Wamu Phishing Sites Stale Too
Earlier this week I noted that most PayPal phishing sites are stale - they are based on old versions of the PayPal login page. It seems that most WAMU phishing sites are also stale.
If you take a quick look at the HTML source of the standard WAMU login page, you'll find some javascript that looks like this - its pre-populated with today's date.
var g_dtToday = new Date("03/23/2005");
However, most WAMU phishing sites use a date from 10/29/2004.
var g_dtToday = new Date("10/29/2004");
Why is this significant? The old date (and other timestamp code in the HTML) creates a kind of signature. Either we have a single phisher creating most of the WAMU spoof sites, or someone created a kit that's being used by multiple phishers.