Reading_Hospital_R_Building

United States Virgin Islands Hospital

Sounds impressive. The building on their web page also looks impressive.

Reading_Hospital_R_Building

But this isn’t in the Virgin Islands.

The St. Croix Source published this article today, warning of the hoax.  My jaw dropped and,because I’m a geek I had to look further.

Beyond the obvious issues on the web site that the Source pointed out, those trees would not be found on the islands, and there isn’t a gigantic hospital called USVIH in the middle of St. Thomas, I wanted to look from a technical side and try to figure out who built this site and see if I could uncover any point to the hoax.

My first stop was to look up the Domain Registration, which also appears false. (I used use Whois.com’s Whois lookup feature.) Some of the data returned was :


Administrative Contact:
Mendez, Lianne mededucator@hushmail.com
13 Long View Road
Hamburg, AL 07419
AX
+1.3126548654

So, right off the bat I would question why the site Administrator would be in Alabama.. and why would the phone number be a Chicago, Il number? Further, why would a professional web site use a free domain (even one that is HIPAA Compliant) for their contact emails and not their own mailserver?

I then reviewed the HTML code for the front page. Looking to see if there was anything else obvious. (This is simple to do, surf to the web site and click on your browser’s “view source” option.) While there is quite a bit of code involved, if you do this on the fake web site, scroll down towards the bottom and you’ll see “…span class=’image’ style=’background-image:url(resources/Phoneixville_Hospital_-_Operating_Room.jpg.opt100x100o-24%2C0s149x100.jpg);’…” These are the image links. So the scammer did not even take the time to rename the images before pasting them on the faux web site. I searched around and located the web site I believe these images came from.

If you use the next links on the Wohlsen Construction web site you’ll see that the images were simply lifted in order.

Continuing down the view source of the faux web page I also see an analytic script is in use. This is a way to track visitor demographics, such as how a visitor came to view the page, what operating system is in use and what browser they are using. The analytic script is from a web site called Yola.net, (which is part of Yola.com) this is a free web site design company. It might be possible to track the user account from here since we now have the encoded site id “8a49866b394b12ec01395354b2303f46” andYola was used to publish and register the domain according to the domain registration on 28-Aug-2012.

I have no idea why this web page was created, but it is a fantastic example of not taking everything we see online at face value.  I will take a few wild guesses here, one is a Social Security fraud, gleaning info from unsuspecting employment seekers.. another would be some sort of financial fraud, like “give your money to this charity who’s running a hospital” thing.

But like I said, we web users need to take a few simple steps, such as looking up the domain registration and verifying the information listed looks correct to protect ourselves from this kind of fraud. I couldn’t stress the importance of this enough if you’re submitting something like a resume to, or a using a credit card on, a random site like this.

I also wrote about other red flags seen on web sites from a design prospective in, “Do I Trust this web site?”, a consumer should also look for these kinds of red flags. Remember : “If in doubt, you click out!”

 

~Geof “..attach a photo ID and SSN to all resumes for my fake hospital, because you can trust me.. sure, sure, sure, really you can..” Franklin

Researching ways to improve scientist’s access to data. Programming software to solve humanity’s problems. Disseminating emergency preparedness knowledge. Sharing knowledge about science. Practicing amateur radio. Serving humanity through volunteer efforts. Drives a robot to work.
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *