APWG Whitepapers and Other Reports

Global Phishing Survey
Global Phishing Survey: Domain Name Use and Trends in 2H2014
APWG released its latest Domain Name Use and Trends report on May 27, 2015.  Some Key Findings in this report:
  • New companies are constantly being targeted by phishers. Some phishers are attacking targets where consumers may least expect it.
  • The ten companies that are targeted most often by phishers are attacked constantly, sometimes more than 1,000 times per month
  • The number of domain names used for phishing reached an all-time high.
  • Phishing in the new top-level domains started slowly, and we expect to see phishing levels in them rise as time goes on.
  • Phishing attacks were not mitigated as quickly as in the past. The median uptime of phishing attacks increased.

Previous Reports:
Global Phishing Survey: Domain Name Use and Trends in 1H2014
Global Phishing Survey: Domain Name Use and Trends in 2H2013
Global Phishing Survey: Domain Name Use and Trends in 1H2013
Global Phishing Survey: Domain Name Use and Trends in 2H2012
Global Phishing Survey: Domain Name Use and Trends in 1H2012
Global Phishing Survey: Domain Name Use and Trends in 2H2011
Global Phishing Survey: Domain Name Use and Trends in 1H2011
Global Phishing Survey: Domain Name Use and Trends in 2H2010
Global Phishing Survey: Domain Name Use and Trends in 1H2010
Global Phishing Survey: Domain Name Use and Trends in 2H2009
Global Phishing Survey: Domain Name Use and Trends in 1H2009
Global Phishing Survey: Domain Name Use and Trends in 2H2008
Global Phishing Survey: Domain Name Use and Trends in 1H2008
Previous Phishing Survey Release: Trends in 2007

Mobile Financial Fraud Reports
Mobile Financial Fraud - April 2013
Mobile devices increasingly present anattractive, practical and economical alternatives to traditional PCs. In the next few years global mobile payments are predicted to exceed $1.3tn. This paper provides a rhetorical approach towards mobile crime ware and the intrusion supply chainʹs structure as it examines subjects in depth from a practitioner’s perspective.

Web Vulnerabilities
APWG Web Vulnerabilities Survey
This briefing memorandum discusses the initial analysis of a wide-ranging survey of enterprises whose websites had been hacked. It's organizing motive is to understand the web site operating environments that are abused by cybercrime gangs, the nature of the attacks, and actions the victim took in response to obtain a clearer understanding of attacker methodologies and target preferences.

Other Reports

Routinized Desktop Intervention and Remediation

  • This document looks at model programs for mass-scale cleansing of co-opted computing devices. It looks at four organizations that stepped forward to provide working models that can be readily emulated by enterprises interested in providing structured interventions for neutralizing botnets.

What to do if your Web site has been Hacked

  • This document is a reference guide for any web site owner or operator who suspects, discovers, or receives notification that it's web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containments, recovery, restoration and follow-up when an attack is suspected or confirmed.


Anti-Phishing Best Practices Recommendations for Registrars

Measures to Protect Domain Registration Services Against Exploitation or Misuse

  • In this report, ICANN's SSAC calls attention to certain high profile incidents involving attacks against domain name registration. The report examines the incidents in sufficient detail to identify how accounts were compromised, the actions attackers performed once they had gained control of the account, and the consequences. The report identifies practices registrars can share with customers so registrar and customer can jointly protect domain registrations against exploitation or misuse, and discusses methods of raising security awareness among registrants of the risks relating to even a temporary loss of control over domain names and associated DNS configurations. This report seeks to encourage additional registrars and resellers to consider whether opportunities exist to provide stronger levels of protection from attacks against domain registration accounts. In particular, the report seeks to encourage registrars to consider emphasize registration security measures as a way to differentiate their service in a highly competitive market.

A Registrant's Guide to Protecting Domain Name Registration Accounts

  • This report attempts to catalog measures that registrants should consider to protect their domain name registration accounts and the domain names managed through these accounts. The report describes the threat landscape for domain names, and identifies a set of measures for organizations to consider. The report also considers risk management in the context of domain names so that an organization can assess its own risk and choose appropriate measures. The report explains that an organization can implement these measures using its own staff (³in house²), contracted third parties, or a registrar or registry. It discusses the merits of implementing certain measures versus outsourcing these to contracted third parties or registrars and identifies circumstances where redundant measures are worth consideration. Lastly, the report provides lists of questions organizations should ask registrars and registries concerning their registration processes and protection mechanisms. The list can be used to obtain valuable and important information about registrar processes so that organizations can make informed decisions when choosing a registrar(s).  

Making Waves in the Phisher’ Safest Harbors: Exposing the Dark Side of Subdomain Registries

  • This advisory discusses how phishers now use what we call subdomain registries to provide safe harbors for malicious and criminal activities. The advisory also discusses measures individuals and organizations can consider if they opt to make these harbors less attractive and effective to phishers.

The Relationship of Phishing and Tasting

  • The Domain Name System Policy Working Group performed a study on the use of domain tasting by phishers. The study shows that while it does not appear that domain tasting is utilized by phishers, the increase in infrastructure anti-phishing companies must have to monitor for new phishing domain registrations has negatively impacted the anti-phishing community.

Memorandum on Domain Take-Downs and WhoIs Data

  • The APWG, as an observer to the ICANN Whois Privacy WG, prepared a memorandum on how anti-phishing fighters use the DNS Whois data to disable phishing sites. ICANN is contemplating removing most of the address data from the gTLD (.com, .net, .org) DNS Whois servers and the APWG is concerned about retaining access to this data to support our phish fight.

Best Practices for ISPs and Mail Box Providers

  • Joint working document release from APWG and MAAWG. Consolidates a selection of "Best Practices" for companies providing ISP or Mail Box services.

Online Identity Theft: Technology, Chokepoints and Countermeasures

  • DHS Counter-Phishing Strategies Whitepaper from the members of the Identity Theft Technology Council .

DOJ & PSEPC Joint Report on Phishing

  • The US Justice Department and the Ministry on Public Safety and Emergency Preparedness Canada jointly produced report on phishing.

Crimeware Landscape Report

  • The APWG in coordination with the US Department of Homeland Security produced this Crimeware Landscape Report. This document tries to help executives grasp just what crimeware is, how it works, and how prevalent it is.

Proposed Solutions to Address the Threat of Email Spoofing Scams

  • Anti-Phishing Working Group - Released Dec 12, 2003

National and State Trends in Fraud & Identity Theft, January - December 2003

  • Federal Trade Commission - Released Jan 22, 2004