Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Killing Phish

You cant prevent phishing attacks, and consumer education will only get you so far. Good thing theres another option: an effective take-down strategy.

By

February 14, 2005CSO — If youre counting on education and awareness to protect your customers against phishing scams, youre wasting your time. Phishing artists have already moved on to increasingly sophisticated schemes for which customer education wont do squat. Theyre using worms, spyware and domain name hijacking to redirect users from legitimate sites to bogus ones without the users knowledge.

Its a desperate situation that calls for desperate measures: a take-down strategy that reduces the window of exposure by getting a bogus site shut down as quickly as possible. Any company thats a target for phishing scamsbasically, any company that gathers financial information onlineshould have one.

Reactionary? Sure. But these are the times in which we live.

And so, in a sort of Valentine to you, dear reader, this week instead of my normal grousing, I offer up a straightforward three-point plan on how to kill phish. The advice comes compliments of Dave Jevans, the ever-present chairman of the Anti-Phishing Working Group.

If you do nothing, Jevans warns, any given phishing site is likely to stay up for one to three weeks, harvesting customer details and causing your help desk and fraud department endless agony. But if you react quickly, you just might be able to get the site shut down in days or (if youre really lucky) even hours. Heres how.

Step 1. Know when a phishing attack has occurred. This is the easy part. As soon as a phishing e-mail goes out, youll probably start getting deluged with bounce-back e-mails and calls from wary customers. Gather all the details about the attack that you can. Most important: Whats the IP address of the offending website, and whos hosting it?

Step 2. Call the ISP. Contact the ISP by phone or e-mail, explain the situation and ask that the site be shut down. If you have good relationship with the ISP, you can get the site down in a matter of hours, Jevans says. Sometimes. Other times you wont be so lucky. Seventy percent of phishing sites are hosted outside of the United States, so you may need a translator. You also may need to do some delicate negotiations to convince the ISP to throw the switch on a paying customer. If the representative hems and haws and says that policing the Internet is not his job, Jevans says, Rattle a few sabers and threaten to call law enforcement. If that doesnt work, go to step three.

RESOURCE CENTER