I receive several emails a day notifying me that my account has been compromised and need to update account information.

These are of course "phishing" emails, and I usually (out of boredom) will go to the bogus site to see how sophisticated they are...today I got to thinking..

How hard would it be to create a counter measure for these phishing sites? I realize that they are like weeds, as soon as you kill one, ten more rise up to replace it..but what if..

What I am proposing would a be tool that you could "train" for each phishing site, create a series of instructions for providing bogus data, upload it to a network of servers that then hammer the sites with phoney information.

The beauty of it all is that, theoretically, you could feed the databases enough spoiled data that the entire lot was considered "bad" and abandoned.

I know it's not revolutionary, this type of poison apple situation has been implemented several times for other counter-measures (email harvesters namely).

The question is, would it work? Or would it just force them to get smarter, I've already seen a couple in the wild with CAPTCHA type systems (and a couple with fake captchas, they "generate" the same image each time)..so this would likely be easy to foil, but wouldn't it be cool if there were a way to corrupt their data?


So if this solution won't work...what will? Anti-Phishing toolbars help, but wouldn't it be nice if rather than helping people ignore the problem, you could help stop the problem?

Much like SPAM filters are only one part of the fight, there needs to be something more proactive in the phight againt phishing (har har).