Ask HN: Why Not Spam Identity Thieves?
How about pre-loading user databases on commercial websites with lots of fake data? There are plenty of username generators out there, also password generators, and I even found a valid credit card number generator (without the security data, of course). Identity thieves would suddenly have to deal with a major noise/signal problem.
I don't have the energy/time/skills to make this work, but I'm sure someone out there does.
4 comments
[ 3.6 ms ] story [ 19.6 ms ] threadAlso, to make things really convincing, there would also need to be fake transactions which the application could somehow recognize as such. The solution to that might be with fake products, these being in fake product categories that are in a fake category root. Complicated, yes.
Most of these systems not only validate user login information (often in real time) but also place live authorizations on cards to make sure they are valid.
For example, the "credit card generator" you found probably just uses MOD10/Luhn to generate 'random' numbers, starting with 3/4/5 depending on the card type you select.
If you're looking to simply add friction to low level identitiy thieves, it'd probably work, but the real question is what is your motiviation?
Your time would be better spent contributing to existing phishing prevention projects, or attempting to coordinate with network providers to get these sites taken down more quickly, the majority of victimization occurs from large scale data theft or professional phishing / malware operations like IceIX/Citadel, not Joe Blow's Wells Fargo phishing page.