APWG: Resources

Report Phishing



--	Home
--	Report Phishing
--	APWG Events
--	Resources
--	Membership
--	APWG Member Site
--	APWG eCrime Newswire
--	Crimeware Map
--	Phishing Archive
--	Contact Us
--	JOIN THE APWG

	APWG Premium Members: click here for a full listing

Consumer Advice/Education
Technical Whitepapers and Briefings from APWG Sponsors
APWG Phishing Trends Report
APWG Whitepapers and Reports
Educating Your Customers on ID Theft, Phishing and eCrime
Notable Articles and Government Briefings
Anti-Fraud Organizations and Links
Corporate Anti-Fraud Policies
Where Does the Word 'Phishing' Come From?

Technical Whitepapers and Briefings from APWG Sponsors

	Click Here for TrendMicros's paper on "Botnet Threats and Solutions: Phishing".
	Click here to view the GeoTrust white paper, "Vulnerability of First-Generation Digital Certificates and Potential for Phishing Attacks and Consumer Fraud". In this white paper, the author describes how traditional, paper-based manual vetting process, or organizational assurance vetting, still employed by some certificate authorities can be spoofed.
	Click here to download a copy of McAfee's white paper "Anti-Phishing: Best Practices for Institutions and Consumers" in which the authors delineate phishing's many attack surfaces and assess different approaches and solutions to remediate them.
	How Collaborative Filtering Can Stop Future Forms of Messaging Abuse Zero-Hour, Real-Time Computer Virus Defense Through Collaborative Filtering Why Conventional Anti-Virus Techniques Won't Stop New Threats The Economy Of Phishing: A Survey of the Operations of the Phishing Market A Reputation-Based Approach for Efficient Filtration of Spam Cloudmark's Unique Approach To Phishing
	Click here for RSA Security's white paper, “Phishing Special Report: What to Expect for 2007.” This paper examines several trends in online fraud and more interestingly, provides an overview of the emerging threats that we have recently encountered, as well as the threats we project to see in the coming year. Click here to download RSA’s 4th Annual Consumer Online Fraud Survey
	Click here for the white paper TriCipher Consumer Online Banking Study that discuses how banks could increase profitability by offereing identity protection software. Click here for the white paper The Perfect Storm: Man in the Middle Phishing Kits, Weak Authentication and Organized Online Criminals
	Link out here to register for a copy of Entrust's white paper "Countering On-Line Identity Theft: New Tools to help Battle Identity Theft on the Internet."
	Link out to VASCO's Phising website, with information and documents and a range of authentication solutions including EMV smart cards.
	Click here to view the Symantec white paper, "Mitigating Online Fraud: Customer Confidence, Brand Protection, and Loss Minimization."
	Click here to read "Sender-Based Authentication" in which Message Level describes the benefits of Sender-Based Email Authentication. Learn how Message Level's approach makes the email channel not only secure, but creates the audit trails needed to ensure that security from present and future threats while at the same time furthering corporate regulatory compliance and enabling corporations to follow through on their paperless initiatives, saving tens of billions annually in postage costs alone.

APWG Whitepapers and Other Reports

The Relationship of Phishing and Tasting
The Domain Name System Policy Working Group performed a study on the use of domain tasting by phishers. The study shows that while it does not appear that domain tasting is utilized by phishers, the increase in infrastructure anti-phishing companies must have to monitor for new phishing domain registrations has negatively impacted the anti-phishing community.

Memorandum on Domain Take-Downs and WhoIs Data
The APWG, as an observer to the ICANN Whois Privacy WG, prepared a memorandum on how anti-phishing fighters use the DNS Whois data to disable phishing sites. ICANN is contemplating removing most of the address data from the gTLD (.com, .net, .org) DNS Whois servers and the APWG is concerned about retaining access to this data to support our phish fight.

Best Practices for ISPs and Mail Box Providers
Joint working document release from APWG and MAAWG. Consolidates a selection of "Best Practices" for companies providing ISP or Mail Box services.

Online Identity Theft: Technology, Chokepoints and Countermeasures
DHS Counter-Phishing Strategies Whitepaper from the members of the Identity Theft Technology Council .

DOJ & PSEPC Joint Report on Phishing
The US Justice Department and the Ministry on Public Safety and Emergency Preparedness Canada jointly produced report on phishing.

Crimeware Landscape Report
The APWG in coordination with the US Department of Homeland Security produced this Crimeware Landscape Report. This document tries to help executives grasp just what crimeware is, how it works, and how prevalent it is.

Proposed Solutions to Address the Threat of Email Spoofing Scams
Anti-Phishing Working Group - Released Dec 12, 2003

National and State Trends in Fraud & Identity Theft, January - December 2003
Federal Trade Commission - Released Jan 22, 2004

Consumer Advice

How to Avoid Phishing Scams

What To Do If You've Given Out Your Personal Financial Information

Bank Safe Online from our research partners APACS in the UK

Federal Trade Commission "Avoid ID Theft: Deter, Detect, Defend", a campaign to advise consumers on techniques to neutralize identity theft.

Our research partners at Carnegie Mellon's CyLab have developed this cute online game to help consumers recognize phishing emails. Play AntiPhishing Phil and see how knowledgeable you are.

Another effort to educate users is SecurityCartoon.com. SecurityCartoon.com, produced by our partners at the Stop-Phishing group, describes common threats and what to do to avoid them. This is done in a language that is accessible to typical Internet users.

Educating Your Customers on ID Theft, Phishing and eCrime

These "Hot To Guides" are colaborative efforts between APWG and our partner the Federal Trade Commission. We want to extend our thanks to the FTC for supporting this project.

Fighting Back Against Identity Theft: The easy to reproduce brochure outlines essential steps to deter, detect and defend against identity theft. The brochure is available online in print ready, PDF format.

Talking About Identity Theft: A How-To Guide: A comprehensive guide with educational strategies and materials for professionals, associations and community groups to effectively communicate and educate about identity theft. Available online in print ready, PDF format.

Notable Articles and Briefings

The following citations are are for trade and academic journal articles and government briefings on phishing.

March 2006 - National Consumer League
A Call for Action: Report from the National Consumer League Anti-Phishing Retreat

November 2005 - DHS Report
DHS Counter-Phishing Strategies Whitepaper: Online Identity Theft: Technology, Chokepoints and Countermeasures

December 2004 - FDIC Report
Putting an End to Account-Hijacking Identity Theft by the FDIC

February 2005 - APWG Response to the FDIC
APWG FDIC Response

January 2005 - Tod Beardsley Whitepaper
Evolution of Phishing Attacks

Anti-Fraud Organizations

The following organizations are involved in identifying, tracking, or stopping phishing attacks:

The Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG)is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. The organization provides a forum to discuss phishing issues, define the scope of the phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem.

FBI - Internet Fraud Complaint Center
The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IFCC's mission is to address fraud committed over the Internet.

The Coalition on Online Identity Theft
Information Technology Association of America (ITAA)
Some of the biggest names in e-commerce, including Amazon.com, eBay and Microsoft, have formed a coalition to curb online identity theft.

SCAMwatch
SCAMwatch is a website run by the Australian Competition & Consumer Commission (ACCC). The aim of SCAMwatch is to provide information to consumers and small business about how to recognise, avoid and report scams. Scams that are reported to SCAMwatch will be analysed by the ACCC.

The United States Federal Trade Commission
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them.

Secure Florida's mission is to protect the citizens and economy of Florida by safeguarding information systems, reducing vulnerability to cyber attacks, and increasing responsiveness to any threat.

The Privacy Rights Clearinghouse
The Privacy Rights Clearinghouse is a nonprofit consumer education, research, and advocacy program. Our publications empower you to take action to control your personal information by providing practical tips on privacy protection.

Nigeria - The 419 Coalition Website
We Fight the Nigerian Scam with Education. Its a US$5 Billion (as of 1996, much more now) worldwide Scam which has run since the early 1980's under Successive Governments of Nigeria. It is also referred to as "Advance Fee Fraud", "419 Fraud" (Four-One-Nine) after the relevant section of the Criminal Code of Nigeria.

Corporate Anti-Fraud Policies

Below is a sample of companies or other organizations that have published policies relating to email fraud and phishing attacks:

Where Does the Word 'Phishing' Come From?

The Word Spy
Where did the word "phishing" come from?

Origins of the Word "Phishing"
True history of where the phrase came from.