all-encompassingly

we still remember mitch hedberg

apply yourself earnestly and freely to the overthrow of all your former opinions

« Let the fight begin
Amnesty International - Gitmo gulag? We don’t know. »

  

Jun 7th 2005

Stop the Phishing

phishing (pronounced “fishing”):

In computing, phishing is the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information.

Bob Cringely explains a rather novel way to defeat this epidemic of phishing.

The simple way to kill phishing is by making it harder for the phisher to make money from it. Right now, a phisher sends out a million e-mails and gets back 100 replies that yield positive data. There is almost no effort involved in sending out the e-mails after the first one, and the quality of the return data is very high. No wonder this is such a popular business!

Let’s change that. If you get phishing e-mail, go the web sites and enter false data. Make up everything — name, sign-on name, password, credit card numbers, everything. Instead of one million messages yielding 100 good replies, now the phisher will have one million messages yielding 100,000 replies of which 100 are good, but WHICH 100?

Posted by doug in doug, technology |

5 Responses to “Stop the Phishing”

  1. June 13th, 2005 at 9:11 pm
    ari

    Well, I’ve actually tried that, but their sites keep rejecting my attempts. I know — from being a MasterCard/Visa merchant myself — that there are clearly one or more algorithms by which they generate legit credit card numbers (my processor will correctly reject a cardnumber that’s off by one digit EVEN BEFORE IT LOGS IN FOR APPROVAL, so there’s clearly an internal recognition protocol).

    I’d therefore assume that the phishers know the protocol(s) and have set up their sites to reject bogus numbers.

    So: Have you, or anyone you’ve talked to, actually tried what you’re suggesting yourself and gotten the scam sites to take bogus numbers? If, so what do you do to make up the numbers?

  2. June 13th, 2005 at 9:12 pm
    ari

    BTW, if anyone wants to reply to me directly, I’m ari at testwell dot com.

  3. June 14th, 2005 at 5:09 am
    doug

    My spam filters are pretty good, so I haven’t got a phishing email since I posted this entry to the blog.

    The only way that they would be able to distinguish actual card numbers from those that are generated (and fit the checksum or whatever) is that they must have a merchant account that is validating the cards.

  4. June 20th, 2005 at 12:03 pm
    George Warren

    I have been researching anti-phishing solutions and just came across
    Green Armor Solutions Identity Cues
    http://www.greenarmor.com

    This appears to be a very interesting approach to preventing users from falling prey to phishing and pharming – anyone out there using their solution?

    G Warren

  5. June 27th, 2005 at 9:04 am
    Rajesh Harbhajan

    George –

    I would be happy to provide you with the information that you need regarding Identity Cues.

    Please send me an email or call me in the Green Armor Solutions office.

    Thank you.

    Rajesh Harbhajan
    Green Armor Solutions
    rajeshh -DO NOT SPAM ME - THE AT GOES HERE - greenarmor.com

    http://www.greenarmor.com

Leave a Reply

note: by commenting, you indicate that you have read and accept all-encompassingly's comment policy. please print it and keep a copy of the document in your wall safe along with your living will or advance directive.

Tired of hitting refresh
to check for new stuff?
Enter your email address
and be notified when we post:



 

categories

blogroll



all-encompassingly is proudly powered by WordPress
Entries (RSS) and Comments (RSS).