[Mimedefang] Phishing Question

Mark Johnson defang at astroshapes.com
Thu Apr 6 10:45:39 EDT 2006


This is WAAAAY off-topic, but I was wondering what others opinions were 
of this.  I sat in on a security lecture given by a very reputable 
speaker.  Every aspect of security was touched upon, but the rising 
issue of phishing really caught my attention.  I could never figure out 
why people would ever attempt to send one of these and what they would 
do with the information.  Isn't it likely to be caught?

He went on to explain that people who extract this information from 
users have no intention to use it themselves, but to sell it to someone 
else and I guess about $20.00 a Social Security number is the going rate.

Not that I would necessarily condone this type of activity, but with the 
amount of spam/spyware/adware/phishing attempts I see in a day, wouldn't 
be a really interesting project to do something like this?  Set up a 
database somewhere that had all of the current phishing websites 
locations and the form fields asking for input.  Then, create a network 
of computers like SETI, where nice home users run a program on their 
computer that will take idle cycles and put false usernames and 
passwords to these sites.  If enough people participated, the data 
collected by the phishers would be so bad, noone would ever buy it.  
Noone could possibly verify every entry, either.

Sounds like something out of a movie, but man would it be cool to do 
something like this.  I figured you guys would be the best to ask 
because you are the one's who see the most of this going on (along with 
the S/A users).  I even seriously doubt an attempt at this would thwart 
the phishers...  They'll just move faster and get more creative, but we 
can dream, right?

Thanks!

Mark



More information about the MIMEDefang mailing list