My sister just forwarded me an email she got, supposedly from her bank, which she suspected (correctly) of being a phishing scam. I checked it out and it is pretty convincing. I haven’t seen a phishing scam in a while since I’ve adopted the practice of never clicking on any link I receive from anything claiming to be a financial institution in my email. If it is really my bank or paypal account, I go to my account directly and look for the information they are supposedly sending me.

Anyway, I decided to fill out the phorm — with fake data of course — just to see what the scam looked like. As I was doing this, I realized that there are loads of scripts and applications which already do this: ruin my efforts at free, open, public wikis, and force me to disable comments on my blog — SPAM BOTS!! What would happen if we took the tools developed by these con artists and spammers, and used them against themselves? What if we pointed spam bots at these phishing sites? Could we choke them out of existence? Or, would they just start implementing CAPTCHAs — possibly making them appear more legitimate?

I wonder why ICANN isn’t doing something about policing the registration of “Phishing domains” (i.e., domains which are deceptively similar to legitimate ones and serve to con people). I know that this is a delicate and difficult problem, but I believe that some solution exists out there.

Another thought that had occurred to me was along the lines of digitally signing HTML, to prevent people from copying the HTML of legitimate sites, thus making it more difficult to reproduce the look-and-feel — but this goes against my love of copy-paste as a primary method of technology production.