|An interesting answer to Phishing
||[Jun. 8th, 2005|08:59 pm]
This week, he had a rather interesting little idea for dealing with phishing.Most weeks, I read the "I, Cringly" column. |
There's no point reporting phishing emails to the bank/website, as they don't currently seem to care. Reporting them to their hosting firms is usually too hard, as they pick dodgy firms. They don't have to get many real (but muppet) people's data to make money, so their sites don't have to last long.
Cringly's answer is to change the last parameter. Currently, they only get the details from muppets, and they can use/sell these on. If everyone was to go to all the phishing sites they get emailed, and enter made up details, that totally changes. Instead of getting 100 sets of details, all valid, they get a couple of thousand, most of them made up. Now they have the hassle of trying to figure out which ones are valid, and which are made up.
With enough people feeding them crap, it won't be worth doing the sifting. Also, most sites have a maximum number of failed login attempts per day, so they can't just work their way through the list until one gets them in - chances are, they'll run out of attempts on the crap ones before reaching the real ones.
So, all that needs to happen is that everyone visits the phishing website and gives them crap, and hopefully phishing will die out shortly afterwards. Got to be worth a try at any rate!