Scamming the scammers

Filed Under: Malware, SophosLabs, Spam, Video

Scammers use decoy documents (fake invoices, bogus airline tickets, imaginary lottery wins, political commentary on Tibet, information about World Cup 2010 fixtures, and so forth) to trick us into opening files which are dangerous.

SophosLabs is pioneering techniques to use non-dangerous decoy documents to fight back against scammers.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

We don't just get them to open these documents but aim to suck them in thanks to the content of the document, thus distracting and delaying them. This means that:

  • they aren't digging around for important data to steal,
  • they are more likely to trip up Host Intrusion Prevention System (HIPS) rules, since they stay on-line and active for longer.

This greatly decreases the effectiveness of their hacking forays, and greatly increases the chance of them getting busted.

So to anyone who says, "Traditional security companies aren't interesting in helping to catch the bad guys, only in selling software to block their malicious activities," I say, "Rubbish!"

Prevention is better than cure.

PS: You can guess what sort of material distracts the hackers best.

, , , , , ,

You might like

2 Responses to Scamming the scammers

  1. Omega_1 · 1715 days ago

    I received a letter someone purportedly in Tanzania, the old "Money in the bank which we need to get out of the country" bit. Oddly enough, the Tanzanian stamp is uncancelled! That, in itself, ought to be worth something to a philologist, right? Anyway, per the letter, which states that the sender has recently been in communication with my father (yeah, right! My father died several years ago, so the sender must be a very good spiritual medium!). I'm supposed to reply by fax, not the Internet. How can I draw this person into an expensive muddle of his own without giving him any more details of myself?

  2. Harry · 1098 days ago

    You guys are fantastic! It's always a pleasure to read how y'all are on top of your game :)

    Keep up the excellent work and NakedSecurity articles!

    You've got a dedicated reader

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog