Quick PSA: 8000hours.org (not 80000hours.org) is a malicious scam site

By Will Bradshaw @ 2023-01-13T18:48 (+65)

Just what the title says: 8000hours.org is a malicious scam/phishing site. If you mean to go to 80000hours.org and come across something strange/confusing, be aware and take care to keep yourself safe. (EDIT: And maybe think twice about going to the scam site yourself; one user contacted me to say that their browser had autocompleted information into its fields.)

I've accidentally gone to this site instead of 80000hours.org a few times over the past year, and each time it's been a different scam, so it seems to change hands/tactics frequently. Some of them were convincing enough that I'm worried they'd catch an unwary user.

I've notified 80K about this; this post isn't meant to be a complaint or criticism about them, just to make others aware of the danger. That said, people from other orgs reading this might do well to think about what other domains close to their own someone might use to prey on their users, and what they might do to pre-emptively prevent this.


Stone @ 2023-01-13T20:17 (+16)

And for the love of god, DO NOT GO TO THAT WEBSITE BECAUSE YOU'RE CURIOUS. CHROME WILL AUTOFILL INTO THE SITE BEFORE YOU CAN REACT AND I HAVE NO IDEA WHAT OR HOW MUCH.

This should be standard advice for any phishing warning, unless it's on a forum where everyone already has tons of cybersecurity experience. Do not click it, do not type it in, don't click any 80k link for a while without inspecting it first. This will probably target other links too, ASAP, so just make sure to check every link that you're clicking.

peterhartree @ 2023-01-13T20:56 (+4)

(If you want to visit the domain but not have it saved in your Chrome omnibar, just open an Incognito window.)

Dawn Drescher @ 2023-01-13T22:29 (+2)

Why would that happen? If the domain is different, Chrome wouldn’t fill in any information from another domain. For me it just redirects to a run-of-the-mill domain squatting type website on yet another domain. Could be that it checked some of my browser settings and decided that the risk was too high that I’m a security researcher, and so redirected to an innocuous website. I haven’t tried hard to fool it.

Will Bradshaw @ 2023-01-13T23:08 (+2)

For me it just redirects to a run-of-the-mill domain squatting type website on yet another domain.

Yeah, it's changed to point to something a lot less directly malicious since I last checked this morning. (But, well, no reason to think it won't change again tomorrow.)

Lorenzo Buonanno @ 2023-01-13T21:33 (+11)

I recommend people install Ublock Origin.

It blocks a lot of spammy/scammy websites, including the one that 8000hours redirects me to.

peterhartree @ 2023-01-13T20:54 (+8)

Thanks for the heads up.

From memory: I tried to register this domain 4-5 years ago, but it was already taken. 80,000 Hours does own 800000hours.org, 80000hours.com, and several other variations.

Guy Raveh @ 2023-01-14T00:36 (+4)

And their express aim is decimating people's capability to work 🙃