Hm... this might actually work. But it depends on knowledgeable people actually looking at phishing emails and taking the time to act on them. There are two problems with that.
- The people most likely to recognize a phishing mail for what it is have got mail filters that get rid of such messages
- Making up credible information take too much time.
This is crying out for a mail program plugin. Instead of a spam filter that files or deletes phishing mails we need a phishing filter that automates the act of following the links and filling in the phisher's forms.
Seems doable if not trivial.
The Best Way to Stop These Scams Is by Drowning the Phish06/02/05: Man Bites Phish
...
The simple way to kill phishing is by making it harder for the phisher to make money from it. Right now, a phisher sends out a million e-mails and gets back 100 replies that yield positive data. There is almost no effort involved in sending out the e-mails after the first one, and the quality of the return data is very high. No wonder this is such a popular business!
Let's change that. If you get phishing e-mail, go the web sites and enter false data. Make up everything -- name, sign-on name, password, credit card numbers, everything. Instead of one million messages yielding 100 good replies, now the phisher will have one million messages yielding 100,000 replies of which 100 are good, but WHICH 100?
This technique kills phishing two ways. It certainly increases the phishing labor requirement by about 10,000X. But even more importantly, if banks and e-commerce sites limit the number of failed sign-on attempts from a single IP address to, say, 10 per day, theft as an outcome of phishing becomes close to impossible.
...
