Get back at phishers

Opinion
Sep 9, 20052 mins

Long ago, I heard that if we sent the empty postage paid return envelopes back to the junk mailers of the world, it’d cost them extra postage and maybe even overwhelm and discourage them a little. So for a while, I derived a small sense of satisifaction sending back their empty envelops (while shredding their offers that contained my identifying information). After a while, I decided it wasn’t worth my trouble and gave up. Now, there’s a way to get back at phishers in a similar manner by inputting the phisher’s URL to a template at Phishfighting.com, which will send fake responses to the phish site every 20 seconds. Phishfighters is the brainchild of Robin Grimes, a Web developer by day, who got sick of submitting junk mail data on the 5-10 phishes he receives each day and set out to do something about it. “The point is to send so many fake responses to the phishers that they have to sort through too much data to determine what’s real and what’s fake,” he told me in a telephone interview recently. E-mail recipients need only go to Phishfighters.com and enter the site’s URL in a template. The site then shows you a page frame with a prepopulated entry to the phish site, which submits itself to the phish site every 20 seconds. To get the phisher’s URL, phish recipients can click the link and copy the URL in their browsers and paste it in the template (which I don’t recomend because touching their site could let in spyware or rootkits), or they can hover their cursors over the link and copy it from the tooltip or bottom of the browser window, or they can view the source htmll of the e-mail to locate the hidden link, all of which he describes here. Grimes isn’t deluded into thinking that doing this will stop phishers, just like sending back the empty envelopes didn’t stop my junk mail. “My program won’t stop phishers, but it sure feels good to have a safe way to strike back at phishers,” he said. “I’m getting a lot of good feedback from IT people who say the same thing.”

deb_radcliff

Deb Radcliff is an investigative journalist and analyst focused on computer crime and security. Her work has appeared on Security Boulevard, the SANS Cyber Security Blog, and SC Media, among other outlets. She stood up an analyst program for SANS Institute and ran it for 15 years before joining the Cyber Risk Alliance as strategic analyst on the business intelligence unit. She is author of the popular cyber thriller series, “Breaking Backbones,” available at Amazon.

Deb won two Neal Awards for investigative business reporting. She holds a Bachelor’s degree in journalism from San Jose State University.

More from this author