone in my apartment in the Goblet when I got in in-game DM from someone.
"Square cannot do this update", yadda yadda, you know the drill, followed by a link that looked like a forum link.
Thankfully, I realized it was a phishing scam. Remembering a video I saw on YouTube once, I booted up PyCharm and started to write a quick little python script, one that would spam the website with an endless stream of fake usernames and passwords.
You're probably wondering if this even works. The answer is... I would assume so, considering the reaction it gets! If I happen to do this while they're paying attention, eventually I get a 403 error, which means they've blocked me. To this day my home IP address is blocked by their servers, so I have to be a bit creative to get around that. Sometimes, mere moments after I start messing with them, they go through the trouble of completely changing URLs to the scam. Sometimes, the site even goes down completely for extended periods of time!
Right now, the biggest obstacle to my continued scammer-trolling efforts is the fact that when they change URLs, I have to either wait for the scammers to contact me in-game, or start a lengthy proccess of finding their new URL. This is where you guys come in!
All I need is people to tell me the URL of any phishing scams when they get them. If I had a wide enough network of people relaying this information to me, I theorize I could grind their operation to a complete halt. It'd be as simple as joining a Discord server and reporting a scam when you see one. Me (and anybody else with basic programming knowledge) can handle the rest.
So, how about it, anybody interested?
Continue reading...