I’ve got a certain domain that for various reason (well, ok, mainly laziness) has a catch-all address setup. This means that any email you write to some randomschmuck@example.com will wind up in my inbox.

Of late, this has meant an increase in spam that is hovering just below the level at which I’ll actually get typing and do something about it. In the meantime, I’ve been getting a number of phishing scam emails, pretending to be from ebay, paypal and other places that might be likely repositories of my considerable wealth.

Of course, these messages usually get marked as junk by Thunderbird and always end up reported to SpamCop but before I trash them I try to take the time and be a real phisherman’s phriend.

Thanks to the magic of automation and cheap bandwidth, these scammers send out millions of these messages in the hopes of catching those remaining gullible folks that still click on spam, actually buy stuff from informercials, fall for Nigerian scams and generally make the world a sadder place. However, this can work to our advantage: there are millions of us and only a handful of scammers… Ergo, we can perform a distributed denial of service of our own.

In the time it takes to fill a form or two, you can bask in the warmth of the knowledge that you’ve wasted a scammers time and/or resources. How? Just click on that link! By apparently giving the phisher what he’s after and filling that form with bogus information, you can guarantee that his hand wringing and evil laughter will soon turn to anguish–at the very least annoyance.

Part of the art of being a true phisherman’s phriend is knowing what to enter. Don’t just put in random values… sometimes the form will repeat itself to validate your data, so you need to remember what you put in. More importantly, you can use this as an opportunity to make a statement by choosing to enter information based on someone you’d like to see, let’s say, more motivated to effect change in this area. Government officials/congress men and women/senators can all be good choices. So are high ranking police officers, for instance someone from the US Attorney’s office CyberCrime Task Force or the RCMP.

In addition to some fake paypal, ebay or whatever login info, you’ll usually be asked for some credit card data. Make sure you:

• Don’t enter any real information (doh!),
• Enter fake info that actually passes muster.

Credit cards have in-built checksums, so only certain numbers are in fact valid. If you’ve got a computer that can run Perl, such as pretty much any Linux machine, then you can download this small credit card generator script and create your own or just do a quick search.

The only things you need to be wary of are:

• Browser autocomplete: you probably want to avoid saving this junk in your browser,
• Malicious code: avoid using inherently unsafe browsers, such as Internet Explorer (IE),
  when accessing a phishing site (you don’t want a free gift to linger after your done, now).
  Go with Firefox instead, for example, and you might
  consider turning off Javascript anyway.
• Tell your friends to do the same but maybe keep your mom or other non-savvy users from playing
  with this. We want to avoid any confusion…

Share this page and turn your friends into phriends! We may yet get rid of this type of annoyance