The benefits of a fake email address

Published 3:00 am Friday, August 24, 2018

As a security practitioner, I am particularly fond of something called obfuscation.  In the cyber-security world, obfuscation is used to muddy the landscape, to confuse the would-be bad guys.

Years ago, when I experienced my first identity theft via an MCI World Calling Card in an international airport, I quickly learned one important lesson: bad guys can be creative. I received a calling card bill for almost $15,000 the following month.  MCI corrected the issue and later informed me that the airport unwillingly played host to a theft ring. The operation used binoculars to peek over the shoulders of people at payphones. They took note of the calling card number and watched the PIN as it was entered on the payphone keypad.

Now, if you don’t know what a calling card is – or a payphone – don’t despair: there’s a lesson for you anyways.

Sign up for our daily email newsletter

Get the latest news sent to your inbox

What did I learn?

Presenting bad information to the evildoers is disruptive and a bit entertaining. Enter obfuscation. I began to carry a real calling card and a fake one. I pretended to use the fake card, but moved closer to the phone and switched cards during my travels. My account was never compromised again.

Social media, chatrooms, discussion threads, and news sites have many, diverse purposes.  Sometimes, the intended purposes become twisted and contorted; trolls foster fighting among civil participants, lies are spread, etc.  But very often, over-sharing on the sites presents a virtual smorgasbord to the purported hackers.

So what happens when you “share” something that isn’t correct?

Well, that too, is ingested and reviewed.

Many who want anonymity on the web try to avoid using it.  Nowadays, that’s practically impossible.  Another method has become somewhat popular: creating fake or alternative information and placing it in public areas on the web. The practice confuses software and those who “Google” people – the sheer volume of information is challenging to review, when conflicting data is presented, a conundrum exists: what is correct?

Is this practice a positive thing?  Well, in an extreme form, probably not.  However, if you’re looking for a clever way to handle spam messages, similar to those annoying robocalls, I don’t see any harm.  In fact, there’s a very sensible and easy way to fight back.

Despite our best efforts to avoid spam, the messages seem to continue.  Many are fooled, perhaps embarrassed when they fall victim.  Sadly, all manner of harm can come as a result of participating in a spam attack.  You should rely on more than filters – even though the spam filtering technology has improved dramatically, things will get through.

The intriguing subject lines, impressive graphics entice us to click, to participate in a coupon, or, a chance to win a cash prize.

If you encounter the need to provide an email address but don’t trust the site, don’t want to deal with the piles of junk mail, or if you simply want to reach the intended service, I suggest two things.

One, be careful and very selective with your primary email account. Only use it with highly-regarded companies and trusted friends; don’t post your primary email address everywhere.

Second, create a fake email account. Use the fake account to negotiate those required email hurdles or to reduce spam and junk in your primary inbox.  Visit https://maildrop.cc and create an account.

Read the service description, the suggested ways to employ the fake email account before jumping onboard with obfuscation.

The Maildrop service has been around for many years.  It works as described.

Continue to be mindful, disregard promises that are too good to be true, and, avoid email from unknown sources.

William Greg Price is the Chief Technology and Security officer for Troy University and the Director of the Alabama Computer Forensics Institute. He currently represents District 2 on the Pike County Board of Education.