A phishing story, aka why I need to write a mobile version of Flagfox

Over the past year or so, a few different people have requested I add Mobile Firefox support to Flagfox. My response was always the same: I’d like to, but I don’t own an Android device and can’t really afford get the hardware I’d need to develop for mobile. I recently decided to change that by directly asking my users if they’d like to donate towards Flagfox development, including a mobile version. The response was quite encouraging. I’ve gotten a few hundred small contributions and a few larger ones. I’m not exactly rich now, but I now own a mid-range Android phone and a small tablet. I will be starting on work towards getting Flagfox working in Mobile Firefox at some point soon. If anyone would like to be notified of when I have an alpha or a beta ready for testing, follow this blog or me on Twitter.

Today, I shall tell you a story. This is not fiction; I kid you not, this happened today. I have had my new phone for about a week now. I ended up going with one locked into Verizon because I didn’t want to pay the extra $80 needed for an unlocked phone only to probably end up going with them for coverage. I could tell you another story of how many hours of being on hold and getting the run-around it took to actually get the damn thing set up and another call to get texting working, but this story here is about phishing.

Today, I got a text message. I am a new Verizon Wireless customer, and here in my inbox was a text “from” Verizon Wireless telling me to review my account payments after a recent service disruption. It’s highly unlikely that the attacker knew that I had any recent service issue, but it is an amusing coincidence. This message contained a URL to a site on a raw IP address, in the form of “http​://​255.255.​255.255/verizon​.com/​wireless/” (with a real IP address). I looked at this and laughed. If this were my mother’s new phone, her bank account could now be empty.
Continue reading