funsec mailing list archives
Re: Scamming the phishers?
From: Drsolly <drsollyp () drsolly com>
Date: Thu, 28 Sep 2006 22:41:48 +0100 (BST)
On Thu, 28 Sep 2006 Valdis.Kletnieks () vt edu wrote:
On Thu, 28 Sep 2006 14:15:54 EDT, "Richard M. Smith" said:Is anyone aware of any banks which are creating fake online bank accounts that appear to be valid accounts but with no real money in them? The idea then is to feed valid login information to the fake accounts to phishers.Congrats, you've re-invented honeytokens. ;)These accounts can then be used by investigators to gather intelligence about how phishers operate.The problem is, of course, figuring out how to get the bogus credentials into the hands of the phishers.The fake account can also be used to make phish less attractive by wasting phisher's time on financial transactions thatDoubtful you can inject enough bogus accounts to make it less attractive due to wasted time - you'd need a fairly large farm of distributed machines in likely places. If they get handed 258 hits from some /24 that has a PTR that points to *.fbi.gov or *.bigbank.com, they're not going to take the bait. So you need 258 boxes out in DSL land....
It's a shame that the FBI can't afford an AOL account with non-static IP. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Scamming the phishers? Richard M. Smith (Sep 28)
- RE: Scamming the phishers? StyleWar (Sep 28)
- Re: Scamming the phishers? Valdis . Kletnieks (Sep 28)
- RE: Scamming the phishers? Richard M. Smith (Sep 28)
- Re: Scamming the phishers? Valdis . Kletnieks (Sep 28)
- Re: Scamming the phishers? der Mouse (Sep 28)
- Re: Scamming the phishers? Drsolly (Sep 28)
- RE: Scamming the phishers? Richard M. Smith (Sep 28)