Earlier this week I noted that most PayPal phishing sites are stale – they are based on old versions of the PayPal login page. It seems that most WAMU phishing sites are also stale.
However, most WAMU phishing sites use a date from 10/29/2004.
Why is this significant? The old date (and other timestamp code in the HTML) creates a kind of signature. Either we have a single phisher creating most of the WAMU spoof sites, or someone created a kit that’s being used by multiple phishers.