StaySafeOnline.org - National Cyber Security Alliance
Top 8 Cyber Security Practices Cyber Security Basics News and Media Features About NCSA Events
HOME > Cyber Security Basics > Small Business > Prepare Your Company > Your Computers and Systems
Home Users
Educators
Family & Children
Small Business
- Cyber Security 101
- Prepare Your Company
  - Your Employees
  - Your Computers and Systems
    - Basic Tips
- Virus Control
- Physical Security
- Phishing Control
- Firewalls
- Authentication
- Wireless Networks
  - Your Customers
- Incident Recovery and Reporting
Submenu
Submenu
How Safe Are You?
Cyber Security
Glossary
 

Prepare for Phishing

 
Executive Summary
Submenu
What if your company is PHISHED? This section reviews what you can do to prepare for a phishing incident. These suggestions are most likely carried out by someone who is somewhat technical on your team. Also see Phishing under Cyber Security 101 for more details on Phishing.
Submenu
 

Monitor or Register sites with similar spellings to yours
To carry out some kinds of phishing attacks, such as deceptive attacks using cousin domains, a phisher must set up a domain to receive phishing data. Preemptive domain registrations targeting likely spoof domain names may reduce the availability of the most deceptively named domains.

Since there may be millions of possible spoofing domains, it is not generally practical to register all possible official-looking domains. Some companies offer a registration monitoring service that will detect registration of a potential spoof domain and monitor any site activity while pursuing action against the registrant.

Preparing for an Attack
Before an attack occurs, an organization that is a likely phishing target can prepare for an attack. Such preparation can dramatically improve the organization’s responsiveness to the attack and reduce losses substantially. Such preparation includes:

  • Providing a spoof-reporting email address that customers may send spoof emails to. This may both provide feedback to customers on whether communications are legitimate, and provide warning that an attack is underway.
  • Monitoring “bounced” email messages. Many phishers email bulk lists that include nonexistent email addresses, using return addresses belonging to the targeted institution. A spate of bounced emails can indicate that a phishing attack is underway.
  • Monitoring call volumes and the nature of questions to customer service. A spike in certain types of inquiries, such as a password having been changed, can indicate a phishing attack.
  • Monitoring account activity for anomalous activity such as unusual volumes of logins, password modification, transfers, withdrawals, etc. ITTC Report on Online Identity Theft Technology and Countermeasures 16
  • Monitoring the use of images containing an institution’s corporate logos and artwork. Phishers will often use the target corporation to host artwork that is used to deceive customers. This may be detected by a web server via a blank or anomalous “referrer” for the image.
  • Establishing “honeypots” and monitoring for email purporting to be from the institution.

There are contractors that can perform many of these services. Knowing when an attack is underway can be valuable, in that it may permit a targeted institution to institute procedural countermeasures, initiate an investigation with law enforcement, and staff up to respond to the attack in a timely manner.
Source: Anti-Phishing Working Group - http://www.antiphishing.org/Phishing-dhs-report.pdf

Home | Site Map | Contact Us | Privacy Policy