Hackers are using your website http://validator.w3.org/

Hello,

I am living in France, and I would like to report a fishing attempt I get
from people using your portal as a trust tool.


Here is the resume :

- Hacker calls me on phone and tells me my computer is hacked.
To prove this, he proposes me to type: "validator" in Google

https://www.google.com/search?hl=en&q=validator

which leads to your website :

[image: image.png]

Then he asks me to type my email address in the field.

example :

[image: image.png]


And then to click the check button.

With any Gmail address, your web page returns a weird error page :

https://validator.w3.org/nu//accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1#

[image: image.png]


Then the caller tells me that if I see an error page my computer is hacked.


As I'm working in a web agency company and aware of your website, I
followed the steps.
But at that point, I said I will call the police, and the hacker quit the
phone call.

I imagine he would have tried to make me pay something or lead me to
download some sort of virus.



What concerns me, is that I think your website should better handle the
error case of an email address put in that field as it is the case for
toto@titi.com :

https://validator.w3.org/nu/?doc=http%3A%2F%2Ftoto%40titi.com%2F



Best Regards,
Romain.

-- 
--------------------
via Gmail

Received on Friday, 27 November 2020 00:06:36 UTC