Update 2016-03-08
This phish is eventually down. Thanks to all. However a phish that stayed active for 15 days is a red flag that something is amiss with abuse handling procedures. Hopefully this will be a cause for some introspection at Godaddy
The dog has decided to join a must-fall cause and is asking you to support the cause, but with a twist.
You are being asked to report a phish to Godaddy via their form.
Why?
The industry average for a phish take-down is currently something between 48 to 72 hours, that's two to three days.Of late South Africans have been subjected to ongoing phishing attacks. Many of you have probably seen a notice from some South African bank in your email you probably do not even deal with. The security community has been silently fighting these, reporting them, ensuring a cleanup is done.
However we have hit a snag - Godaddy!
Despite the industry average, Godaddy takes an unacceptable extraordinary long time to actually take down phishing sites.
The nkoliza.com example:
Domain nkoliza.com was registered 5 Feb 2016 and from day zero it was used for phishing. The domain was registered with invalid registration details. Further it was hosted at Godaddy as well. Godaddy was alerted to this abuse on the 5th of Feb as well. This phishing domain was only terminated on the 12th.Refer:
http://www.phishtank.com/phish_detail.php?phish_id=3811754
http://www.phishtank.com/phish_detail.php?phish_id=3813729
A week to take down a phishing website is simply not acceptable. In this time the phisher is spamming users and defrauding victims. This might be your father, mother, aunt, son or whoever receiving this phishing link that may inadvertently believe it, then be phished. It's ScamPup's contention that nobody deserves to be defrauded.
http://crafi.com.mx phishing - up for 14 days so far
If you believe that a week response time for a phish take down is bad, it gets worse - and why your help is needed.The website at http://crafi.com.mx is currently hosting a phishing website. Once again this website is hosted at Godaddy. To make matters worse, this website has been reported on the 22nd of Feb 2016 already!
Thus far the South African cyber community has been polite with abuse issues and Godaddy. Godaddy's response is that it will be attended to in due course. However it's been 14 days today that this phish has been up. This is simply not acceptable. If Godaddy feels so little for internet users as to expose them to this risk and abuse, we should let them know it's not acceptable.
The actual website appears to be a hacked Wordpress site belonging to a clinic in Mexico, apparently still under development.
The phish is at: hxxp://crafi.com.mx/copyfnb-nopey2016/copyfnb-fred/mainmenu2016/continue1.php
Refer: http://www.phishtank.com/phish_detail.php?phish_id=3850136
Forcing issues a bit reveals the badness:
You are requested to report this phish at https://supportcenter.godaddy.com/AbuseReport by clicking on the Phishing link, then selecting I wish to report a website that is posing as another website and supplying the details for the phishing page.
Let's send a message to Godaddy: we do not wish to be the targets of phishing, they should be more responsive to phishing incidents and we object to this situation having developed in the first place.
Thank you for your support.
#PhishMustFall
