Hacking a scammer’s website is like beating up your school bully, but in this case, its hard to sympathize with the victim. A Reddit user named Tomble, was just checking his email when he saw a fake “PayPal verification” in his inbox. For most of us, we just ignore the message or mark it as spam, but for this guy, he started to do a little detective work.
Redditor Tomble was able to figure out the sender’s FTP address with just a simple ping of the domain. With this, he found out that the FTP password is just “passw0rd,” which is the usual default password used by the service. Tomble did not stop updating the scammer’s website, filling it with pictures of kittens, he also tracked down and saved the details of the victims.
“Interestingly the site had a plain text file called ‘robots2.txt’ which contained the credit card numbers and various other contact and ID details of people. I called them all up and let them know their card had been compromised. I hate scammers,” he wrote in his post in Reddit.
“My first course of action was to email the ISP. After half an hour with no response, I realised that more people were submitting their contact details, and it was still early in the day. I decided to deactivate the site and inform people who were attempting to submit info. The image I linked to here is what you would see if you entered your credit card details then hit ‘send.’”
Tomble found a number of victims and called them up to warn them about the scam. One victim was from Thailand, so instead of calling him up and waste precious dollars on phone bills, he just emailed him. The hacker deleted all the details that were stolen by the scammer, and posted this message for future victims to read.
via: Techie Buzz