Humboldt: A distributed phishing disruption system

Conventional techniques for combating phishing have focused primarily on detecting phishing web sites and preventing users from revealing their passwords to such sites. This passive form of defense is by its nature incomplete and does nothing to protect users that do reveal their passwords. Combating the phishing threat requires more than simple avoidance-it requires a more active approach to disrupting even successful phishing operations. Humboldt is a distributed system that submits poisonous fake data to phishing web sites that is indistinguishable from the input of actual phishing victims. The poisonous data collected by a phisher produces detectable behaviors when the phisher attempts to use it and provides a mechanism for tracking activities associated with identity theft. We evaluate Humboldt to show that it is effective in disrupting phishing operations with a reasonably low overhead.