are you seeing lots of Yolasite(.)com phish links? I complained and got this response.

[Bob Bayn <bob.bayn () USU EDU>]

Maybe you can help me bring some pressure to bear, as I "threatened."  Do you blacklist all of Yolasite(.)com?

Bob Bayn    SER 301    (435)797-2396       IT Security Team
Office of Information Technology,     Utah State University
     three common hazardous email scams to watch out for:
     1) unfamiliar transaction report from familiar business
     2) attachment with no explanation in message body
     3) "phishing" for your email password
________________________________
From: Abuse [abuse () yola com]
Sent: Thursday, September 26, 2013 12:03 PM
To: Bob Bayn
Subject: Re: general question about use of your site for phishing forms



Hello Bob,

Thank you for your very informative letter.  We appreciate the communication, and will certainly pass it on and respond.


Regards,



The YOLA Abuse Team

abuse () yola com





The Yola Site and the Service is a free and/or paid-for service for businesses, organizations and individuals to create 
and grow a professional online presence. Yola reserves the right to terminate the service of any user that is in 
violation of our TOS, that does not use our Site and Service for its intended purpose, and/or for any or no reason. | 
Please review Yola's Terms of Service<https://www.yola.com/terms>. | Visit our Report 
Abuse<http://www.yola.com/report-abuse> page to report any site that violates these terms. | Thank you for helping us 
maintain a high standard of professionalism on the web!



===================================


Your request:
I've been playing whack-a-mole with phishers for a fair while now. First it was google spreadsheet forms and they 
finally added a password warning next to their submit button.

Next it was Webs(.)com. I would see several different forms a day. They got sick of my one-at-a-time abuse 
notifications and asked me to batch them up. I complained back that I wanted them to delete each one ASAP and not wait 
for more to accumulate while the phisher collected more victims. They began to take the problem seriously, partly 
because many locations (especially universities) blacklisted their whole domain. Now, I see relatively few phish forms 
hosted there, and they take them down quickly when I submit an individual complaint.

Then came jimdo(.)com. I'm still getting half a dozen or more a day of those. I know many schools blacklist that whole 
domain, too. They continue to be a problem.

But now yolasite(.)com is surpassing jimdo. You can tell from my recent messages that I'm seeing quite a few every day. 
And I know that some higher ed sites are blacklisting your whole domain, too.

Now comes the pressure, which I can probably bring to bear from more institutions than my own. What are you doing to 
detect this sort of mischief before I get the evil links forwarded to me by skeptical recipients here? I have been 
blocking each hostname locally when I report it to you, and I have been reporting it upstream to a service that passes 
it along to the blocklists for IE, Firefox and Chrome. But, as always, that all takes time and the phishers are 
apparently getting enough victims quickly that all of our blocking and takedown efforts don't dissuade them.

If you look over the hostnames that you have deleted in response to phish complaints, you can see the common themes and 
vocabulary (and misspellings) that should help you to detect hostnames that indicate evil intent even while the page is 
still being built and tested. Is any of that effort going on there?

The stakes have gone up for us in higher ed because phishers are no longer content to use the login credentials for 
access to email accounts and further spamming. They are now exploring the higher ed hosts to see what else those same 
credentials will access. One recent discovery (not here, thankfully) is that they can sometimes change an employees 
direct deposit information AND use the email access to intercept the email confirmation message for that change.

Help us out here. Improve your reputation with our constituency (and others like email users in K12, health care 
industries, government, non-profits, small business and hey that's nearly everybody).

Forward this up your management chain and let's see if I get an informative response.

Thanks for your time and, like I tell everyone else around here, for being an Internet Skeptic!

Bob Bayn SER 301 (435)797-2396 IT Security Team
Office of Information Technology, Utah State University
three common hazardous email scams to watch out for:
1) unfamiliar transaction report from familiar business
2) attachment with no explanation in message body
3) "phishing" for your email password

Emailed from: bob.bayn () usu edu



[https://c.na10.content.force.com/servlet/servlet.ImageServer?id=015F0000001OxRF&oid=00DA0000000JYna]

[http://na10.salesforce.com/servlet/servlet.ImageServer?oid=00DA0000000JYna&esid=018F000000ACQfi]