My wife just told me about a “sneaky” phishing email she just received. I took a look at it, and it’s a phishing website that is collecting banking login names, passwords, as well as ATM card information. I took a minute to report it to the bank being spoofed, Heritage Bank. They already knew about it, but said their computer people were “out to lunch”. I took the liberty of checking DNS records to see who was hosting the website, and lo-and-behold, it was Yahoo!
I filed an abuse report on their website, and fired off a quick email to them, but 20 minutes later, the site was still up and running. I hadn’t even received an automated response to the abuse report! So I tried calling them. I called the phone number listed in the DNS information, which must have been the generic corporate number. Choosing “directory assistance” led to a friendly person on the other end. I asked for the “abuse department”, and she informed me that I’d have to speak to someone in “Customer Care”.
Tried calling that number, and a recording told me to send them an email to report the abuse. Nice. Called the corporate number again, and she referred me back to “Customer Care” again. I told her I was unable to reach a human at that number, and she gave me a code to dial, so I tried again. I ended up talking to someone who was in charge of “account security” (in other words - resetting passwords). He told me he couldn’t help, since it had nothing to do with him, but that I should be patient, because it might take a few days to investigate.
It only took me 2 minutes to complete MY investigation and determine that it was a phishing site. I can’t believe those jokers are just taking their time. I’d be willing to bet that phishers are targeting Yahoo as their web host, specifically because they know that it’ll take them hours, if not days, to get around to killing their account.