I have always wanted to beat “phishers” at their own game. Briefly, a phishing scam creates a page that looks like a legitimate site, requesting user name and password information. The scammers send phony requests via electronic mail under a variety of pretenses, urging customers to follow the enclosed link. Instead of going to your bank or eBay or PayPal, the link goes to their rogue server that looks like a legitimate site and the information is logged there for subsequent criminal activity.

As a rule, if everyone who received a phising attempt (or a mortgage solicitation for that matter) took the time to follow the link, then input bogus data, then the scam / solicitation would instantly be rendered ineffective. The criminals would be faced with sorting through thousands of garbage records in order to locate the actual victims.

Unfortunately as a society, we’re don’t do all that well at things that benefit the “collective good”, so we’re stuck with scams in our mailboxes.

But AJAX changes that.

I have often thought &mdash what better way to beat the capture of confidential information from gullible users than to flood phishing databases with useless data? The main problem is that it takes a little time, some programming expertise, and a web server to really do a good job.

My guess is that the proportion of technically savvy people who receive phishing attempts has to be at least as high as the proportion of gullible users. So if those of us with web skills generate scripts that in turn generate thousands of bogus requests, we at least make life difficult for the criminal element.

The benefit of AJAX is that you can use it to generate automated page requests right from the browser. A relatively simple bit of JavaScript code can put random data into a request, then direct it at the rogue server. You can share this page with your not-so-savvy friends, just to make IP address filtering more difficult for them.

The process is pretty simple: look at the source of the scam page, figure out what fields are in the form’s request back to the server, then create an AJAX request that fills the form with random but correctly formatted data. Post the request to the server, then loop back and do it again. Repeat until someone takes the server down.

Someone could even write a little library to generate phone numbers, valid state codes, valid postal codes and credit card numbers, and then it would be even easier. I wish I had the time.

Mastodon