Educate yourselves about phishing and how to avoid it

Written by Carl E. Reid on November 10, 2008

The Anti Phishing Work Group’s Internet Policy Committee (APWG-IPC) and Carnegie Mellon University’s Supporting Trust Decisions Project (STDP) have joined forces to educate consumers about phishing and established the AWPG/CMU Phishing Education Landing Page program.   The goal of this initiative is to instruct consumers about online safety at the “most teachable moment”: when they have just clicked on a link in a phishing communication.

Here’s how it will work:

  • The APWG-IPC and CMU’s STDP created a webpage to educate users about phishing.  The page (http://education.apwg.org/r/en/) explains that they have just fallen for a phishing communication (email or otherwise) and advises consumers and enterprise users about ways they can help themselves to avoid being victimized in the future.
  • As part of the process for shutting down a phishing site, we are asking ISPs, registrars, and anyone else who has control of the phishing page to take the following steps:
  • => Determine if the brand being phished has approved having the phishing site URLs re-used to redirect their customers (who’ve been fooled) to this educational page.
  • => If the brand has approved the use of the redirect, instead of serving an error page when a customer arrives at the URL, redirect them to the APWG/CMU Phishing Education Landing Page

The APWG-IPC created a separate webpage that will help the manager of the company whose servers have been co-opted for use in phishing attack learn how to initialize redirects to the APWG/CMU education page.

The APWG and CMU’s STDP encourages all brand owners to approve this process, all takedown providers to request the use of this redirect scheme, and all ISPs, registrars, registries, etc. to redirect to this page instead of serving an error page.

About Carl E. Reid

Developing his career from the mail room to the board room, Carl E. Reid has achieved success by skillfully blending 40 years of technology and business intelligence experience with his passion for helping companies succeed. Carl is founder and CEO of NetTECH Systems Reid & Associates, Inc., an emerging technology consulting company located in the New York City area. One of his specialties is 15 years as a collaboration and email infrastructure consultant. He has implemented and supported Lotus Notes/Domino and other types of SMTP gateway/network configurations in small to large global companies up to 33,000 employees. Some of his clients have included IBM, Citi, JPMChase, Oxygen, LVMH - Moet Hennessy, MeadWestvaco, non-profits and professional organizations. Carl is a Savvy Business Owner, Public Speaker and Author. His articles have appeared in Network World, Computer Monthly magazines and hundreds of web sites. Combining business technology consulting with professional blogging, Carl specializes in advising clients how to best leverage the Internet as a tool for high impact visibility. Carl's speaking style combines humor with expertise, and his advice is always down-to-earth and practical. He personally publishes Library of Congress recognized newsletter blog, http://www.SavvyIntrapreneur.com and http://www.iTechSpeak.com. Carl wrote the original "Professional Blogger Job Description", being used as standard document within companies. As a business career coach, Carl teaches professionals how to run their career as a profitable business.
  • (required)
  • (required)