CapCal Goes on a Phishing Expedition

Last night I got an email from "AOL Member Services" urging me to "revalidate my account information" or my account would be suspended. I don't have an AOL account and even if I did I wouldn't be so stupid as to comply. Unfortunately there are enough naive people in the world (who may in fact be very intelligent) that will fall for it to make it worthwhile.

But since it was ASKING me to fill in a form with all my personal data (including SS#, credit card details, etc). I decide to comply a thousand fold!

That's right, I used CapCal to capture the POST of the form data and turned that into a single page session. Then I got busy running it in user volumes ranging from 10 to 1,000 and learned a lot in the process!

Here are the results of the last test I ran - 32 users for 20 minutes. You can see that the AOL phishermen (who hail from Denmark according to the .dk domain) received 4,051 responses during this time! With all the testing done earlier I'm sure the number exceeded 20,000 so I was glad to see the next morning the URL was down. One down, oh so many to go!

No comments:

Post a Comment