Phighting Phish With Honeypot techniques?

Dan Gillmor wonders if there’s an effective way to battle scam e-mails. Here’s a thought: banks, eBay, CC companies, etc. provide a Web site or Web Service that provides an array of fake userids and passwords that are identified in their back end as “fraudulent.”

  • A savvy person receiving a phish goes to, say, honeypot.ebay.com (the service provided by the real eBay) and says “Gimme’ a traced id.”
  • eBay responds with “JohnSmith78“ “87htims“
  • Savvy person clicks through to the phish site and “logs in“ as “JohnSmith78“
  • The phisher passes through the traced id and eBay says “Hi, John, you have $25,213,123 in your account“
  • The phisher says “Oh, wire that to Russia Federal Credit Union account #1234“
  • Standard wire fraud techniques are used thereafter

Of course, the use of offshore accounts by phishers is a challenge, but that’s a matter for law enforcement, not gullible Internet users.