<span class="gmail_quote"></span>
<div style="DIRECTION: ltr">
<div style="DIRECTION: ltr">> In any case, it's d clear that the person who posted that response has *no<br>> idea*<br>> how most bank's anti-fraud systems work.<br>><br>> First off, the phishers *can't* just run through all the data they've
<br>> gotten<br>> in just a few seconds, unless they distributed the work across a bunch of<br>> botnet<br>> zombies - hits for more than a few dozen different accounts from the same<br>> IP<br>> in the same timespan are suspicious at the very least.
<br>><br>> Secondly, the phishers can currently usually be sure that the victims have<br>> given them reasonably good data (unless the victim is a dweeb who can't<br>> enter<br>> their DoB or account number correctly). On the other hand, if the phished
<br>> data<br>> has been polluted by 90% bad data, then only 1 of 10 attempted<br>> transactions<br>> will succeed - and the fact that they're trying lots of different bad data<br>> will<br>> again hopefully trigger an alert. If you only succeed every 10th time,
<br>> and you<br>> get locked out after 3 attempts with different bad data, it's going to<br>> take you<br>> a lot longer to figure out which ones are good and which ones are bad....<br><br><br>Consider that some of these fake accounts could also be used as Honey keys.
<br>They would of course have to work in conjunction with the banks /<br>sites to utilize this.<br><br>It would be rather difficult for a phisher to sort through thousands<br>of Id's when IP addresses keep getting shut off based on a Honey Key.
<br><br>You would have to own a lot of BOTs and a lot of patience.<br><br><br>Duck<br> </div><span></span></div>