from Hacker News

Ask HN: Why Not Spam Identity Thieves?

by eliyak on 7/11/13, 9:29 PM with 4 comments

How about pre-loading user databases on commercial websites with lots of fake data? There are plenty of username generators out there, also password generators, and I even found a valid credit card number generator (without the security data, of course). Identity thieves would suddenly have to deal with a major noise/signal problem.

I don't have the energy/time/skills to make this work, but I'm sure someone out there does.

by Pyramids on 7/11/13, 11:47 PM
This would only work against very low level / amature phishing operations.
Most of these systems not only validate user login information (often in real time) but also place live authorizations on cards to make sure they are valid.
For example, the "credit card generator" you found probably just uses MOD10/Luhn to generate 'random' numbers, starting with 3/4/5 depending on the card type you select.
If you're looking to simply add friction to low level identitiy thieves, it'd probably work, but the real question is what is your motiviation?
Your time would be better spent contributing to existing phishing prevention projects, or attempting to coordinate with network providers to get these sites taken down more quickly, the majority of victimization occurs from large scale data theft or professional phishing / malware operations like IceIX/Citadel, not Joe Blow's Wells Fargo phishing page.
by sillysaurus on 7/11/13, 9:44 PM
Interesting idea, but if you pre-loaded a database with a bunch of fake profiles, then the hackers would simply use all profiles after id N. So you'd have to continually be generating new "fake" profiles during production, which would cause extra load for the servers. That translates into higher cost.