| View previous topic :: View next topic |
| Author |
Message |
Scott_Hollingsworth
Sergeant
Premium Member
Joined: May 09, 2006
Posts: 116
Location: USA
|
 Posted: Sun Apr 27, 2008 2:54 pm Post subject: Certegy class action settlement web site Irony |
|
|
http://www.datasettlement.com/ non-malicious valid site.
The above URL is what I had typed in from the Parade magazine Certegy class action notice advertisement. The home page is fine except for a few minor Firefox layout incompatibilities.
If you follow one of the links to check the database: http://www.datasettlement.com/check_database.html you are presented with a webform rendered within an iframe. The issue here is the form is asking for information which should be submitted only to a verified recipient but the page is not using SSL. Should I have found this site/page from an e-mail link it would definitely smell like a phish. Ironically, the information required to check the database is the very same information the class action lawsuit is about. So somebody in the class has an opportunity to have their information re-exposed. Somebody not part of the class has a new opportunity to expose their information. Sounds like some job security for class action lawyers specializing in data loss.
That is all the further the average consumer should have to analyze and determine the site unsafe for entering the requested information.
The same pages are delivered if you manually request SSL use by typing in https: so SSL certificates are available. But one or two are improperly implemented.
I stopped analysis at that point. I had already concluded bad data protection practices are being followed.
Apparently, the only viable means of contact provided is a snailmail address. The toll free number is "informational only" and "does not connect to a live operator".
|
|
| Back to top |
|
 |
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2887
|
| Posted: Mon Apr 28, 2008 1:54 am Post subject: Re: Certegy class action settlement web site Irony |
|
|
| Scott_Hollingsworth wrote: | | "does not connect to a live operator". |
I love that phrase, though I have to admit having used it myself. It makes me envision this type of operator:
http://www.fastmoneyaustralia.com.au/SKELETON%20MAN.bmp
|
|
| Back to top |
|
|
saintau
Trooper
Joined: Jun 15, 2007
Posts: 15
|
| Posted: Tue Apr 29, 2008 12:46 am Post subject: |
|
|
lol where on earth did you find that site Alpha..
It looks like Mule scam all over ahahaha..
|
|
| Back to top |
|
|
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2887
|
| Posted: Tue Apr 29, 2008 1:21 am Post subject: |
|
|
I found it through the miracle of Google images. I was actually looking for a line drawing everyone around here has on the walls of their offices with a skeleton covered with cobwebs on hold for tech support, but I could only find this.
Everytime I see one of these get rich quick by filling out forms schemes I wonder if the spammers really beat the Blogspot captchas or whether they hire people like the owner of this site to type them in all day. 
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
