Page 1 of 1

Hypothetically speaking

PostPosted: Fri Apr 29, 2011 8:23 am
by deldedome
If someone were to be poking around some known phishing sites and just happened to come across a 300-400 item long txt file full of email addresses and passwords. How would someone handle this list? Obviously this person would need to do the ethically right thing but how could they go about doing it? It’s not like if you just received an email telling you to change your password would you actually listen to it? What would you do in a similar situation?

Re: Hypothetically speaking

PostPosted: Fri Apr 29, 2011 2:08 pm
by Goatboy
I would just use a fake email to alert the people on the list. Just tell them that you're an independent security tester (or online vigilante, whatever works) and you stumbled across this list. Tell them that you have done no harm, but that others may not be so kind. Include their password at the bottom so they know you're telling the truth, and hit send. After that, it's beyond your control whether or not they do anything.

It'd probably be best to script this out.

Re: Hypothetically speaking

PostPosted: Sun Jul 17, 2011 12:27 pm
by D0u8l3J
I'd probably do something similiar and create an email with false information so I couldn't be targeted with any consequences, that or I would log into their email and send them a message to themselves saying it's from future them or something similiar (not exactly ethical, but still funny) and say what happened.

Re: Hypothetically speaking

PostPosted: Thu Aug 16, 2012 8:42 pm
by Szayel
D0u8l3J wrote:I'd probably do something similiar and create an email with false information so I couldn't be targeted with any consequences, that or I would log into their email and send them a message to themselves saying it's from future them or something similiar (not exactly ethical, but still funny) and say what happened.

Haha, that sounds like a great idea.