vancel at winfreeacademy.com
Fri Mar 10 19:17:25 GMT 2006
Jon R. Kibler wrote:
>What if we were able to make life more miserable for phishers? Would it slow them down or discourage them?
>Would it be ethical to do so? Legal?
>A thought along those lines: There are dozens of programs available that will generate 'legitimate' fake credit card numbers, bank account numbers, etc. There are all sorts of ways to generate lists of names. Use these types of programs to create millions of bogus identities. Then flood the phishing site with so much bogus information that it would become a real chore to sort out the legitimate phish caught from the decoys. To accomplish this would be simple:
> 1) Visit the phish site and determine the information they are collecting.
> 2) Write a simple shell script to generate the required bogus data in HTTP POST (or whatever method used) format.
> 3) Have the shell script submit the bogus data (netcat, etc.) to the phish site one bogus identity at a time.
>A real dumb phisher may even try to use bogus data and that may be the trigger that gets them caught.
>Just a thought...
The only thing that I would be concerned about is if you randomly
generate real credit card numbers. All they have to do to meet the
criteria for a valid card is start with the correct numbers for the type
of card and pass the mod-10 test. There are a finite set of numbers
that meet those criteria, so the odds that you'll accidentally hit a
valid number are higher than you might feel comfortable.
When I worked for an online credit card processing company, it amazed me
how little information you need to successfully run a credit card
transaction. All you need is the credit card number and any date in the
future to use as the expiration date (it does not have to be the real
expiration date). All of the other information is there as a
verification, and the merchant gets charged a higher rate if they pass a
transaction without it, but the transactions can go through without any
personally identifiable information. It's a little scary. The personal
information is needed if they want to steal your identity and get more
credit cards in your name.
The clearing house and cc processor will return special codes if
information doesn't match, but they won't deny the transaction without
it. It's up to the Merchant to deny the transaction at that point to
prevent the increased transaction fees. Most legitimate businesses
follow the standard and deny the transaction, but in this instance we're
talking about people that don't care.
Winfree Academy Charter Schools
More information about the list