Puzzling phishing scam?

D

DianeM

New Member
This is going to take a bit to explain. I periodically go through my junk folder looking for phish to report. Today I had three from "PayPal". The first contained a standard man-in-the-middle link, directing me to the legitimate PayPal site but routing the packets through a foreign server. I traced the IP to a webhost in the Netherlands. I reported it and moved on. The second was identical in content, right down to the grammatical and spelling errors, but the link traced to a university in China. I've had limited success reporting these things to the Chinese, so I decided to let hotmail handle it. The third was again identical, this time tracing to a webhost in Canada.<br />
<br />
It's the middle one that puzzles me. If it had been three commercial sites, I'd be impressed by the diligence of the phisher for spreading his sites so far apart, but I can't figure how he got an account on an edu site in China. All I can think is either they're getting so lazy that they just clone each other's emails or we have a Chinese student so stupid that he's willing to urinate in his own pond. I find neither of those scenarios particularly convincing. Any other ideas? How does a phisher get an account on an educational server in, of all places, China?<br />
Hmm. Thank you, cotojo. That makes a bit more sense than anything I could come up with. I'll have to research it. Now I wish I'd saved the IP.<br />
 
C

cotojo

New Member
To obtain an .edu site the applicant must apply directly to Educause and prove their status as an educational institution.

.edu sites are usually exclusive to the USA, but also in some countries, .edu.xx is an ordinary domain with no special significance and this may be the case in China.
 
You must log in or register to reply here.
Top