Phishing for phishers: An idea


I just had another phishing email today and had an idea how to fight against it. (Phishing is an email which looks like it is from one company but was actually from someone else, they are designed to steal your login details – Hence, they were “fishing” for my details)

I was curious to know how close the dummy login page looked to the real one (I should point out at this point you should never normally even click on a link on email like this, it can be really unsafe!). So that you don’t have to try this I show two images below for you to have a look at:

As you can see, they are pretty identical (the first one is the fake one).

Taking care
Don’t worry, it isn’t hard to avoid these phishing scams. Here’s a few tips to help you catch these.

Is it likely?
Firstly, it’s actually quite unlikely that your bank would suddenly need to contact you for any reason. If somethings important, they’ll almost certainly send a letter.

Avoid links
If you do recieve an email and you think it is genuine, don’t use any links embedded in the email, instean open your Internet browser and type the name in manually, or use one of your own bookmarks if you have one.

Fake URL’s
If you do use a link inside an email (or even on the internet) it’s a good idea to check what the URL is. This appears in the box, usually at the top of your browser (For instance, this website’s URL is: “” you should see this in the box).

Phisihers usually attempt to trick you by including the real one with their own. For instance, this is a fake url: “” – notice the additional text at the end “” – this is actually the real address of the website.

Always check the right most text of the top URL part. This is the part between the “http://” (or “https://”) and the first “/”, e.g. (in bold):


Many modern browsers actually highlight this part for you now.

An idea
Once you’ve realised what’s going on, any information can be added into these websites. In fact simply entering dummy account information will start to put of the phishers, however a much more ingenious thing to do would be for the real companies affected by these emails to set up dummy accounts, and then enter these details into the phishing websites.

Now, as soon as these dummy details are entered on the real website a company can take immediate actions to stop them, perhaps logging and banning their IP address, so that no real accounts can be used from that position. Alternatively, with the help of the police, perhaps money transfers could be tracked as they are made.

Of course, it’s highly likely that this is already taking place. Perhaps it’s only a matter of time before these people are caught.

Let me know what you think.

Share This:

Big Thinking

Just thought I’d drop in a link to my current favourite website:

It’s basically a lot of questions, but you get the opportunity to add your own, leave a response to another, or start a debate about another one.

Makes you think – which has got to be a good thing.

Share This:

Another move?

Yep, I’ve moved house again. Finally got out of the middle of town. No it’s just a few minutes home for me. No more traffic – terrific!

I’ve moved into a nice little cottage now, exposed beams and all. I was staring at the ceiling in my living room the other day, and It took me that those beams look just like a skeleton. The exposed bones of the house. Just though I’d share that with you.

Also, I just thought I’d complete my broadband NTL posts which I started back in December. I have to admit that since the orginal setup (which they utterly messed me around with) it was running as smoothly as I could hope for. Perhaps Virgin taken them over really picked up there customer care? Who knows…

Well that’s me for now.

Share This: