Phishing is a big problem. Can I suggest that the banks set up dummy phishing bank accounts with no money in them and issue logins to the bank accounts to all their customers. Maybe this could just be done via one central bank account and simply present a logical account number via the online banking.
Then when customers receive a phishing mail, they go to the phishing site and type in the dummy details.
The crooks then capture the dummy details and to all intents and purposes they can't tell the different between this account and a real one because the crooks would then be using the real banking site. The site could even be modified to show an account balance.
Then they try and move the money from that bank account to their own bank account and by typing in the details of where they are trying to send the money to, we might stand a better chance of being able to catch them.
At the very least the very large number of false bank details would tie up the crooks' time and make successful phishing that much harder.
Just a thought, anyone got any better ideas?
Subscribe to:
Post Comments (Atom)
Popular Posts
-
An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
-
The UK Government Digital Service (GDS) has just had a reboot . However will it be value for money and deliver its objectives? Will th... -
Your profile indicates you have been contracting recently, therefore you will only be interested in contract work then? Incorrect. Thi...
-
Find me on LinkedIn https://www.linkedin.com/in/siliconglen/ Medium https://siliconglen.medium.com/ thanks Craig
-
BBC NEWS | Politics | £141m benefits computer shelved : "It is the latest in a long series of computer problems for the government....
-
Please visit this link . I used to run a PRINCE2 group on LinkedIn, but have now closed it (no point in duplication) Craig
-
Every time I go to the post office there's a queue. No matter how much they try and keep the queue length down, inevitably you get stuck...
-
I've been having a busy time over on the Cambrian House site lately. Check out my profile and the full set of awards I completed last ...
-
Dear BBC. I am a licencepayer who lives in the UK. Your attempt at an iPlayer service for Gaelic is a disgrace. 1. The iPlayer ...
-
A useful first step in proving the functionality of software, websites etc. Now all we need is a link up to ensure that the unit tests ensur...
1 comment:
The good thing about this type of response to phishing is that, unlike IP address tracebacks etc. once you start tracking the money, you're going to start finding the right people, not a botnet host or some other innocent bystander.
This method is already being used by at least one commercial organization (brandimensions) offering anti-phishing protection to financial institutions.
From their web page explaining their process:
"We recommend establishing a bank account and active credit card number assigned to Brandimensions projects managers. Once a Phishing attack against your organization is confirmed, our project managers can submit the assigned card's number to the Phishing page. This provides your fraud department with an immediate trail for following the flow of outgoing funds."
(note that i am deliberately not linking to their site to avoid even looking like a spammer. and no, i'm not affiliated with them in any way, but i do deal with phishing incidents professionally and have been noticing a lot of reports coming from them lately. so i went to their site to see what they were about and was suitably impressed.)
Post a Comment