Author Topic: fighting phishing by entering junk data  (Read 217 times)

0 Members and 1 Guest are viewing this topic.

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 6541
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
fighting phishing by entering junk data
« on: August 17, 2020, 01:45:00 am »
https://blog.haschek.at/2020/stopping-phishing-campaigns-with-bash.html
Taking it a step further, the banks could create trap credentials and give those credentials to the phishers using phishing emails forwarded to a phishing report address. Then when the phisher tries to log in with the trap credentials, the bank gets alerted to that and takes action.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 3025
  • Country: si
Re: fighting phishing by entering junk data
« Reply #1 on: August 17, 2020, 05:40:11 am »
Id say its more of a fun thing to do in an afternoon while at the same time getting satisfaction for messing up a webservice without feeling guilty about it.

Its still a good bit of work to reverse engineer the website and make a script that fakes submissions, and its difficult getting a list of phishing sites since they are typically sent directly to people via email/sms and never advertised anywhere while also too short lived to be picked up by search engines (What would the search term look like anyway?)

Tho i suppose if the criminals ware smart they would have also logged a bunch of other information like the IP and browser. So when they see a suspiciously large amount of submissions from one place they can filter it out as garbage data. Not many people have a botnet at there disposal to use that to bombard them with data perfectly randomly.
 

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 6541
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: fighting phishing by entering junk data
« Reply #2 on: August 17, 2020, 01:15:46 pm »
Its still a good bit of work to reverse engineer the website and make a script that fakes submissions, and its difficult getting a list of phishing sites since they are typically sent directly to people via email/sms and never advertised anywhere while also too short lived to be picked up by search engines (What would the search term look like anyway?)
Probably the easiest way to get a wide variety of phishing emails would be to set up an address that users can forward the emails to.
Quote
Tho i suppose if the criminals ware smart they would have also logged a bunch of other information like the IP and browser. So when they see a suspiciously large amount of submissions from one place they can filter it out as garbage data. Not many people have a botnet at there disposal to use that to bombard them with data perfectly randomly.
Would be really fun to do it with VPN IPs, CGNAT, and Tor. In that case, merely discarding all data from IPs with a lot of submissions would also discard real data.

I think the easiest way to undermine phishing in the first place would be to pose as black hats on the darknet selling "stolen" credentials that are actually just worthless random data. Probably not strictly legal due to laws against false advertising, but who would report that?
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf