This started from me reading criticism of Firefox’s “weak phishing filter” and the results I came across certainly weren’t what I anticipated.

Nice to run across you, Tim. Welcome to my RSS feeds.

Sorry to spoil the fun!

Tim

I’ve made the url non-clickable as I don’t want an actual link on this site.

Tim

http : //bankofamerica.com.wowtnc.com/cgi.bin/sso.login.controllernoscript=true/
sessiondid=2335454893_Secured152388884&Update/

Going directly from Firefox it’s reported as phishing. IE does not.

You’re correct, I got to it via the directory listing. IE is not reporting the directory listing either.

Now I’m thinking it’s just a matter of the time between you’re report and my finding it and hopefully it’ll get reported as a phishing site promptly. To me, at least, this is indicating that the idea of a heuristic scan based on “bank pin” and “account number” etc. etc. might be a very useful tool.

At least until the next escalation..

- Mark

I’m surprised too. I’ve just been back to the site and IE7 still reports it to me as a phishing site. Maybe a temporary glitch in Microsoft’s phishing check server?

No… I think I may have it. When you put in the partial url, you don’t get the phishing page. You get (at the time of writing) an apache directory listing. The phishing page is listed; it has the curious name “sessiondid=233545489..”.

If I go to the actual page, both IE7 and FireFox report it. But if I go to the directory listing, FireFox reports it, IE7 does not. Is that the difference here?

Tim

I’m a sysadmin and I’m experimenting today trying to beat my users to the punch by exploring phishing sites.

I’m happy to see you’ve done the heavy lifting Tim. But when re-enacting your experiment here, I took what URL was visible and entered it into the address bar for IE7 and Firefox. Now, I had to do some drilling down to get to the root webpage – please understand this is a “rough and ready test” while I’m experimenting.

Since you’d reported it, I thought it would be a sure bet to be reported as a phishing site. But IE7 let me through as your original test. Firefox / Google did report it as a phishing site.

I’ve reported the page I encountered and I’m also waiting for it to get reported.

I read the on phishing which gave me an overview but it’s left me wanting more..

I’m curious: Is this going to be a battle of escalation where small changes are invalidating the phishing filter? Or has the page been reported in Google and I’m only half way through the life-cycle?

This isn’t what I was expecting. I thought it would be universally reported as a phishing site. I’ll stay in touch and keep you up to date with my findings.