Cambridge, Massachusetts – (The Hosting News) – March 16, 2009 – Global independent coalition combating electronic crime, The APWG, has made available a comprehensive reference guide designed to assist webmasters, as well as website owners and operators, in addressing phishing of their web sites.
Laura Mather, managing director of operational policy for the APWG and founder of Silvertail Systems remarked, ”It can be a confusing and scary experience to be told that your website is being used to host a phish site. What To Do’ helps website owners understand what to look for and helps them determine next steps.”
The APWG industrial advisory, ”What To Do If Your Web Site Has Been Hacked by Phishers,” was developed and authored by Dave Piscitello of ICANN and Suzy Clarke of ASB Bank in New Zealand. It is now available now at no cost from the APWG at: www.antiphishing.org/reports/APWG_WTD_HackedWebsite.pdf
This APWG advisory explains the most important incident response measures that can be taken to remediate website hacking by phisher in the areas of identification, notification, containment, recovery, restoration, and follow-up when an attack is suspected or confirmed.
Ms. Mather added, ”The APWG hopes that by hosting this document, ISPs and phish site takedown providers can point website owners to its site and be assured they are getting information from a reputable, trustworthy source.”
Suzy Clarke, ASB Bank, New Zealand, noted, ”The APWG advisory offers a step by step approach that every IT department can use as a foundation from which to build their own incident response and recovery plans if they find their web site has been compromised by phishers. The program of procedures and examples the APWG advisory provides can be customized to fit most situations.”
Dave Piscitello, Sr. Security Technologist at ICANN noted, ”Web sites and applications are the low hanging fruit for attackers right now. In our haste to market, we often fail to secure web sites adequately. We hope you never have the opportunity to use this guide, but believe that the information we provide will help you recover from a web site attack efficiently, effectively, with an opportunity to learn from the bad encounter so you can avoid future, like attacks.”
The APWG, founded as the Anti-Phishing Working Group in 2003, is an industry, law enforcement and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, researchers and solutions providers. There are more than 1,800 companies and government agencies worldwide participating in the APWG and more than 3,200 members. The APWG’s Web site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection.
APWG’s corporate sponsors include: 8e6 Technologies, AT and T, Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Earthlink (ELNK), eBay/PayPal (EBAY), Entrust (ENTU), Experian, eEye, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GeoTrust, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, HomeAway, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank, Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, The Planet, SalesForce, Radialpoint, RSA Security (EMC), SecureBrain, Secure Computing (SCUR), S21sec, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), TDS Telecom, Telefonica (TEF), Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO).
To learn more, please visit: www.antiphishing.org.