The problem of not being able to contact Norton Symantec by email exposes a loop hole in their processes when reporting Suspected Phishing Sites via https://submit.symantec.com/antifraud/phish.cgi.
.
I received an email from noreply@upperdeck.com stating that my child has registered on their Upper Deck website. The email did not provide any information to identify my child nor could my child confirm they had registered. The only links provided in the email was to a privacy policy (http://www.upperdeck.com/privacy.aspx) and parental revoke form (http://www.upperdeck.com/member/parentrevoke.aspx). Norton Site Safety says the ‘Site is Safe’. On the face of it, the website, privacy policy and parental revoke form all appears to support the ‘Site is Safe’ statement.
.
Because the revoke form requests personal information I suspect that the email and web site are working together in phishing. I reported the website to Symantec's Suspected Phishing Sites' at https://submit.symantec.com/antifraud/phish.cgi
.
However there is a possibility that my child did register and forgot, also Norton says ‘Site is Safe’. So I’ve allowed for benefit of doubt and emailed customer_service@upperdeck.com. I explained my concern and I’ve reported them to Symantec's Suspected Phishing Sites. If they can provide evidence that my children did registered with them I will apologise and withdraw my suspicion. I wanted to, but was unable to copy the email to Symantec's Suspected Phishing team.
.
The two step process to exploit the loop hole is thus.
• Create web site that appears safe,
• Send email to victim stating that child has registered and has provided victim’s email as the parent. This is step 1 of the deception, the email looks like a bog standard impersonal automated email and used this not to provide any information to prove the victim’s child has registered. Victim decides that they do not want their child to be registered with web site and conveniently provides a link to a web page that allows parent to revoke child’s registration.
• Victim visits web site because Norton says ‘Site is Safe’. The revoke form requests personal information about victim and child so that child’s registration can be revoked. This is step 2 of the deception; it is made to look official, portray the owners as responsible, provide links and words that distract the victim from using common sense etc.
• Even if victim reports the site to Symantec, is anybody going to ask the question; “Why would a site want to ask for personal information when it is saying it is allowing a parent to revoke registration, especially as the information is not even collect online?”
• Even if someone asks this question, as Symantec does not publish their emails, the victim is unable to provide evidence that the email and web site are working together as a phishing process– this is the loop hole in Symantec processes.
Whether or not www.upperdeck.com is safe illustrates how a phishing process can exploit the loop hole created in Symantec decision not to publish emails and use this process in portraying a site is safe when it is not.
.
My request to Symantec – publish your emails so that where phishing is a process rather than just technical, the evidence can be provided to you.
.
Regards
James Thomas