UPDATE: It appears the site is offline now. The people listed below (and possibly others) still exposed their information to an unknown number of people and should take the necessary precautions. However, no new victims should be able to fall for this now.
Today I received one of those typical “Your PayPal account has been locked and you need to submit all your personal information to us to reset it” phishing emails. Because I’m a geek, I investigated it to see what it was trying to do with my info. I found that the submitted information was stored in a plain text file accessible to the general public. I found that 11 people had already submitted a bunch of their personal information (name, address, phone number, mother’s maiden name, date of birth, Social Security number, and credit card number). While submitting this to a phisher is bad enough, this phishing site is so simple that anyone with a little bit of technical knowledge can see everything that was submitted.
John Howard Sanden
Valerio Varela, Jr.
Horst Albert Gunter Kranz
Ann M Condit
Dr. P. Rory O’Neill
It appears you received an email that looked like this:
The attached form looked like this:
The information you submitted is now in the hands of scammers, as well as anyone savvy enough to examine the phishing email. At the very least, those credit card numbers should be cancelled immediately. Unfortunately, the rest of your info can’t simply be cancelled out like that. You should follow the advice at http://www.antiphishing.org/consumer_recs2.html for taking care of the compromised information.