Scammers use decoy documents (fake invoices, bogus airline tickets, imaginary lottery wins, political commentary on Tibet, information about World Cup 2010 fixtures, and so forth) to trick us into opening files which are dangerous.
SophosLabs is pioneering techniques to use non-dangerous decoy documents to fight back against scammers.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
We don't just get them to open these documents but aim to suck them in thanks to the content of the document, thus distracting and delaying them. This means that:
- they aren't digging around for important data to steal,
- they are more likely to trip up Host Intrusion Prevention System (HIPS) rules, since they stay on-line and active for longer.
This greatly decreases the effectiveness of their hacking forays, and greatly increases the chance of them getting busted.
So to anyone who says, "Traditional security companies aren't interesting in helping to catch the bad guys, only in selling software to block their malicious activities," I say, "Rubbish!"
Prevention is better than cure.
PS: You can guess what sort of material distracts the hackers best.
I received a letter someone purportedly in Tanzania, the old "Money in the bank which we need to get out of the country" bit. Oddly enough, the Tanzanian stamp is uncancelled! That, in itself, ought to be worth something to a philologist, right? Anyway, per the letter, which states that the sender has recently been in communication with my father (yeah, right! My father died several years ago, so the sender must be a very good spiritual medium!). I'm supposed to reply by fax, not the Internet. How can I draw this person into an expensive muddle of his own without giving him any more details of myself?
You guys are fantastic! It's always a pleasure to read how y'all are on top of your game :)
Keep up the excellent work and NakedSecurity articles!
You've got a dedicated reader