Wednesday, May 30, 2007

When phishing gets good

A few days ago I received an interesting email with subject "BBB Complaint for Fabrizio Capobianco". Wow, I thought, someone in the open source community complaining about me? What did I do?? The content of the email was:

Dear Mr./Mrs. Fabrizio Capobianco (Funambol)

You have received a complaint in regards to your business services.
Use the link below to view the complaint details:


Complaint Case Number: F9F137
Complaint Made by Consumer Mrs. Marcia E. Worthington
Complaint Registered Against: Fabrizio Capobianco of Funambol
Date: 05/14/2007/

Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:

Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:
  • Claims based on product liability;
  • Claims for personal injuries;
  • Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.

    The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.

    The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.

    © 2007 Council of Better Business Bureaus, Inc. All Rights Reserved

  • Now... an email with my name not misspelled is already a rarity... plus they did not misspell the name of the company. It must be legit, I thought... Nah, it can't be... We are open source, the code is open, who can complain? ;-)

    I was already googling Mrs. Marcia E. Worthington when I noticed that the links in the email were not pointing to the BBB web site. A phishing scam, very well done. I trashed the email.

    Apparently, the scam worked. 1,400 US executives clicked on the link... The authors of the scam sent this email only to executives after researching the web. It turns out the link installs a malicious post logger that transmits all information submitted through Internet Explorer to a website controlled by the attackers. It does not work on Firefox :-))

    Now, I stopped because I could not believe anybody could complain about an open source company (yeah, right!), what about the other 1,400 non-open source executives using Internet Explorer? Man, I would love to put my hands on that list!