Fraud Intelligence Newsletter
October 2008
Table of Contents
APWG publishes “best practices” advisory for domain registrars
ICANN sends Notice of Termination to Domain Registrar Est Domains
FBI Went Undercover in Crime Forum DarkMarket
Cybercrime appears recession-proof
APWG releases educational landing page
Upcoming Event Schedule
November 2 - 7, ICANN Meeting, Cairo, Egypt. Rod Rasmussen will again be attending as the Industry Liaison for the APWG.
APWG publishes “best practices” advisory for domain registrars
The Anti-Phishing Working Group (APWG) has published a “best practices” advisory for registrars to help them implement mechanisms to make it more difficult to register and use domains for illicit uses such as phishing. The advisory distills the counter-ecrime techniques of APWG membership, forged from their experiences, as well as keystone policies of registrars who have already implemented them as safety measures to protect against the registration and use of domain names for phishing. The APWG worked closely with several registrars through ICANN’s Registrar Constituency to ensure that the best practices were practical and applicable.
“It has been great to see registrars take phishing prevention seriously,” said Rod Rasmussen, co-chair of the APWG’s Internet Policy Committee and President of Internet Identity. “Since phishing campaigns often start with a domain registration, the domain name registrars are in the perfect position to make phishing more difficult.”
The Anti-Phishing Best Practices Recommendations for Registrars document focuses on three principal areas in which house policy at registrars can help neutralize abusive domain registrations. Those include:
* Proactive fraud screening: low user-burden processes that registrars can adopt to limit phishers’ ability to complete fraudulent domain registrations on a large scale
* Phishing domain takedown: best practices registrars can use to process the takedown requests in the most optimized fashion and suspend fraudulent domain registrations used in a phishing campaign
* Evidence Preservation for Investigative Purposes: Data retention practices to save key evidence that can be later used by law enforcement to identify and prosecute the phishers.
The report is available in PDF format at: http://www.antiphishing.org/reports/APWG_RegistrarBestPractices.pdf
ICANN sends Notice of Termination to Domain Registrar Est Domains
ICANN, which has regulatory responsibility for the generic domain space, sent an official Notice of Termination of the ICANN Registrar Accreditation Agreement to registrar Est Domains on October 28. It is widely alleged that Est Domains knowingly harbors and supports domain registrations for criminal enterprises, including spam and phishing gangs, as its main source of revenue. ICANN moved to terminate Est Domains’ agreement when ICANN was made aware that Vladimir Tsastsin, the president of Est Domains, had been convicted in Estonia earlier this year for credit card fraud, money laundering and document forgery. It is a violation of the ICANN registrar contract for an officer of the registrar to have a felony conviction.
FBI Went Undercover in Crime Forum DarkMarket
The computer crime supersite DarkMarket.ws, that was shut down on September 16, had been infiltrated by the FBI as part of a two-year undercover operation, the FBI announced on October 16. The site had been operating for the past three years as on online marketplace where stolen identities, stolen credit cards, and the tools of the trade were bought and sold. At its peak, DarkMarket had over 2,500 registered members. The FBI operation has to date resulted in 56 arrests worldwide, with more investigations still ongoing.
The operation owes much of its success to cooperation among international law enforcement agencies. The FBI conducted this operation with the assistance of multiple domestic and international law enforcement partners, including the Computer Crime and Intellectual Property Section of the U.S. Department of Justice, United Kingdom’s Serious Organised Crime Agency, Turkish National Police – KOM Department, Bundeskriminalamt (German Federal Criminal Police in Wiesbaden), and the Landeskriminalamt Baden – Wuerrtemberg (State Police of Baden Wuerrtemberg).
Cybercrime appears recession-proof
Online crime, especially phishing and malware-based fraud, continues to occur in high volume despite the recent economic turmoil. In recent weeks, both the FBI and FTC have issued warnings about cybercriminals taking advantage of the uncertainty in the economy. “One thing we've seen is financially based cybercrime is recession-proof," says Darren Mott, supervisory special agent for the FBI's Cyber Division. "With [this] changing economy, the only thing that changes is the way they go about obtaining their information."
Internet Identity has seen no let up in website phishing attacks, while malware attacks and phone phishing attacks continue their upward trends. While some of the e-mail lures have been updated to reflect current events in the financial services industry, the vast majority of phishing sites continue to have content identical to those sites used earlier this year.
The FBI reports that it is seeing more spear phishing aimed at businesses that were hit hard by the economic downturn. "There has been an increase in attacks on specific individuals, such as CEOs and CFOs, because a lot of businesses are going under...that gives them more directed targets," the FBI's Mott says.
APWG releases educational landing page
The Anti-Phishing Working Group, working with Carnegie Mellon University’s CyLab, has developed a web page designed to educate potential phishing victims about phishing. The page is intended to appear on phishing URLs that have been disabled, so that any potential victims that visit the page can received the educational message. The page also presents a custom format for mobile browsers, is being translated into several languages and will allow ISPs and victim brands to co-brand the page with their own warning messages. A sample of the warning page may be viewed at http://education.apwg.org/r/en/index.html. Internet Identity is working with customers and ISPs to use the page when phishing sites are taken down.
If you want to learn more about protecting your organization from phone phishing, phishing, spear phishing, targeted malware and other attacks against your customers, please contact Internet Identity.
|