When I get a Phishing email about a bypothetical PayPal or Ebay account, I
usually return some random data, with an invented witty but offensive
password of the day, to the offending web page in the hope that who is doing
it will waste a few minutes on trying it all out.

Is this a good idea. If all the millions of target users did it, the
phisher would get so snowed under with garbage information he or she
couldn't function.

bland

"bland" <rusty@666.fsnet.co.uk> wrote in message
news:djsjjn$6d5$1@news8.svr.pol.co.uk...
If this verifying step is done manually, maybe some minutes of the Phisher
are wasted. However, it is no big effort to program a mechanism which try to
login with the provided data. Only if the login was successfully the
Phishing author will be informed. Note that Phishers are often very skilled
people.

Regards,
Michael

"Michael Meckelein" <michael@go-on-line.de> wrote in message
news:4361eb52$0$22541$9b4e6d93@newsread4.arcor-online.net...
I think it has some effect as I usually get 4 or 5 attempted accesses to my
firewall the day after I do this.

bland

From: "bland" <rusty@666.fsnet.co.uk>

| When I get a Phishing email about a bypothetical PayPal or Ebay account, I
| usually return some random data, with an invented witty but offensive
| password of the day, to the offending web page in the hope that who is doing
| it will waste a few minutes on trying it all out.
|
| Is this a good idea. If all the millions of target users did it, the
| phisher would get so snowed under with garbage information he or she
| couldn't function.
|
| bland
|

It would be far better to submit any phishing attempt email to the Anti-Phishing
Organization.

http://www.antiphishing.org/report_phishing.html

Just capture Full Headers and Body and send an email to; reportphishing@antiphishing.org


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman wrote:

It is a good idea to forward the email by making it an attachment. This is
better because the anti-phishing people need to see the full email headers.

Imhotep

From: "Imhotep" <Imhotep@nospam.net>



| It is a good idea to forward the email by making it an attachment. This is
| better because the anti-phishing people need to see the full email headers.
|
| Imhotep

That will depend on the email application but it does NOT have to be an attachment.

For example, in OE you can choose the properties --> details --> message source and use
Ctrl-A and Ctrl-C to copy the full header and text and then paste it into a new message.

In Pegasus Mail you can view it in Raw Mode and Ctrl-A and Ctrl-C to copy the full header
and text and then paste it into a new message. You can also drag and drop the phishing
email into the body of the new email.

What I'm saying is it does not necessarily need to be an attachment.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman wrote:

....sure or you can simply forward the email as an attachment (which is
probably the easiest way to do it).

Imhotep

I usually forward the Phishing e-mails to spoof@ebay.com or
spoof@paypal.com as appropriate and I get the routine form letter back
saying "we will investigate".

Does anyone know if these organizations really try to investigate and
prosecute the phishers? Is there any track record of sucessful
shutdowns and prosecutions?

Or is it just good public relations for them to feign concern for
their clients, but not really do anything...

Beachcomber

From: "Beachcomber" <not_real@xxx.yyy>


|
| I usually forward the Phishing e-mails to spoof@ebay.com or
| spoof@paypal.com as appropriate and I get the routine form letter back
| saying "we will investigate".
|
| Does anyone know if these organizations really try to investigate and
| prosecute the phishers? Is there any track record of sucessful
| shutdowns and prosecutions?
|
| Or is it just good public relations for them to feign concern for
| their clients, but not really do anything...
|
| Beachcomber
|

You'll notice that the major AV companies are working with the APWG. The get samples and
wrie signatures for the AV software so email can be detected with said signatures.

Below is such an exmple...
Phish-BankFraud.eml.f -- http://vil.nai.com/vil/content/v_131770.htm

Also note the US CERT is a working partner with the APWG.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Beachcomber wrote:


I have noticed that when I have forwarded the phishing email, a couple of
days later the site is down....

"Imhotep" <Imhotep@nospam.net> wrote in message
news:Mq6dnQhJYKnn_P_eRVn-sQ@adelphia.com...
....and the one most likely to be automatically blocked, or unreadable to an
automated system. The Clarify helpdesk at w*rk, for example, doesn't even
attempt to open mails with attachments, but simply dumps them in a bin for a
human to look at.

Since these sites must receive the same phishing email thousands of times,
my assumption would be that they are scanned mechanically for URLs. And
placing the full message contents in the body of the email would be the
easiest way to help them do something about the phish.

Don't forget - the headers tell 'em where it came from, but they need the
body of the email to locate the actual website.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!