[funsec] Should phishing termination be only in the real of the
dudevanwinkle at gmail.com
Fri Dec 14 13:15:47 CST 2007
On Dec 14, 2007 11:02 AM, Alex Eckelberry <AlexE at sunbelt-software.com> wrote:
> While there have been some funny examples of people who have gone to great
> lengths to hoodwink phishers and other online fraudsters -- and some people
> have even turned the pursuit into a [full-time hobby] (link to
> http://www.castlecops.com/), new research shows that playing games with the
> cyber-thieves just might not be a good idea."
> My response:
I actually think that you should only visit those sites from a secure
isolated VM/VLAN running FF and NoScript (unless you want to get
infect for analysis purposes, then do it from ff or ie in a private
vlan, but I digress.
On to my point: Putting in swearwords is stupid. If you are going to
try and piss off phishers, but in semi-legitimate information so that
they have to spend the time finding out which cards are real or not.
The best thing I have done is had a card canceled for fraud (alerts
will sound if this card is used) and plugged that into phishing
scammers pages. This way, they may actually get caught...
> Alex Eckelberry
> Fun and Misc security discussion for OT posts.
> Note: funsec is a public and open mailing list.
More information about the funsec