CNET reports that Cyoto is pumping bogus accounts and passwords to phishers, a technique they are calling dilution. The funny thing is that I proposed the same technique at the a APWG (Anti-Phishing Working Group) meeting almost two years ago which I called spoofback.

At the time, technology providers seem to like the idea but bankers seemed daunted by legal ramifications. Well, I am glad someone took the idea and ran with it although it took them two years to do so.

Anyway, the natural extension of the idea is to use the bogus information to catch phishers by trailing flow of bogus money, phishback of sort. IMHO, international regulations should require all financial services should support fake transactions, equivalent of marked greenbacks, to catch them them all.