“I think a very important step that many companies don’t take, is to educate your customers through warnings posted on your corporate website; detailing the things that you will never ask of your customers, updating them on scams, things of that nature. Companies that don’t take this very basic step are essentially ignoring the problem. “

“Another critical step companies can take is to monitor the registration of what we call ‘cousin domain names’ which are essentially similar to your company’s domain name. A rather famous cousin domain name that appeared recently was visa-security.com. That email was used to launch a phishing attack spoofing Visa and asking people to update their credit card information. Another recent example would be paypalr.com, which was used to obtain Paypal information,” Jevans explains.

An easy to implement, cost-effective approach to anti-phishing would be the monitoring of domain name registration. Companies should subscribe to a domain name service, such as Internet Identity, or Name Protect, that conduct audits of existing domain names. These services also provide lists of common names used in phishing, and often recommend that you purchase available related domain names. Additionally, they compile lists of domain names that other people own, names a company should be watching closely and regularly for suspect activity, i.e., ‘AOL-billing.com’.


Jevans explained that approximately 20% of phishing attacks originate from a cousin domain name. So what recourse does a company have when they’ve found out someone’s using a similar domain name?

“This is a critical issue companies are faced with right now,” says Jevans. “If someone launches a phishing attack against you and an event has actually occurred, or if they’ve set up a website with your graphics and content and they’re poised to launch an attack, you need to contact the domain name registrar and attempt to get the name revoked. However, domain name registrars may not comply with your request. If an attack has occurred, you should also immediately contact your local high tech crime unit, or Electronic Crimes Task Force (ECTF). “

All major cities in the U.S. have FBI local offices and a connection to computer fraud divisions. The FBI will also contact the registrar, tending to have a better response rate. In this multi-level approach, companies should also locate the ISP hosting the site, (which can be found by looking up the domain registrar), and ask the ISP to take down the site.