by jimkri on 12/13/2024, 5:37:32 PM with 2 comments
Hey HN,
I’m exploring an idea and wanted to get feedback from the community, particularly anyone dealing with phishing scams or online fraud at scale.
The premise: I want to make phishing and scamming operations more expensive for attackers—without crossing any legal or ethical lines.
The approach:
- Investigate phishing/scamming campaigns to identify their infrastructure and operations.
- Strategically initiate "cost-inflation" campaigns to drive up the attackers' expenses, making it less profitable for them to target specific domains or organizations.
This could involve tactics like the repeated browsing of phishing sites to increase bandwidth usage and submitting consistent fake data to counter their attacks on customers' personal information.
The goal:
While completely stopping phishing is likely unrealistic, making it significantly more expensive and less profitable can lead attackers to move on.
I’ve observed that many companies either won’t take action or feel they can’t do much to combat phishing, but I believe there’s an opportunity here. Scammers often operate on razor-thin margins, and making targeted attacks costlier could have an outsized impact.
The potential service:
Businesses suffering from large-scale phishing attacks could pay per quarter for these targeted, legally-sound countermeasures.
What this won’t include: This strictly follows legal and ethical guidelines—no hacking, DDoS, or compromising servers.
---
- Are there organizations that might find this valuable?
- Are there existing companies or services doing something similar already?
- What potential legal or ethical pitfalls should I be considering?
I’m exploring an idea and wanted to get feedback from the community, particularly anyone dealing with phishing scams or online fraud at scale.
The premise: I want to make phishing and scamming operations more expensive for attackers—without crossing any legal or ethical lines.
The approach:
- Investigate phishing/scamming campaigns to identify their infrastructure and operations.
- Strategically initiate "cost-inflation" campaigns to drive up the attackers' expenses, making it less profitable for them to target specific domains or organizations.
This could involve tactics like the repeated browsing of phishing sites to increase bandwidth usage and submitting consistent fake data to counter their attacks on customers' personal information.
The goal:
While completely stopping phishing is likely unrealistic, making it significantly more expensive and less profitable can lead attackers to move on.
I’ve observed that many companies either won’t take action or feel they can’t do much to combat phishing, but I believe there’s an opportunity here. Scammers often operate on razor-thin margins, and making targeted attacks costlier could have an outsized impact.
The potential service:
Businesses suffering from large-scale phishing attacks could pay per quarter for these targeted, legally-sound countermeasures.
What this won’t include: This strictly follows legal and ethical guidelines—no hacking, DDoS, or compromising servers.
---
- Are there organizations that might find this valuable?
- Are there existing companies or services doing something similar already?
- What potential legal or ethical pitfalls should I be considering?