Phishing is a big problem. Can I suggest that the banks set up dummy phishing bank accounts with no money in them and issue logins to the bank accounts to all their customers. Maybe this could just be done via one central bank account and simply present a logical account number via the online banking.
Then when customers receive a phishing mail, they go to the phishing site and type in the dummy details.
The crooks then capture the dummy details and to all intents and purposes they can't tell the different between this account and a real one because the crooks would then be using the real banking site. The site could even be modified to show an account balance.
Then they try and move the money from that bank account to their own bank account and by typing in the details of where they are trying to send the money to, we might stand a better chance of being able to catch them.
At the very least the very large number of false bank details would tie up the crooks' time and make successful phishing that much harder.
Just a thought, anyone got any better ideas?
Subscribe to:
Post Comments (Atom)
Popular Posts
-
Having been on hold to the Orange contact centre (I guess that's what you would call it, I might call it a non-contact centre) for appro...
-
In a breathtaking act of complete user ignorance, the so called new user experience of Windows Vista is now significantly harder to shut dow...
-
An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
-
For some unknown reason Google has removed the very useful BlogThis feature from the Google toolbar. However if you want the BlogThis functi...
-
Trying a bit of reverse marketing here to see whether posting to Google Groups: uk.jobs.wanted and also to Ebay.co.uk in an unconventional...
-
Another government IT disaster. 10 years behind schedule, the Dunblane gun register is 'unfit for purpose' . The article also mentio...
-
The scene: A person on vacation walks into a late night store to buy some nuts. Present: The person, a shop assistant and a selection of ta...
-
Find me on LinkedIn https://www.linkedin.com/in/siliconglen/ Medium https://siliconglen.medium.com/ thanks Craig
-
There is only one time in the history of each planet when its inhabitants first wire up its innumerable parts to make one large Machine. Lat...
-
All In the last few months, I have seen the traffic to this blog rise to a reasonable level and there's been a lot of diverse comments a...
1 comment:
The good thing about this type of response to phishing is that, unlike IP address tracebacks etc. once you start tracking the money, you're going to start finding the right people, not a botnet host or some other innocent bystander.
This method is already being used by at least one commercial organization (brandimensions) offering anti-phishing protection to financial institutions.
From their web page explaining their process:
"We recommend establishing a bank account and active credit card number assigned to Brandimensions projects managers. Once a Phishing attack against your organization is confirmed, our project managers can submit the assigned card's number to the Phishing page. This provides your fraud department with an immediate trail for following the flow of outgoing funds."
(note that i am deliberately not linking to their site to avoid even looking like a spammer. and no, i'm not affiliated with them in any way, but i do deal with phishing incidents professionally and have been noticing a lot of reports coming from them lately. so i went to their site to see what they were about and was suitably impressed.)
Post a Comment