Hello,
I am living in France, and I would like to report a fishing attempt I get
from people using your portal as a trust tool.
Here is the resume :
- Hacker calls me on phone and tells me my computer is hacked.
To prove this, he proposes me to type: "validator" in Google
https://www.google.com/search?hl=en&q=validator
which leads to your website :
[image: image.png]
Then he asks me to type my email address in the field.
example :
[image: image.png]
And then to click the check button.
With any Gmail address, your web page returns a weird error page :
https://validator.w3.org/nu//accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1#
[image: image.png]
Then the caller tells me that if I see an error page my computer is hacked.
As I'm working in a web agency company and aware of your website, I
followed the steps.
But at that point, I said I will call the police, and the hacker quit the
phone call.
I imagine he would have tried to make me pay something or lead me to
download some sort of virus.
What concerns me, is that I think your website should better handle the
error case of an email address put in that field as it is the case for
toto@titi.com :
https://validator.w3.org/nu/?doc=http%3A%2F%2Ftoto%40titi.com%2F
Best Regards,
Romain.
--
--------------------
via Gmail
