Hello and welcome to the Tuesday, April 22nd, 2025 edition of the Sands Island Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

And no, I won't mention it every single episode going forward, but remember, Sands Fire, July 14th through July 19th and to register just

sansfire.us. Well, in today's diaries, Jan is writing about his favorite topic fishing and

in part, well, why is it still so easy? In the particular case that Jan is presenting here,

it's a very straightforward fishing attack.

It implements one of those webmail forms

that we see very often being used to fish email credentials,

and then, well, it's advertised.

We are sort of a simple email failure notice. Again,

a very common scheme being used to lure users in clicking on fishing links. However, it's then

being directed to a dynamic IP address. Essentially, it uses one of those dynamic IP forwarding systems to

host this particular website. It is forwarded to this dynamic IP by Google's own

double-click.net system. And that's sort of really where Jan has an issue with Google, making it just too easy

for attackers. This particular site has been flagged for about a week now by VirusTotal, which also

is run by Google. So the data is certainly there to prove that this is not a good site to direct users to.

Well, I guess you can also do the same thing yourself, block doubleclick.net.

I've been actually doing this for a while, sort of a very simple ad blocker as well, and it seems to be working well.

Of course, it will break some real ads that you may be

interested in, but you can always go to the company's website directly. And then if everybody

taking currently a writing class in college could just skip for a minute, the next story is about

chat GPT and rummyami docs.com. They discovered that chat

...