Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 26-05-2008, 11:39   #7213
Florence
Inactive
 
Florence's Avatar
 
Join Date: Jun 2003
Services: The wonders of Sky TV BT line and Aquiss.net ADSL cable dies on 5th RIP VM.
Posts: 4,004
Florence has a bronzed appealFlorence has a bronzed appeal
Florence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appealFlorence has a bronzed appeal
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
This was taken from the bottom of the about webwise on BT website
For further information please go to www.BT.com/webwise
You would think you were going t a folder inside BT's BT.com domain but if you click or right click and select copy link you end up

http://www.webwise.bt.com/webwise/index.php

So BT are redirecting you to the phishing site knowing that you might accidently fill in details to contact them from that site thinking you are still on a BT website.

---------- Post added at 11:39 ---------- Previous post was at 11:20 ----------

Just fired another email off to Emma she read the last one but not replied.

Quote:
Hello Emma

While looking over the webwise information I noticed the link to get further information link below
For further information please go to www.BT.com/webwise

While to the normal BT visitor/customer this will say they are staying inside BT's network or control when infact you are redirecting them to
http://www.webwise.bt.com/webwise/index.php

This has a contact us page that isn't the same as BT's the domain name has been registered and hosted in America on a hosting company that is in the top ten for hosting phishing websites.
At lunch time yesterday this domain resolved to
So they are now resolving to the US again:

(Asked whois.arin.net:43 about +207.44.186.90)

OrgName: ThePlanet.com Internet Services Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US
ReferralServer: rwhois: //rwhois.theplanet.com: 4321
NetRange: 207.44.128.0 - 207.44.255.255
CIDR: 207.44.128.0/17
OriginAS: AS13749 AS13884 AS21844 AS30315
OriginAS: AS36420
NetName: NETBLK-THEPLANET-BLK-EV1-9
NetHandle: NET-207-44-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET

It has also been resolving to
Fasthosts in Gloucester UK:

There is nowhere in your pages where you warn your customers not to put information into this website as it isn't hosted by you or owned by you.
They decide to contact you while on that website they are giving their personal details to the phorm company outside the EU.

What will BT be doing to protect these customers from falling into this phish trap?

Regards
Kits

Copy of email to be posted on forums with information on any replies this is due to the nature of the information being stored on none BT servers outside of the EU and BT control.
To anyone who has filled in the contact us on that site you have just given Phorm your personal details outside of the EU and on an american hosted website I should complain to BT for them not informing you that they redirected you to a domain that looked like it was theirs but wasn't and outside their domains and control.
Florence is offline