This is going to take a bit to explain. I periodically go through my junk folder looking for phish to report. Today I had three from "PayPal". The first contained a standard man-in-the-middle link, directing me to the legitimate PayPal site but routing the packets through a foreign server. I traced the IP to a webhost in the Netherlands. I reported it and moved on. The second was identical in content, right down to the grammatical and spelling errors, but the link traced to a university in China. I've had limited success reporting these things to the Chinese, so I decided to let hotmail handle it. The third was again identical, this time tracing to a webhost in Canada.
It's the middle one that puzzles me. If it had been three commercial sites, I'd be impressed by the diligence of the phisher for spreading his sites so far apart, but I can't figure how he got an account on an edu site in China. All I can think is either they're getting so lazy that they just clone each other's emails or we have a Chinese student so stupid that he's willing to urinate in his own pond. I find neither of those scenarios particularly convincing. Any other ideas? How does a phisher get an account on an educational server in, of all places, China?
Tags: