- From: Romain C <romain.cuisnier@gmail.com>
- Date: Sun, 22 Nov 2020 01:30:28 +0100
- To: webmaster@w3.org, www-validator@w3.org
- Message-ID: <CABFhWZhKfU+jzXmxr6_r8sVeEjyzD9yKZH1AzE9xc7Uvv0F8qg@mail.gmail.com>
Hello, I am living in France, and I would like to report a fishing attempt I get from people using your portal as a trust tool. Here is the resume : - Hacker calls me on phone and tells me my computer is hacked. To prove this, he proposes me to type: "validator" in Google https://www.google.com/search?hl=en&q=validator which leads to your website : [image: image.png] Then he asks me to type my email address in the field. example : [image: image.png] And then to click the check button. With any Gmail address, your web page returns a weird error page : https://validator.w3.org/nu//accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1# [image: image.png] Then the caller tells me that if I see an error page my computer is hacked. As I'm working in a web agency company and aware of your website, I followed the steps. But at that point, I said I will call the police, and the hacker quit the phone call. I imagine he would have tried to make me pay something or lead me to download some sort of virus. What concerns me, is that I think your website should better handle the error case of an email address put in that field as it is the case for toto@titi.com : https://validator.w3.org/nu/?doc=http%3A%2F%2Ftoto%40titi.com%2F Best Regards, Romain. -- -------------------- via Gmail
Attachments
- image/png attachment: image.png
- image/png attachment: 02-image.png
- image/png attachment: 03-image.png
Received on Friday, 27 November 2020 00:06:36 UTC