Update: I have redacted the company’s name at their request. I spoke with a partner at the company. They are pulling the site down, which is hosted at an outside hosting company. The hosting company was running an old version of Apache and the financial services company is a small outfit which doesn’t have in-house IT. They are taking care of the error.
From the Great Irony department. A financial services company is hosting a phishing site. As of this afternoon, Paul Laudanski at CastleCops “was told the folks are in a conference meeting, she cannot interrupt. I strongly urged [her] to interrupt as this is very bad PR for the company, but [she] would not sway.” I called as well and got the same run-around. Absolutely refused to help in the matter, short of taking my number, insisted that the person responsible is off site in a meeting and cannot be reached. Sad state of affairs.
So because she won’t “interrupt a conference meeting”, the site is live right now.
Why do I bother blogging this? I see sites constantly compromised for phishing scams and I guess I’m just going to start raising the volume a bit more on poor security practices that lead to these types of things.