SPAM, credit card numbers, what would you do?

[ted klugman <tedklugman () yahoo com>]

So I get a piece of SPAM that advertises a "how to
make money on eBay" book. For kicks, I go to the
website (hosted in Asia, of course)

(Aside -- the website includes a gimmick where if you
"buy by midnight on (today's date), save 50%". Change
the date on your PC, and the offer gets extended to
THAT day)

I check out the order form, which a) isn't secured
with SSL, and b) submits the information to a
different website. So I go there to muck around and
see what there is (again, hosted in Asia)

Lo and behold, I look at the root of said website, and
I get a directory listing:

submit.php
orders.txt

And as you can probably guess, orders.txt contains --
ORDERS. Names, addresses, phone numbers, and CREDIT
CARD NUMBERS. Dozens of them.

So I got to thinking... what should I do here?

a) Nothing. It's not my problem.
b) Notify the provider who hosts the submission page
c) Send e-mails to all the morons who tried to buy
this "product" (their e-mail addresses are readily
available, next to their credit card numbers), letting
them know that they are morons and this is why they
shouldn't buy products advertised in SPAM.
d) Something else

I chose option a.

What would you do?

(What would Brian Boitano do?)

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html