APWG Whitepapers and Other Reports
Partner Fraud Reports
JC3 Report - Revealed Threat of Fake Store
Japan Cybercrime Control Center (JC3), which promotes public-private partnership for cyber security in Japan, and APWG published this report on a proactive approach to defeat “Fake Store” websites. JC3 has been seeking to comprehensively identify all of the “Fake Stores” by analyzing criminals’ modus operandi. This is possible because they have been making many “Fake Store” websites in a similar way. Most of them are not yet recognized as fraudulent websites, but they will soon victimize individuals.
APWG Web Vulnerabilities Survey
This briefing memorandum discusses the initial analysis of a wide-ranging survey of enterprises whose websites had been hacked. It's organizing motive is to understand the web site operating environments that are abused by cybercrime gangs, the nature of the attacks, and actions the victim took in response to obtain a clearer understanding of attacker methodologies and target preferences.
Mobile Financial Fraud Reports
Mobile Financial Fraud - April 2013
Mobile devices increasingly present anattractive, practical and economical alternatives to traditional PCs. In the next few years global mobile payments are predicted to exceed $1.3tn. This paper provides a rhetorical approach towards mobile crime ware and the intrusion supply chainʹs structure as it examines subjects in depth from a practitioner’s perspective.
Routinized Desktop Intervention and Remediation
- This document looks at model programs for mass-scale cleansing of co-opted computing devices. It looks at four organizations that stepped forward to provide working models that can be readily emulated by enterprises interested in providing structured interventions for neutralizing botnets.
What to do if your Web site has been Hacked
- This document is a reference guide for any web site owner or operator who suspects, discovers, or receives notification that it's web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containments, recovery, restoration and follow-up when an attack is suspected or confirmed.
Anti-Phishing Best Practices Recommendations for Registrars
- The purpose of this document is to provide a set of recommendations to the domain registrar community that can substantially reduce the risk and impact of phishing on consumers and business worldwide. The recommendations focus on 3 areas where registrars can be of assistance: Evidence Preservation for Investigative Purposes, Proactive Fraud Screening and Phishing Domain Takedown.
Measures to Protect Domain Registration Services Against Exploitation or Misuse
- In this report, ICANN's SSAC calls attention to certain high profile incidents involving attacks against domain name registration. The report examines the incidents in sufficient detail to identify how accounts were compromised, the actions attackers performed once they had gained control of the account, and the consequences. The report identifies practices registrars can share with customers so registrar and customer can jointly protect domain registrations against exploitation or misuse, and discusses methods of raising security awareness among registrants of the risks relating to even a temporary loss of control over domain names and associated DNS configurations. This report seeks to encourage additional registrars and resellers to consider whether opportunities exist to provide stronger levels of protection from attacks against domain registration accounts. In particular, the report seeks to encourage registrars to consider emphasize registration security measures as a way to differentiate their service in a highly competitive market.
A Registrant's Guide to Protecting Domain Name Registration Accounts
- This report attempts to catalog measures that registrants should consider to protect their domain name registration accounts and the domain names managed through these accounts. The report describes the threat landscape for domain names, and identifies a set of measures for organizations to consider. The report also considers risk management in the context of domain names so that an organization can assess its own risk and choose appropriate measures. The report explains that an organization can implement these measures using its own staff (³in house²), contracted third parties, or a registrar or registry. It discusses the merits of implementing certain measures versus outsourcing these to contracted third parties or registrars and identifies circumstances where redundant measures are worth consideration. Lastly, the report provides lists of questions organizations should ask registrars and registries concerning their registration processes and protection mechanisms. The list can be used to obtain valuable and important information about registrar processes so that organizations can make informed decisions when choosing a registrar(s).
Making Waves in the Phisher’ Safest Harbors: Exposing the Dark Side of Subdomain Registries
- This advisory discusses how phishers now use what we call subdomain registries to provide safe harbors for malicious and criminal activities. The advisory also discusses measures individuals and organizations can consider if they opt to make these harbors less attractive and effective to phishers.
The Relationship of Phishing and Tasting
- The Domain Name System Policy Working Group performed a study on the use of domain tasting by phishers. The study shows that while it does not appear that domain tasting is utilized by phishers, the increase in infrastructure anti-phishing companies must have to monitor for new phishing domain registrations has negatively impacted the anti-phishing community.
Memorandum on Domain Take-Downs and WhoIs Data
- The APWG, as an observer to the ICANN Whois Privacy WG, prepared a memorandum on how anti-phishing fighters use the DNS Whois data to disable phishing sites. ICANN is contemplating removing most of the address data from the gTLD (.com, .net, .org) DNS Whois servers and the APWG is concerned about retaining access to this data to support our phish fight.
Best Practices for ISPs and Mail Box Providers
- Joint working document release from APWG and MAAWG. Consolidates a selection of "Best Practices" for companies providing ISP or Mail Box services.
Online Identity Theft: Technology, Chokepoints and Countermeasures
- DHS Counter-Phishing Strategies Whitepaper from the members of the Identity Theft Technology Council .
DOJ & PSEPC Joint Report on Phishing
- The US Justice Department and the Ministry on Public Safety and Emergency Preparedness Canada jointly produced report on phishing.
Crimeware Landscape Report
- The APWG in coordination with the US Department of Homeland Security produced this Crimeware Landscape Report. This document tries to help executives grasp just what crimeware is, how it works, and how prevalent it is.
Proposed Solutions to Address the Threat of Email Spoofing Scams
- Anti-Phishing Working Group - Released Dec 12, 2003
National and State Trends in Fraud & Identity Theft, January - December 2003
- Federal Trade Commission - Released Jan 22, 2004