Phishing is a big problem. Can I suggest that the banks set up dummy phishing bank accounts with no money in them and issue logins to the bank accounts to all their customers. Maybe this could just be done via one central bank account and simply present a logical account number via the online banking.
Then when customers receive a phishing mail, they go to the phishing site and type in the dummy details.
The crooks then capture the dummy details and to all intents and purposes they can't tell the different between this account and a real one because the crooks would then be using the real banking site. The site could even be modified to show an account balance.
Then they try and move the money from that bank account to their own bank account and by typing in the details of where they are trying to send the money to, we might stand a better chance of being able to catch them.
At the very least the very large number of false bank details would tie up the crooks' time and make successful phishing that much harder.
Just a thought, anyone got any better ideas?
Subscribe to:
Post Comments (Atom)
Popular Posts
-
Find me on LinkedIn https://www.linkedin.com/in/siliconglen/ Medium https://siliconglen.medium.com/ thanks Craig
-
An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
-
Every time I go to the post office there's a queue. No matter how much they try and keep the queue length down, inevitably you get stuck...
-
Having been on hold to the Orange contact centre (I guess that's what you would call it, I might call it a non-contact centre) for appro...
-
I've been having a busy time over on the Cambrian House site lately. Check out my profile and the full set of awards I completed last ...
-
It has always surprised me that in the US, where holidays are valued and children get about 6 weeks more annual holiday than the UK, that ad...
-
In contrast to my usual relaxed drive to work I was on the motorway today. Tailgaiting seems to have got worse. It's not enough to be ...
-
I thought I would write this to document the ongoing problems I have with my Nokia N97. It seems from the conversation in the phone shop tod...
-
Introduction You may be wondering the significance of the three Scottish flags in the image. I took this picture a few weeks ago. I'...
-
Dyson's motto is "100% suction all the time" or "The vacuum that doesn't lose suction". The consumers' assoc...
1 comment:
The good thing about this type of response to phishing is that, unlike IP address tracebacks etc. once you start tracking the money, you're going to start finding the right people, not a botnet host or some other innocent bystander.
This method is already being used by at least one commercial organization (brandimensions) offering anti-phishing protection to financial institutions.
From their web page explaining their process:
"We recommend establishing a bank account and active credit card number assigned to Brandimensions projects managers. Once a Phishing attack against your organization is confirmed, our project managers can submit the assigned card's number to the Phishing page. This provides your fraud department with an immediate trail for following the flow of outgoing funds."
(note that i am deliberately not linking to their site to avoid even looking like a spammer. and no, i'm not affiliated with them in any way, but i do deal with phishing incidents professionally and have been noticing a lot of reports coming from them lately. so i went to their site to see what they were about and was suitably impressed.)
Post a Comment