Scammers use decoy documents (fake invoices, bogus airline tickets, imaginary lottery wins, political commentary on Tibet, information about World Cup 2010 fixtures, and so forth) to trick us into opening files which are dangerous.
SophosLabs is pioneering techniques to use non-dangerous decoy documents to fight back against scammers.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
We don't just get them to open these documents but aim to suck them in thanks to the content of the document, thus distracting and delaying them. This means that:
- they aren't digging around for important data to steal,
- they are more likely to trip up Host Intrusion Prevention System (HIPS) rules, since they stay on-line and active for longer.
This greatly decreases the effectiveness of their hacking forays, and greatly increases the chance of them getting busted.
So to anyone who says, "Traditional security companies aren't interesting in helping to catch the bad guys, only in selling software to block their malicious activities," I say, "Rubbish!"
Prevention is better than cure.
PS: You can guess what sort of material distracts the hackers best.