to preface this: I’m a scambaiter who deals with massive amounts of spam, Just thought I’d ask the cyber sec community for some better ideas/suggestions to finish a document I’m writing, I’m going corporate soon so I’ll be making more tools public so there’s less attacks.
If you haven’t noticed the FCC Plans to force all US-Telecom companies to block SMS based attacks [Source](https://www.engadget.com/fcc-spam-text-rulemaking-proposal-203352874.html) given this **ONLY** blocks SMS. New York on the other hand will impose fines for the state of New York only. However, this means that all telecom stations in the state of New York are required to follow the law given NYC is the biggest US city I’d think they’d follow through with the law or be fined per case.
My issue with the FCC’s decision is it only applies to “SMS Phishing attacks” (Smishing), Given the amount of data we have. There’s no reason why we don’t have other tools or services to fix the problem.
I mean if some of the email service providers got around they’d be able to black list potential phishing/spam attacks without an issue, I mean “Free Viagra” is a little annoying by now especially when it’s in 40+ different fonts and font sizes just to be sent to my spam box. How about not sending me it in the first place?
There’s no reason why AI hasn’t been deployed rather it’s on client side or server side to protect users from being hit with phishing attacks. I Described a potential solution, Have companies go to google, Microsoft or some “Trusted” processing company to verify their company to protect people from being phished with fake domains.
If PayPal went to say a company in control of processing “Trusted” companies emails all fake PayPal emails wouldn’t be much of a thing due to Machine learning looking at the content (Rather it runs on the server before it hits the inbox or after it does) to check for potential fraudulent practices.
Let me put this into perspective: if Emails checked senders name, SMTP of the sender, Location of the sender, Email addressed used and content of the email and it matched up to be a “Legit” email from paypal then it would forward the message. If the email say originated from Nigeria, and came from a weird domain and said you needed to reset your password with this link and the link wasn’t on a “Trusted Whitelist” then the email would be rejected and the sender’s information would be monitored for potential abuse up to 30 days after the attempted attack.
This follows apple’s Anti-CSAM Idea, This simply checks hashes of CSAM Mutli-Media files that’s from a 3rd party DB. If it matches Apple locks your phone and contacts the police. However I’d just contact the police, so you’d be able to surprise them…. but that’s just me.
Given that I stated a really simple way to deal with potential spam/phishing attempts what else would you suggest the FCC/FTC Should do to prevent future attacks on the United States if not the world?
Let me know and please give me some constructive criticism if needed