Ooh, I’ve got referrers, how exciting. I must check them out. No, but not by clicking on the link directly. Let’s google your domain. What’s that? It’s a parked domain? No, never! Ah, but only the root.
The subdomain is live and kicking, hosted on Digital Ocean, with email provided by Proton Mail, the Swiss encrypted email service loved by scammers really security-conscious users. It must be legitimate then. So legitimate that the domain was created at 9.20pm last Sunday evening, a whole four days ago, for the whopping cost of $10.98.
How very convincing. What’s this? Analytics using Umami? Well you’ve got me then. You may now know my dynamic IP address, assuming GDPR compliance is really poor. So you know where I live, right?
Er, well probably not, as my IP address is currently leaking that I’m simultaneously in central London, about about five miles outside Maidstone in Kent and somewhere near Milton Keynes. Damn those pesky 5G broadband customers!
If you’re lucky, your delicious analytics will also have shown you that I’ve been rifling through your website source code, which is all very interesting. Well, I’m not very well going to click on that great big “next” button before studying the JavaScript to understand what it does, am I?
As far as I can tell, what you want me to do is enter my website password into the “claim” form field, which will then zip away into your clutches via socket.io, and in return you’ll serve me a nice friendly error message telling me that my account is banned. Sounds like a fair deal.
The question that remains is: am I being targeted, or is this a simple fly-by operation? Well, honestly, it’s too early in the day for a full-blown paranoid privacy-meltdown. I haven’t even had my morning coffee yet. So I’ll give you the benefit of the doubt and ignore you for now, convincing myself it’s totally random.
I mean, if it was a focussed effort to gain access to my site because you don’t like something I’ve written, why wouldn’t you just contact me to talk it over? Have courage of your convictions? Why would you cast some bait, when you could simply send me a private message via my contact form?
But then, where would be the fun in that? Twenty-first century espionage, playing wannabe spies, is so much more fun. Only, it assumes the rest of us are really dumb.
Last modified: 26 January 2023
