“The APWG is working on technical standards for reporting suspicious sites and doing a take-down on them, but that’s going to be while in coming to fruition. It’s not just coming up with a standard of how to report these things. It’s also going to involve who can report what and how can we verify the information, and how can we prevent a malicious take-down of valid sites. Frankly, developing standards is going to take years,” notes Jevans.
It’s a wild-west email world at the moment. It’s spammers and spoofers, phishermen and organized crime against the brave, good citizens. Rogue ISP’s operating in far-flung corners of the earth are offering ‘bullet-proof sites’ that will remain online, “no matter what”. With a lack of cooperation from the worst offender nations, it’s a lawless frontier requiring the vigilante justice of town folk with pitchforks.
Jevans characterizes vulnerable companies as financial institutions and ISPs, eCommerce companies, and anyone doing business on the Internet. He recommends putting together a call list of organizations that need to be contacted when a phishing attack occurs. The list should contain contacts at the ECTF, FBI, and for financial institutions, it should also contain the Secret Service. It is recommended that companies make contact with these agencies as soon as possible to develop relationships so that when something occurs, they’ll know who you are and how to immediately address the issue.
It is also recommended that companies take a good look at their email infrastructure. Is it reliable? Does it have filtering capabilities? The APWG is seeing companies get overwhelmed with sudden bounced messages when a phishing attack occurs. It’s similar to an email denial of service attack. If a phisher launches an attack on millions of users and over one million of those addresses bounce back as invalid, overwhelming mail servers and taking them out of service, a company needs to enact filters to keep the attack from taking the server off line.
A sudden influx of bounced messages that a company did not initiate should indicate that a phishing attack is taking place somewhere in their name.
“A company needs to be able to monitor email bounce-backs. This is where a company can practice vigilance. You need to have a response plan and know what to do when this occurs. If you’re an online bank, are you going to turn off online banking for a couple of hours? Are you going to look in your web logs and track account access? Will you notice that suddenly all of your customers seem to have moved to Russia?” Asks Jevans.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.