Phisherman's friend: Confused hacktivists deface FAKE BANK SITE

Maybe Anon can be provide a useful servcie after all

If they start taking on spammers and botnets and phishing site and like, then this would be a very valued service to the rest of us.

You can't beat script kiddies for an unintentional laugh

Though its about time a new word other than "hacker" was used , since they're nothing more than online vandals using tools written by other people. They wouldn't recognise a proper hack if it slapped them around the face with a copy of the dummies guide to hacking.

There's just so much to laugh at here.

There's the fact that they did it. Then there's the much funnier fact that they bragged about it. But the biggest laugh is that when it boils down to it these berks consider themselves more tech savvy than the rest of us, but got conned by a half arsed phishing scam that was years out of date.

FAIL just isn't a big enough word. We need a new one.

"The whole incident illustrates the difficulty banks face in identifying and seeking the takedown of counterfeit sites, some of which rely on exploiting confusing about a bank's genuine online location."

Sometimes there is "confusing" about a bank's genuine online location within the bank's own staff (or external marketing bods).

Take Natwest, for example.

A client company uses Natwest Bankline, and I also have access to it.

I usually log into it by visiting www.natwest.com, clicking on the "Business" tab, then on the link for Bankline. From the moment I click on the "Business" tab I am on the subdomain www.business.natwest.com, and remain on that domain while logged into Bankline.

I always assumed that it was the same for the client. However, sometime last year he had trouble reaching the bank, and asked me to look at his computer, wondering if there was something wrong with it.

It turned out that he was typing Natwest into Google, and following the first link - which was to www.nwolb.com - and my first thought, because I didn't recognise the domain as being Natwest's own, was that he'd found himself on a phishing site.

It turns out I was wrong, and nwolb.com is genuinely one of Natwest's domains, but I got a bit ranty about it. In my view, banks are not helping when people fall for phishing scams if their online presence isn't sitting on a straightforward domain that doesn't so much include the bank's name, but rather is their name. Natwest's online presence should be on natwest.com (and other TLDs), HSBC's online presence should be on hsbc.com (and other TLDs), etc.

I commented about this, amongst other places, on Twitter.

The reply I got from the Natwest Business Twitter bod(s)? Something like "natwest.com is our product information website, nwolb.com is for online banking."

I pointed out that I access their online banking via natwest.com (adding that they'd missed the point anyway).

Didn't get a reply.

As for the computer, it was just having a bad hair day.

I don't see why this was actually unintentional. The "we're watching you" quote sounds like intentional to me; as if they actually wanted to target the phishers themselves. The Owned and Exposed group is notorious for going after malware and credit card fraudsters as well, is this also unintentional?

Yorkshire Building Society isn't a banking institution, it's a - duh! - building society.