Have you ever gone fishing where you keep dropping your line and a few minutes later your bait is gone? Eventually, you pick up your line and go elsewhere, don’t you?
What if we applied this to Phishing? Perhaps every single person that receives a phishing email should actually click through on the link and enter bad information in the login or Credit Card requirements. Perhaps we should absolutely overwhelm their servers with so much traffic that they give up!
Wouldn’t this be a much more offensive defense than simply trying to detect Phishing sites and deter people from them?
According to Wikipedia: In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Ebay and Paypal are two of the most targeted companies, and online banks are also common targets. Phishing is typically carried out using email or an instant message, and often directs users to a website, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
I’m curious if this would work. Feedback?
Here’s a phishing email that I receive every single day in my email:
I really wish I could mess these guys up. By the way, Firefox does a darn good job of identifying these sites:
While you can’t prevent anyone from spoofing your company in a phishing email, you can ensure that ISPs that validate your deliverability before allowing them into an inbox can’t verify their origin. This is accomplished with the implementation of email authentication frameworks like SPF and DMARC.