Jevans explained that approximately 20% of phishing attacks originate from a cousin domain name. So what recourse does a company have when they’ve found out someone’s using a similar domain name?
“This is a critical issue companies are faced with right now,” says Jevans. “If someone launches a phishing attack against you and an event has actually occurred, or if they’ve set up a website with your graphics and content and they’re poised to launch an attack, you need to contact the domain name registrar and attempt to get the name revoked. However, domain name registrars may not comply with your request. If an attack has occurred, you should also immediately contact your local high tech crime unit, or Electronic Crimes Task Force (ECTF). “
All major cities in the U.S. have FBI local offices and a connection to computer fraud divisions. The FBI will also contact the registrar, tending to have a better response rate. In this multi-level approach, companies should also locate the ISP hosting the site, (which can be found by looking up the domain registrar), and ask the ISP to take down the site.
When asked whether laws would be helpful in preventing ISPs and domain name registrars from enabling criminal activity, Jevans answers, “There are laws now, but the issue isn’t really the law, it’s the process of those laws. A website that uses all of your graphics and identity is in violation of the Millennium Copyright Act. Even before a criminal has launched a phishing attack they are in violation of the law. A company can file a lawsuit to have that site taken down, or they can file a complaint. However, that’s a 90 day process and that doesn’t really help you. That’s when you have to start working the domain name registrar who may or may not comply. A lot of times, a registrar will want you to provide a court order before they’ll take the site down. So the law is there but it’s the process of enforcement that is at issue.”
“The APWG is working on technical standards for reporting suspicious sites and doing a take-down on them, but that’s going to be while in coming to fruition. It’s not just coming up with a standard of how to report these things. It’s also going to involve who can report what and how can we verify the information, and how can we prevent a malicious take-down of valid sites. Frankly, developing standards is going to take years,” notes Jevans.
It’s a wild-west email world at the moment. It’s spammers and spoofers, phishermen and organized crime against the brave, good citizens. Rogue ISP’s operating in far-flung corners of the earth are offering ‘bullet-proof sites’ that will remain online, “no matter what”. With a lack of cooperation from the worst offender nations, it’s a lawless frontier requiring the vigilante justice of town folk with pitchforks.
Jevans characterizes vulnerable companies as financial institutions and ISPs, eCommerce companies, and anyone doing business on the Internet. He recommends putting together a call list of organizations that need to be contacted when a phishing attack occurs. The list should contain contacts at the ECTF, FBI, and for financial institutions, it should also contain the Secret Service. It is recommended that companies make contact with these agencies as soon as possible to develop relationships so that when something occurs, they’ll know who you are and how to immediately address the issue.