Online vigilantes are taking matters into their own hands, and defacing some phishing sites to warn off the naive, a U.K. Web monitoring firm said Thursday.
According to Netcraft, a phishing site that posed as PayPal.com was recently defaced with a page created using the open-source OpenOffice application suite. The page read "WARNING -- THIS WAS A SCAM SITE" and "site killed courtesy of sickophish."
Another phishing site that imitated NatWest Bank, was also recently defaced. This site's home page was replaced by one attributed to The Lad Wrecking Crew, a group that Netcraft said had been involved in earlier defacements. The group even maintains a Web site with 11 Windows wallpaper designs that can be slapped over hijacked phishing sites. The wallpapers have titles such as "Scammer Terminated" and "Fake Bank Down."
"Phishing sites are commonly hosted on compromised Web servers, where lack of security allows fraudsters to access machines and upload phishing content," Netcraft noted in a statement. "If a fraudster exploits these security weaknesses without securing the machine, then online vigilantes are just as likely to exploit the weaknesses to replace the fraudulent content."
Although Netcraft noted that defacing a site, even a phishing site, is at best, "questionable," it went on to say "so far it's reasonable to assume that only the fraudsters themselves have been disadvantaged."