Quote:
Originally Posted by AlexanderHanff
Here is some more info:
The IP is registered to:
Clearly, that contact form seems to touching Phorm's equipment somewhere along the line. This needs addressing.
A lookup on what the "References" header is reveals this:
This pretty much paints the whole scene. The email you got from BT is a reply to an email sent by a web site owned by Phorm (ww3.phorm.com) which confirms that the form you submitted was done on a Phorm server.
Angry does not even begin to describe how this makes me feel, especially given that BT have out and out lied in their response to this issue.
Alexander Hanff
|
Good. I was hoping for a smoking gun.
The moderator response when we had our phishing row about webwise.bt.com on Beta forums was
http://www.beta.bt.com/bta/forums/me...ID=23304#23304
"
Before you start to send emails to the moderators and our abuse team about this, http://webwise.bt,com isn't a phishing site. It's merely a part of BT.com that is hosted on a different set of servers, much like bt.custhelp.com which is hosted on Right Now's servers in California. Right Now's servers also handle all of the traffic in the "Contact Us" section of BT.com just like the form on the Webwise site and with a similar level of security for handling details like your account numbers.
Sending us lots of emails reporting this will delay the abuse team from dealing with genuine reports of phishing sites so I'd appreciate it if you didn't.
Thanks"
I've emailed him directly to ask for an explanation and said that I submitted the form after his reassurance that this was an internal site and that if my details have been compromised then I hold BT responsible on the basis of his official advice.
This is now the second bit of documented evidence we have of communications through that site ending up in Phorm's hands.
What next? - I'm all fired up and ready to go!