Phorcing phishers to drink from the phire hose

["Richard M. Smith" <rms () bsf-llc com>]

http://news.com.com/Fighting+fraud+by+baiting+phishers/2100-1029_3-6056317.h
tml?tag=nefd.top
 
By Munir  <mailto:edit () zdnet com au?subject=FEEDBACK:Fighting fraud by
baiting phishers> Kotadia 
Special to CNET News.com

Published: March 31, 2006, 7:01 AM PST 
 
RSA Security's Cyota division is helping fight phishing attacks by giving
the online fraudsters what they want: lots of usernames, passwords,
online-banking credentials and credit card numbers. 

Phishing occurs when cybercriminals set up fraudulent copies of a genuine
Web site--usually of a financial institution--and try to lure customers of
that organization into visiting the site and entering their login
credentials and other personal details. 

Unfortunately for the phishers, one of the techniques Cyota is using to help
protect its banking customers is to pump such fraudulent Web sites with so
many fake entries that the genuine details are harder to find, according to
Naftali Bennett
<http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.cyota.com%2Fmanagement-tea
m.asp%3Fid%3D1&siteId=3&oId=2100-1029-6056317&ontId=1009&lop=nl.ex> , senior
vice president of consumer solutions at RSA and co-founder of Cyota,
<http://news.com.com/RSA+acquires+authentication+company/2100-7355_3-5982512
.html?tag=nl> which was acquired by the security giant late last year. 

"The technique is called dilution: We generate a list of bogus credentials
and feed the Web site with false usernames, passwords and credit card
numbers. The fraudster may have obtained 30 genuine credentials out of
300--we are trying to make it less worthwhile and more risky for the
fraudster," Bennett told ZDNet Australia on Thursday. 

...

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.