Waste Flooding: A Phishing Retaliation Tool

Phishing is a well known attack technique that is still a growing threat in the security area. The Internet popularity and the always connected users increased phishing possibilities by giving attackers new instruments and allowing closer contact to their focus. By applying social engineering methods, phishing thrives on misinformation and because of this, current main phishing response methods focus only on educating users or blocking phishing attempts, without any response to derail the already implemented attacks. These conditions may leave targeted users unprotected, as any leaked information can not be tracked to determine which person suffered from phishing and compromised data that can not be saved or easily detected. In this paper, we present, analyse and evaluate a new response tool that aims to furtively retaliate these attacks by automatic detecting phishing forms and using them to clutter phishing databases with useless information and conceal user data. The evaluation shows that the tool may be useful as a detection-resistant solution and gives a fair response to phishing attempts by flooding the phishing databases.