Low-tech solutions to problems the world shouldn't have in the first place: part 1 of N
I've been receiving a truly absurd number of "phishing" emails recently. It appears Western Union really wants me to validate my account information. This got me wondering, what's the signal to noise ratio of responses to phishing scams? Put another way, how many people who respond to phishing scams, respond with valid account information?
Without any real data to go on, the cynic in me says that the majority, or at least a significant minority of phishing responses contain genuine account information. If that's the case, all we need to do is bump up the noise a little bit. What if every time you got a bogus email, you responded to it with some plausible but incorrect account info? Better yet, put a button on your email reader that'll do it for you?
The question now is, how time-intensive is it for a phisher to verify an account name and password? If they are doing it by hand, then it wouldn't take that many participating people to make it not worth a phisher's effort. If they're doing it via a script, well then bogus information would only be wasting computer time, and that's cheap.
Anyone who actually knows something about the world of phishing scams care to chime in? Has this approach been tried before? Are there any downsides? The thought occurs to me that by responding to a phisher, even with bogus info, you may be confirming that your email account is "live" which might result in more spam.
No comments:
Post a Comment