I wonder if scammers are intentionally misspelling subject lines because most security savvy people will just delete those as obvious scams and move on. This would have a two pronged effect:<p>1. it would filter out security savvy individuals from the actual payload, who might report the scam.<p>2. it would map to the least security conscious individuals who would be the most likely to fall for it.
The next logical step after finding where the data is sent, is to use a script to fill the phisher's database with rubbish... there are sites like <a href="https://www.fakenamegenerator.com/" rel="nofollow">https://www.fakenamegenerator.com/</a> which will help you create fake-yet-plausible identities.<p>I remember many years ago I was sent a keylogger. I reversed it, found it was configured to upload keylogs to an FTP server on a free webhost, and promptly replaced the existing contents of it with as many copies of The Bible as would fit in the few MB of space available.
Is it ethical or possible to attack the attacker by spawning a few cloud instances that POST dummy but nearly legit responses to their website? This way they would have to comb through and hopefully verify a lot of crap to find victims' card numbers?<p>Unless of course they were clever enough to embed some fake cookie to track responses to specific emails...
And yet, if you turn off JavaScript to protect against this type of thing, you end up breaking most financial websites.<p>(American Express is in fairness the one site that continued working ok as I recall)