Identity theft site?

Post by **FlyingPenguin** » Sat Mar 30, 2002 7:34 am

Somebody emailed me this link. Sure looks like blantant identity theft to me (needless to say DON'T enter any accurate information): http://www.brunching.com/toys/mrtname.html

---------------
EDIT

Well it LOOKS like a gag - the source code seems to indicate they're not doing anything with the personal info, still rather curious that the only way I could see the source was to save the site to my drive (which alters the source).

I can't see the source by viewing the source in the browser - it comes up blank, like they're trying to hide something.

What you guys think? We're such sheep, I wonder how many people fill it all in?

DocSilly · Post by **DocSilly** » Sat Mar 30, 2002 8:16 am

I have no problem viewing the source in Mozilla and IE6.0 ... though I have no idea what the FORM ACTION="/cgi/mrtname.cgi" METHOD="post" script will do besides spitting out some random word.

Zyph · Post by **Zyph** » Sat Mar 30, 2002 12:21 pm

I have a feeling FP is right, esp when asking for SSN and mother's maiden name (and no e-mail).

I loaded it in IE6 and the source displayed fine. but my source says: FORM ACTION="/cgi/mailpage.cgi" METHOD="post"
Which would e-mail someone that information with the following secretly added to the e-mail:

NAME="title" VALUE="The Mr. T Name Generator"
NAME="url" VALUE="http://brunching.com/toys/mrtname.html"

So honestly, I think someone is trying something. Wonder how many people have fallen for it?

Post by **FlyingPenguin** » Sat Mar 30, 2002 12:23 pm

The interesting this is that clicking on View->Source in IE shows a blank page - that HAS to be on purpose.

I viewed the source code by saving the page.

The form doesn't do anything - all the variables for the form entries are undefined- so it appears harmless. But I'm puzzled as to why they're trying to hide the source.

And as you point out, unless you can look at the source for the CGI script, there's no way of knowing what it's actually doing.

PreDatoR · Post by **PreDatoR** » Sat Mar 30, 2002 2:30 pm

I entered some bogus stuff into that hit the button and it said my Mr T name was Fool.... someone needs to report this site to the Feds as a repuatable place would never ask for you SSN.

tyler_durden · Post by **tyler_durden** » Sat Mar 30, 2002 2:49 pm

reporting it won't really get anywhere. plus, if you are stupid enough to enter the info, then you prolly deserve it.

but, i do have a better idea, write a script to generate false data. You flood their info with false data, they won't know the difference. its not that hard.