Update 2016-03-08
This phish is eventually down. Thanks to all. However a phish that stayed active for 15 days is a red flag that something is amiss with abuse handling procedures. Hopefully this will be a cause for some introspection at Godaddy
The dog has decided to join a
must-fall cause and is asking you to support the cause, but with a twist.
You are being asked to report a phish to Godaddy via their form.
Why?
The industry average for a phish take-down is currently something between 48 to 72 hours, that's two to three days.
Of
late South Africans have been subjected to ongoing phishing attacks.
Many of you have probably seen a notice from some South African bank in
your email you probably do not even deal with. The security community
has been silently fighting these, reporting them, ensuring a cleanup is
done.
However we have hit a snag - Godaddy!
Despite the industry average, Godaddy takes an unacceptable extraordinary long time to actually take down phishing sites.
The nkoliza.com example:
Domain nkoliza.com was registered 5 Feb
2016 and from day zero it was used for phishing. The domain was
registered with invalid registration details. Further it was hosted at
Godaddy as well. Godaddy was alerted to this abuse on the 5th of Feb as
well. This phishing domain was only terminated on the 12th.
Refer:
http://www.phishtank.com/phish_detail.php?phish_id=3811754
http://www.phishtank.com/phish_detail.php?phish_id=3813729
A
week to take down a phishing website is simply not acceptable. In this
time the phisher is spamming users and defrauding victims. This might
be your father, mother, aunt, son or whoever receiving this phishing
link that may inadvertently believe it, then be phished. It's ScamPup's
contention that nobody deserves to be defrauded.
http://crafi.com.mx phishing - up for 14 days so far
If you believe that a week response time for a phish take down is bad, it gets worse - and why your help is needed.
The
website at http://crafi.com.mx is currently hosting a phishing website.
Once again this website is hosted at Godaddy. To make matters worse,
this website has been reported on the 22nd of Feb 2016 already!
Thus
far the South African cyber community has been polite with abuse issues
and Godaddy. Godaddy's response is that it will be attended to
in due course.
However it's been 14 days today that this phish has been up. This is
simply not acceptable. If Godaddy feels so little for internet users as
to expose them to this risk and abuse, we should let them know it's not
acceptable.
The actual website appears to be a hacked Wordpress site belonging to a clinic in Mexico, apparently still under development.
The phish is at: hxxp://crafi.com.mx/copyfnb-nopey2016/copyfnb-fred/mainmenu2016/continue1.php
Refer:
http://www.phishtank.com/phish_detail.php?phish_id=3850136
Forcing issues a bit reveals the badness:
You are requested to report this phish at
https://supportcenter.godaddy.com/AbuseReport by clicking on the
Phishing link, then selecting
I wish to report a website that is posing as another website and supplying the details for the phishing page.
Let's
send a message to Godaddy: we do not wish to be the targets of
phishing, they should be more responsive to phishing incidents and we
object to this situation having developed in the first place.
Thank you for your support.
#PhishMustFall
