Jack Yan
Global  |  Leadership  |  Experience  |  Media  |  Videos
Blog  |  Contact
 
  You can’t beat Wellington. Subscribe to my Facebook page Join my page on Facebook Follow me on Twitter Follow me on Drivetribe Follow me on Tumblr Follow me on Linkedin Follow me on Weibo Check out my Instagram account Follow me on Pinterest Subscribe to my blog’s RSS feed  

 

Share this page




Quick links


Surf to the online edition of Lucire





Add feeds



Get this blog via email
Enter your Email


Powered by FeedBlitz

Enter your email address:


Delivered by FeedBurner



 

The Persuader

My personal blog, started in 2006.



« | »

08.04.2017

Could the fight against phishing be shifted?

I wasn’t able to find anything about this online, and I wonder if anyone was already doing it. If not, maybe someone should.
   Could the big players, e.g. Amazon and Apple, not provide the public with a fake email address and password (or a series of them) that we can feed in to phishing sites? When the crooks then use the same to enter Amazon, they could be reported with their IP address and caught. Is anyone doing this?
   In other words: make fake accounts to fight fake emails.
   It seems regular people like us can spot phishing long before the big sites and web hosts do, and this could act as a deterrent against this sort of criminal activity. Like a lot of things, we’d democratize scam-busting, instead of reporting them to the authorities.
   Of course we can still report the phishing site to APWG, Spamcop et al, but it’ll take hosts some time before they shut down the site, by which time the crooks will have made off with a lot of usernames and passwords.
   I imagine some of these people will have built in safeguards, e.g. they keep a record of the emails they send phishing messages out to, and if the one you provide doesn’t marry up, they’d know. But then, do all of us use the same email on these sites? If their aim is to cast their nets widely, then they would want those extra email addresses. I don’t necessarily use the same email address on all websites. Greed might trump the fear of getting caught, since the average scam nets the criminal US$4,500.
   I know they’d also get suspicious if a whole bunch of us entered the same address and password, so these might need to be automatically generated regularly to bait the scammers. The oldest ones would be deleted.
   Comments are welcome. It seems such a simple idea that it must already be out there after so many years, but maybe the pitfalls of generating so many would present difficulties, or maybe such an idea has already been tried and discarded.

Related posts

Filed under: internet, technology—Jack Yan @ 23.04

Leave a reply