Hi all;
I had a question. Everybody knows that scammers abound on the Internet, and that they rely on International borders for protection. Every scammer I have run into has used G-Mail, or some other "free" mail site to run their operation. Sure, we can report them to Google, but that just means that account gets shut down and they open another.
I recently got a scam mail to help move 15 million out of Syria in return for 10%. The email included an image of his passport (so I know it's real). I was going to bait the guy, and was thinking of sending a fake ID in return (just to be fair) but realized that my fake ID might be used as a basis for another scam.
This got me thinking. Sure, we can shut down an account, but identifying the components of a scam could flag an account before it accomplishes its intent. For example, if the image used for ID by the scammer was added to a watch list, any account sending that image would be known as a scammer. Google has image analysis capability, so it seems that even attempts to thwart the system by changing a couple pixels each time could be thwarted.
Naturally, you cannot contact anybody at Google to suggest this. Another thing that might be nice is if Google (and other providers) provided a way to let security professionals send a "poison pill" image that could be tracked to identify where it went to identify networks used by scammers. (EG, I could generate a fake ID on Google with a watermarked image that Google could track).
Anyway, would be interested in any tools or ideas other people have come up for scam baiting, which seems the only tool we have to fight scammers.