A variety of computer security mechanisms exist for deploying false computing resources that mimic legitimate “user-owned” computing resources in order to attract malicious computing activities. For example, in addition to a set of legitimate user-owned email accounts that are used in performing core business activities, an organization may also deploy a set of false email accounts that generally appear to be legitimate, but which are void of sensitive business information. The organization may then “seed” various resources with credentials for logging into these false email accounts to entice malicious entities (e.g., hackers, phishing campaigners, industrial spies, etc.) to spend time and resources perusing through the false email accounts. In this way, the malicious entities may be deceived into divulging certain types of information that is useful in identifying and preventing future attacks on the organization's legitimate computing resources. Moreover, any amount of time that a malicious entity is deceived into spending logged into the false computing resources is essentially wasted time that the malicious entity was unable to spend attacking legitimate computing resources.
Modern false computing resources are unfortunately easy to detect by malicious entities. For example, a modern false email account or file-hosting account will contain only a static set of documents (e.g., emails, hosted files, etc.). Moreover, a modern false email account does not respond to messages or otherwise interact with malicious entities. Upon identifying a specific computing resource is being a false computing resource, malicious entities immediately log off and do not return. If a malicious entity quickly recognizes the false nature of a computing resource, an organization may expend significantly more resources setting up the false computing resources than is consumed from the malicious entity.
It is with respect to these and other considerations that the disclosure made herein is presented.