cosive.com

Poisoning The Well - Should I? Good day, all. I am curious regarding your opinions on poisoning the "phishing" well. That is, what are your thoughts on flooding a phishing attempt with fake, though believable, information. For example, taking a Google Form phishing for login credentials and flooding it with thousands of credentials that won't work. Almost like what has been described in this article ([https://www.cosive.com/blog/canarycredentialsintro](https://www.cosive.com/blog/canarycredentialsintro)), but with less emphasis on making accounts that the phisher will want to use. That is, focusing less on creation of real accounts that signal a breach, and more focus on submitting so many fake account credentials that it becomes impossible for the phisher to distinguish between real and fake accounts. What are your thoughts on this? Would it work? Would this help obfuscate real credentials of real users? Or would this just be a waste of time for the person deploying the poison? Thanks in advance.