2009-10-13

Phishing and SPAM, A Crowd-Source Solution

You know… a long time ago, we told people to “just ignore” spam. Answering it, we said, would just get them to send more to us. If we ignore it, it will eventually go away. History has proven us wrong, very wrong indeed. We didn’t factor in that even a 0.01% idiocy rate is profitable when millions of people are tagged. Now, we’re telling them to just ignore phishing, like it will go away. It's time to admit we were wrong; It’s time to start fighting back.

Instead of telling people to ignore phishing, we should tell them to respond with a lie. Every piece of SPAM or Phishing attempt should be answered with bogus information. That way, the economies of scale change, they change in our favour. Instead of them sending out 10,000,000 emails and getting 100 replies from stupid people, they get 100,000 replies where only 100 are real. Then, they have to go through each one, sorting out the good from the bad. Not only do we get some satisfaction in wasting a little bit of the phisher’s time, we also protect the 100 really stupid idiots that responded with the truth.

Send out a batch of emails telling people they have won the lottery, and your email server gets buried under false replies. Send out a link for selling Viagra, and you get millions of orders with fake credit card numbers and a shipping address to the Vatican. Phish for passwords and get more back then you could ever process, mostly garbage. The Nigerian businessman should always get buried under requests for more information, false bank account numbers, and phone numbers for some telemarketing companies. Reply to everything; make a game of it. Let the phishers waste time sorting out the mess they get back. What have we got to lose? They already have our email addresses. The results can’t be any worse than they are now.

It's a simple crowd-source solution to SPAM and Phishing. Why should we try to figure out technical solutions to the problem of responding idiots. Tell everyone to respond with garbage; bury the phishers with data and leave them the task of creating technical tools to fix their problem. All we have to do is tell everyone to lie. That's pretty easy to do. It's fun too.