This community on average is more technical than most but that is just aggregate statistics. I would say that in any community you are going to get x% that would fall for a phishing scam.
oh, i mean, i agree. in school, i did a project in a network security class that involved phishing the network security class, and it had a roughly 50% success rate.
if someone were to seriously try and phish any specific site, they'd probably be reasonably successful. the question really is, how long would it take for someone to recognize what was going on and get it killed? will 20 people visit the page, or will 2000?
It pleases me to say that in spite of it being an obvious 'fake' it didn't take mozilla more than a few hours to have the site marked as a phishing site, which I think is really great for them.
To be honest, I'd rather have you, Jacques, be the recipient of my personal information than some random guy with the clear intent of selling that information. I don't even know you!
At the same time, I'm a pretty skeptical guy, and any domain name of www.freeproductx.com screams of fake and phony to me. Anyone that submits their information there, especially from the more technically savvy HN crowd, needs to take a look at what they are trying to accomplish. I do have to give you credit, the site does look amazingly legit, though Google does tend to use minimalistic themes so the time taken shouldn't be too involved. And because I am skeptical, the nameservers aren't all that convincing: NS1.MATTHEIJ.COM :)
There were more than enough hints that this was a prank that even a cursory inspection would show the truth, and that was a conscious decision.
It would have been fairly easy to make it a lot more resilient against that but we figured that by making it this plain those that fell for it would know that they had failed to do due diligence before entering all that data.
A simple whois would have been enough, as would have been a google search for 'second chrome notebook contest' or anything else like it. Google consistently refers to the device as a 'notebook', the site used 'laptop' in the domain but notebook elsewhere, the site was not hosted on a google IP range and so on.
We already got a warning before (I assume) it happened, so I'm guessing it wouldn't take too long before we find out if something like that would occur. Or it might not even reach front page.
