Everyone has probably received "phishing" scam emails, where an impostor sends an email appearing to be from a legitimate site (e.g., eBay, your bank, etc.) and asking you to enter your login & password info to fix a problem in their system. The scam is that they now have your info and can impersonate as you, steal your credit card, etc.
I was catching up on Robert Cringely's columns this evening, and saw his excellent suggestion of how to stop the phishers: rather than relegating their emails to your spam filter, reply to those emails with false info. It is easy and low-cost for the phishers to send out tons of email in exchange for a decent profit. Instead, it should become much more expensive and difficult for them:
If you get phishing e-mail, go the web sites and enter false data. Make up everything -- name, sign-on name, password, credit card numbers, everything. Instead of one million messages yielding 100 good replies, now the phisher will have one million messages yielding 100,000 replies of which 100 are good, but WHICH 100?Posted by Tom Nugent at June 9, 2005 08:40 PMThis technique kills phishing two ways. It certainly increases the phishing labor requirement by about 10,000X. But even more importantly, if banks and e-commerce sites limit the number of failed sign-on attempts from a single IP address to, say, 10 per day, theft as an outcome of phishing becomes close to impossible.
No bounties are required, no cops, no parallel webmail systems that force us to log-in to e-commerce sites when they tell us to. Phishing just becomes a very unprofitable business, which it should be.