This is going to take a bit to explain. I periodically go through my junk folder looking for phish to report. Today I had three from "PayPal". The first contained a standard man-in-the-middle link, directing me to the legitimate PayPal site but routing the packets through a foreign server. I traced the IP to a webhost in the Netherlands. I reported it and moved on. The second was identical in content, right down to the grammatical and spelling errors, but the link traced to a university in China. I've had limited success reporting these things to the Chinese, so I decided to let hotmail handle it. The third was again identical, this time tracing to a webhost in Canada.<br />
<br />
It's the middle one that puzzles me. If it had been three commercial sites, I'd be impressed by the diligence of the phisher for spreading his sites so far apart, but I can't figure how he got an account on an edu site in China. All I can think is either they're getting so lazy that they just clone each other's emails or we have a Chinese student so stupid that he's willing to urinate in his own pond. I find neither of those scenarios particularly convincing. Any other ideas? How does a phisher get an account on an educational server in, of all places, China?<br />
Hmm. Thank you, cotojo. That makes a bit more sense than anything I could come up with. I'll have to research it. Now I wish I'd saved the IP.<br />
<br />
It's the middle one that puzzles me. If it had been three commercial sites, I'd be impressed by the diligence of the phisher for spreading his sites so far apart, but I can't figure how he got an account on an edu site in China. All I can think is either they're getting so lazy that they just clone each other's emails or we have a Chinese student so stupid that he's willing to urinate in his own pond. I find neither of those scenarios particularly convincing. Any other ideas? How does a phisher get an account on an educational server in, of all places, China?<br />
Hmm. Thank you, cotojo. That makes a bit more sense than anything I could come up with. I'll have to research it. Now I wish I'd saved the IP.<br />