If I wanted to phish for personal information that I could use for other attacks, I would set up a public service where people could send all their apparent scams and then go looking for all the personal data that is leaking through.
I could even make it seem legit by using the collected data to block any of my competitors, and only “accidentally” allowing through the attacks that I make or that are made by my real customers.
Thank you for leaving a comment, appreciate it! I'm trying to understand what you're saying.
It seems like you are suggesting our database (public service) could be used for our own benefits? By "our own benefits", you are suggesting https://antiphish.ai can take advantage from the screenshots users uploaded, because now we know what scams are running hot in the market, and then we can cross check what works and what does not work.
And because this is a Chrome extension, we can now use the insight we've collected to block other scam attacks and only deliver the scam attacks that AntiPhish.AI makes or AntiPhish.AI's customers make. By customers, you mean other scammers that has a professional relationship with AntiPhish.AI, with the purpose of delivering effective scams using AntiPhish.AI's insight.
I really like your way of thinking, I'm pretty sure you won't fall for scams easily, because you surely do have a sharp mind and good at connecting the dots.
The truth about AntiPhish.AI is, we've been working in the security industry for many years, and always wondered how it feels like to have a company of our own. Especially tech company, and because helping others to spot scams seems like a valuable and profitable business, that's why we chose to pursue this path.
While we can write good softwares, but we're not so good at marketing. This is why we created this tool, this post, after learning the fact that one of the things we can do for marketing a business is creating free tools.
That's how this idea comes alive, no crazy 3d chess agendas, just plain, SEO marketing effort, with a hope to provide some values for people that could fall victims to scams.
I hope this clears up the intention of why we created this tool. Cheers and have a great day!
For me, the most important thing is to think about what data you’re sharing with third parties, and how that data might be abused.
Or maybe that third party doesn’t abuse it themselves, but they’re vulnerable to someone else stealing it, and landing you back into HaveIBeenPwned yet once again (I think I’m up to 17 times on HIBP so far).
I think about this any time I use a service like DeleteMe, or Optery, or 1Password, or any other third party service where I might be sharing potentially sensitive information. And I very carefully select the third party services that I use which might have sensitive data shared with them.
Then I like to try to ensure that I minimize what data that I share with these third parties, especially data that is shared automatically — like a log of every single URL that I visit.
I’m a lot more willing to use tools that work 100% locally and don’t share any data with any remote service, even if those tools do not provide all the same levels of service that can be provided by the remote service. For example, I would never voluntarily enable something like Microsoft Recall, but I might be willing to use a local-only program that recorded periodic snapshots of every URL that I visit and make that information locally searchable, so that I can roll the clock back and see what I may have been doing at some time in the past.
The problem here is not that the data is collected, or that it is collected locally, but how that data might be able to be abused by others once it is shared with a third party.
I could even make it seem legit by using the collected data to block any of my competitors, and only “accidentally” allowing through the attacks that I make or that are made by my real customers.