[newman8r]

Basically, we host a collection of honeypot websites, which resemble login pages for a normal website. Our users create 'bait credentials' (username/password) for these honeypot websites.

The users then hide these bait credentials in places that should be private (in this case, a letter or package to be mailed). If an eavesdropper intercepts the package, they'll also find the bait credentials (perhaps written on a post-it note). If they try to use the stolen bait credentials at the honeypot website, our users then get an alert, and the intrusion is logged.

The normal use case is to place bait credentials on your devices or servers, but in this case they would be used in a physical location (i.e. a letter in the mail).

Take a look at https://www.tamarin.us if you want - I'd appreciate any feedback, I'm still trying to validate the concept.