Re: are you seeing lots of Yolasite(.)com phish links? I complained and got this response.

[Keith Risinger <syskmr () NMSU EDU>]

We too block jimdo(.)com, there was just contant phish from them. I've 
not seen yolasite(.)com yet, but if they become a problem, will block 
them also. Especially
if there is not a quick link to report the site.
Thanks,
 Keith


On 9/26/2013 12:19 PM, Bob Bayn wrote:
> Maybe you can help me bring some pressure to bear, as I "threatened."  
> Do you blacklist all of Yolasite(.)com?
>
> Bob Bayn    SER 301    (435)797-2396 IT Security Team
> Office of Information Technology,     Utah State University
>      three common hazardous email scams to watch out for:
> /1) unfamiliar transaction report from familiar business
>      2) attachment with no explanation in message body
>      3) "phishing" for your email password/
> ------------------------------------------------------------------------
> *From:* Abuse [abuse () yola com]
> *Sent:* Thursday, September 26, 2013 12:03 PM
> *To:* Bob Bayn
> *Subject:* Re: general question about use of your site for phishing forms
>
>
> Hello Bob,
>
> Thank you for your very informative letter.  We appreciate the 
> communication, and will certainly pass it on and respond.
>
> Regards,
>
> The YOLA Abuse Team
>
> abuse () yola com
>
> /The Yola Site and the Service is a free and/or paid-for service for 
> businesses, organizations and individuals to create and grow a 
> professional online presence. Yola reserves the right to terminate the 
> service of any user that is in violation of our TOS, that does not use 
> our Site and Service for its intended purpose, and/or for any or no 
> reason. | Please review//Yola's Terms of Service/ 
> <https://www.yola.com/terms>/. | Visit our//Report Abuse/ 
> <http://www.yola.com/report-abuse>///page to report any site that 
> violates these terms. | Thank you for helping us maintain a high 
> standard of professionalism on the web! /
>
> ===================================
>
>
> Your request:
> I've been playing whack-a-mole with phishers for a fair while now. 
> First it was google spreadsheet forms and they finally added a 
> password warning next to their submit button.
>
> Next it was Webs(.)com. I would see several different forms a day. 
> They got sick of my one-at-a-time abuse notifications and asked me to 
> batch them up. I complained back that I wanted them to delete each one 
> ASAP and not wait for more to accumulate while the phisher collected 
> more victims. They began to take the problem seriously, partly because 
> many locations (especially universities) blacklisted their whole 
> domain. Now, I see relatively few phish forms hosted there, and they 
> take them down quickly when I submit an individual complaint.
>
> Then came jimdo(.)com. I'm still getting half a dozen or more a day of 
> those. I know many schools blacklist that whole domain, too. They 
> continue to be a problem.
>
> But now yolasite(.)com is surpassing jimdo. You can tell from my 
> recent messages that I'm seeing quite a few every day. And I know that 
> some higher ed sites are blacklisting your whole domain, too.
>
> Now comes the pressure, which I can probably bring to bear from more 
> institutions than my own. What are you doing to detect this sort of 
> mischief before I get the evil links forwarded to me by skeptical 
> recipients here? I have been blocking each hostname locally when I 
> report it to you, and I have been reporting it upstream to a service 
> that passes it along to the blocklists for IE, Firefox and Chrome. 
> But, as always, that all takes time and the phishers are apparently 
> getting enough victims quickly that all of our blocking and takedown 
> efforts don't dissuade them.
>
> If you look over the hostnames that you have deleted in response to 
> phish complaints, you can see the common themes and vocabulary (and 
> misspellings) that should help you to detect hostnames that indicate 
> evil intent even while the page is still being built and tested. Is 
> any of that effort going on there?
>
> The stakes have gone up for us in higher ed because phishers are no 
> longer content to use the login credentials for access to email 
> accounts and further spamming. They are now exploring the higher ed 
> hosts to see what else those same credentials will access. One recent 
> discovery (not here, thankfully) is that they can sometimes change an 
> employees direct deposit information AND use the email access to 
> intercept the email confirmation message for that change.
>
> Help us out here. Improve your reputation with our constituency (and 
> others like email users in K12, health care industries, government, 
> non-profits, small business and hey that's nearly everybody).
>
> Forward this up your management chain and let's see if I get an 
> informative response.
>
> Thanks for your time and, like I tell everyone else around here, for 
> being an Internet Skeptic!
>
> Bob Bayn SER 301 (435)797-2396 IT Security Team
> Office of Information Technology, Utah State University
> three common hazardous email scams to watch out for:
> 1) unfamiliar transaction report from familiar business
> 2) attachment with no explanation in message body
> 3) "phishing" for your email password
>
> Emailed from: bob.bayn () usu edu

--
Keith Risinger
ICT - Sr Systems Developer / Email Admin
New Mexico State University
575-646-1849
syskmr () nmsu edu
--