Whenever I get a phishing email, I make it a point to go the site and enter random (but believable) information. I feel this “dilutes” whatever information the phisher gets and may prevent an unfortunate person from being scammed. I also look up the owner of the web site and report it to their abuse email.
Yesterday I received a phisher email. After decoding, the url was i]url removed. Note that this site opens a popup over the real Citibank web site. If you have a popup blocker, you may only get the real Citibank site.
This IP address is owned by a company in Korea and they give the email address to report abuse as e-mail addy removed. I entered my usual junk and sent a email informing epnetworks they are supporting a scammer. I immediately received an email back stating that they won’t accept email at this address.
This attitude is inexcusable – they don’t want to hear about abuse. So, I ask everyone to carefully go the URL above and enter random, but believeable, information. Let’s dilute the information this scammer collects so it’s useless.
[Identifying url and e-mail address removed–TVeblen]
I certainly won’t discourage anyone who wants to join you, but such efforts may indeed be futile and only waste your time, not the fraudsters.
Many phishers are building their forms with some degree of AI included. Scripts that can recognize whether an entered credit card number has a valid numbering scheme, or whether the zip code you enter actually exists in the state that you select. If they aren’t running such scripts right there in the form, you can bet they have even more running in the background, scrubbing the legit victim information from any backlash.
There is also more than one way possible to execute an attitude adjustment on the remote network, but navigating the backbone of an fraudster working overseas is the bottleneck that all anti-phishing folk currently face.
IMHO, the best thing to do with your time is make sure the company being spoofed is aware of the details of the phisher mail that you received, and that the Internet Crime Complaint Center (http://www.ic3.gov/) gets a copy of your phisher mail and full headers. These are the entities who’s legal momentum has the best chance of ever reaching out to touch Korea, either through brandname-driven global netiquette or law enforcement.
Further, the Korean ISP is more than likely just hosting a compromised server, and as soon as they lock it down or take it offline, the fraudster responsible will just hop to his/her next zombiebot waiting in line. Not that there is anything wrong with securing the net one server at a time…that’s just about all any of us can do untill some decent legislation is passed.
Echoing on what honeydewgrrl said, dealing with phishers like this is just a big waste of time. I understand you’re pissed off, but I have absolutely zero interest in trading my time with that of a scammer on a one for one basis.
And we have zero interest in our board being involved in any way. Leave us right out of this guerilla campaign.
Ex_Chemist, do not do this again.
TVeblen