funsec mailing list archives
Re: Scamming the phishers?
From: Valdis.Kletnieks () vt edu
Date: Thu, 28 Sep 2006 16:30:29 -0400
On Thu, 28 Sep 2006 14:15:54 EDT, "Richard M. Smith" said:
Is anyone aware of any banks which are creating fake online bank accounts that appear to be valid accounts but with no real money in them? The idea then is to feed valid login information to the fake accounts to phishers.
Congrats, you've re-invented honeytokens. ;)
These accounts can then be used by investigators to gather intelligence about how phishers operate.
The problem is, of course, figuring out how to get the bogus credentials into the hands of the phishers.
The fake account can also be used to make phish less attractive by wasting phisher's time on financial transactions that
Doubtful you can inject enough bogus accounts to make it less attractive due to wasted time - you'd need a fairly large farm of distributed machines in likely places. If they get handed 258 hits from some /24 that has a PTR that points to *.fbi.gov or *.bigbank.com, they're not going to take the bait. So you need 258 boxes out in DSL land....
never get completed. Things may also get really interesting if the false account information is sold to another party for them to steal money.
That does have possibilities. :)
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Scamming the phishers? Richard M. Smith (Sep 28)
- RE: Scamming the phishers? StyleWar (Sep 28)
- Re: Scamming the phishers? Valdis . Kletnieks (Sep 28)
- RE: Scamming the phishers? Richard M. Smith (Sep 28)
- Re: Scamming the phishers? Valdis . Kletnieks (Sep 28)
- Re: Scamming the phishers? der Mouse (Sep 28)
- Re: Scamming the phishers? Drsolly (Sep 28)
- RE: Scamming the phishers? Richard M. Smith (Sep 28)