Tuesday, April 10, 2012

Don't Stop Phishers, Turn Them Into Educators

I think we should stop shutting down phishing sites when we regain control of them and turn them into educational opportunities instead.

First, change the message on the phishing landing page so when some idiot lands on it they get told in big bold letters "HOW FUCKING STUPID ARE YOU ANYWAY?" and explain how they've just been saved from credit card or identify theft with links to resources to educate them further.

Second, log the IPs of all the idiots that click through to the phishing sites and send those IPs to their associated ISPs so they can address the problem by sending educational material to their customer. I wouldn't mind seeing the ISPs block access to the IP until they're forced to read and complete an online educational course on how to avoid being phished and infected with Trojans as it's in everyone's best interest long term.

Third, leave the phisher/spammer sites running, pumping out email, etc. Find out the full extent of their network by NOT shutting them down. As long as someone else has regained control of the landing sites, let the phishers keep pumping out tons of email that will drive idiots that click to get educated about being phished.

Perhaps with such a different strategy aimed at educating the idiots instead of simply stopping the phishers the end game will be more successful because hopefully better educated internet users will stop clicking on bad things thus removing the incentives for the spammers and phishers in the first place.

Call me crazy if you will, but the current methods aren't working and it wouldn't hurt to try something new for a change.