Security researchers are cooking up tactics for beating phishing fraudsters at their own game. Phishers perennially set up fraudulent sites on servers they have compromised. But due to the sheer volume of sites that need to be set up to perform a successful phishing expedition, fraudsters tend to be sloppy. This allows those …
Some phishers are REALLY stupid. For example they will put an ftp link in their phish email which contains the username and password!
From this its really easy to undo all their work.
If I get sent a pishing link
instead of typing in my banking username and password, i'll spend a few moments entering random numbers and insults. I hope it makes their life harder.
Just because some gobshite phisher has compromised a server doesn't mean that you can also enter the server (without permission).
Although this seems more of a shortcoming in the law than anything else.
Who me? Prove it.
Isn't the problem that lamers and people like me don't know enough to secure their PCs?
re: Marc's tactic
If you do that, you might want to edit the link they send you before entering data. There's usually a code string in there that identifies your e-mail address, and you'll only invite further spam.
But, if they get a false password from an e-mail they can't identify (or falsely identify) then you've really tossed them under the train. And, I believe many of the sensitve sites practice IP logging and will be more likely to catch on before an intrusion is made.
antagonizing a criminal
So, 'Marc' recommends hassling phishers. I can only guess that Marc still retains the belief in immortality characteristic of the very young.
Taunting a person who you already know is (1) a criminal and (2) a hacker is just an invitation for that lamer to pay obsessive attention to giving you the very worst day possible from halfway around the planet. It's as smart as picking a fight in a biker bar. You're gonna get something kicked.
Lots of people get older without having to learn in this particularly painful way, but some people always volunteer to serve as a warning to the rest of us.
Of course, it's always possible that 'Marc' is a recruiter, rather than a volunteer...
I started writing a Ruby script to fill their database with crap, although the credit Card numbers would have been valid from a check digit point of view.
Then EastEnders came on, which I don't usually bother about but I wanted to see if Max gets back together his wife after his affair with Stacy and how Bradley is doing. Of course EastEnders was better in the 1980's with Ange and Den and Rolley the dog. Or was Rolley in Grange Hill? Susan Tulley was in Grange Hill and I hated her then and I hated her in EastEnders as well - Todd Cartey was good in both but he will always be Tucker Jenkins to me. Shame the original Mark died. What every happened to Tony, the builder from the first few episodes? He put a record out and nobody bought it. You know Dot Cotton is not an original character don't you? She came in about 6 months after it started. Bill Treacher was great as Arthur going to prison because he stole the Xmas Club money to pay for his duaghters wedding to Loffty and having a nervous break down on the way and she got cold feet at the alter and then married him later anyway. In real life Loffty is now a football pundit on BBC Radio London and he's an Arsenal fan. My wife knows Patrick Vieria's wife, Sherry. She came to our wedding and we were invited to theirs but couldn't go because my wife was due to drop with our first born. Which was a shame because it was a really good do by all accounts.
I never seem to get anything done without being distracted. Biscuit any one? I'm putting the kettle on ...
Finding the Phishers
Actually, its pretty easy to hunt down phishers. Pop over to AA419.org and read what they do.