On 02/07/2014 09:03 AM, Olivier Nicole wrote:
I was considering, instead of plainly dropping the phishing
emails, why not deceiving it: having automatic replys with
invalid informations.
I guess that people who launch phishing campaings get few
answers, but the answers they get are correct, the username and
password match. What would happen if they gey thousands of
answers that are mostly incorrect? They would have to waste time
and resources to check every answer.
Phishing campaigns don't usually expect a reply, they want you to
fill in your data into a web form on either a dedicated or exploted
web site.
By "reply" I don't mean mail reply, but automatically filling their
web form with garbage.
Don't underestimate the talent behind phishes. Although their msgs
sometimes are so badly translated between languages they've become fun
to read, the "backend" remains effective. Enough ppl still fall for
them.
They can easily discern from garbage and usefull data,programatically,
and in the worst of cases, there's LOTS of cheap "Cloud Based Manpower
On Demand" to do it for them.
