ďThe APWG is working on technical standards for reporting suspicious sites and doing a take-down on them, but thatís going to be while in coming to fruition. Itís not just coming up with a standard of how to report these things. Itís also going to involve who can report what and how can we verify the information, and how can we prevent a malicious take-down of valid sites. Frankly, developing standards is going to take years,Ē notes Jevans.
Itís a wild-west email world at the moment. Itís spammers and spoofers, phishermen and organized crime against the brave, good citizens. Rogue ISPís operating in far-flung corners of the earth are offering Ďbullet-proof sitesí that will remain online, ďno matter whatĒ. With a lack of cooperation from the worst offender nations, itís a lawless frontier requiring the vigilante justice of town folk with pitchforks.
Jevans characterizes vulnerable companies as financial institutions and ISPs, eCommerce companies, and anyone doing business on the Internet. He recommends putting together a call list of organizations that need to be contacted when a phishing attack occurs. The list should contain contacts at the ECTF, FBI, and for financial institutions, it should also contain the Secret Service. It is recommended that companies make contact with these agencies as soon as possible to develop relationships so that when something occurs, theyíll know who you are and how to immediately address the issue.
It is also recommended that companies take a good look at their email infrastructure. Is it reliable? Does it have filtering capabilities? The APWG is seeing companies get overwhelmed with sudden bounced messages when a phishing attack occurs. Itís similar to an email denial of service attack. If a phisher launches an attack on millions of users and over one million of those addresses bounce back as invalid, overwhelming mail servers and taking them out of service, a company needs to enact filters to keep the attack from taking the server off line.
A sudden influx of bounced messages that a company did not initiate should indicate that a phishing attack is taking place somewhere in their name.
ďA company needs to be able to monitor email bounce-backs. This is where a company can practice vigilance. You need to have a response plan and know what to do when this occurs. If youíre an online bank, are you going to turn off online banking for a couple of hours? Are you going to look in your web logs and track account access? Will you notice that suddenly all of your customers seem to have moved to Russia?Ē Asks Jevans.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.