Anti-phishing best practices
Anti-phishing recommendations for ISPs and mailbox providers.
A new set of best practices to combat phishing has been released by the
Anti-Phishing Working Group (APWG) and Messaging Anti-Abuse Group (MAAWG),
to help ISPs and mailbox providers better police their infrastructures and
filter the traffic traversing their networks.
The two industry groups joined forces to develop the guidelines, which
include:
- Two-way filtering of traffic to prevent phishing emails from reaching
consumers and to alert ISPs and mailbox providers when their own servers
are being used for sending phishing emails.
- The use of IP blacklists to close down temporarily servers that have
been co-opted for phishing attacks; the use of URL-based filters to help
ISPs filter outbound customer traffic to known phishing IP addresses,
domains or URLs.
- Filtering or rejecting email if it can unequivocally
be determined to be forged; disabling images and hyperlinks in email
from untrusted sources.
- Blocking access to known phishing websites
during attacks.
The recommendations also highlight the importance of educating consumers to
check for website certificate authenticity before submitting personal
information, to report scams to the Federal Trade Commission or equivalent
anti-fraud organizations, and alerting financial institutions when they are
the target of phishing campaigns.
'Anti-Phishing Best Practices for ISPs and Mailbox Providers' can be
downloaded from http://antiphishing.org/reports/bestpracticesforisps.pdf.
01 August 2006
Tags:
del.icio.us 
digg this
