Hey HN,<p>I’m exploring an idea and wanted to get feedback from the community, particularly anyone dealing with phishing scams or online fraud at scale.<p>The premise: I want to make phishing and scamming operations more expensive for attackers—without crossing any legal or ethical lines.<p>The approach:<p>- Investigate phishing/scamming campaigns to identify their infrastructure and operations.<p>- Strategically initiate "cost-inflation" campaigns to drive up the attackers' expenses, making it less profitable for them to target specific domains or organizations.<p>This could involve tactics like the repeated browsing of phishing sites to increase bandwidth usage and submitting consistent fake data to counter their attacks on customers' personal information.<p>The goal:<p>While completely stopping phishing is likely unrealistic, making it significantly more expensive and less profitable can lead attackers to move on.<p>I’ve observed that many companies either won’t take action or feel they can’t do much to combat phishing, but I believe there’s an opportunity here. Scammers often operate on razor-thin margins, and making targeted attacks costlier could have an outsized impact.<p>The potential service:<p>Businesses suffering from large-scale phishing attacks could pay per quarter for these targeted, legally-sound countermeasures.<p>What this won’t include: This strictly follows legal and ethical guidelines—no hacking, DDoS, or compromising servers.<p>---<p>- Are there organizations that might find this valuable?<p>- Are there existing companies or services doing something similar already?<p>- What potential legal or ethical pitfalls should I be considering?
Sounds necessary, even on some level of community vigilance.<p>Simply doxxing the offending parties and their operations for a level playing field seems praiseworthy.<p>Good luck with that!