Educause Security Discussion mailing list archives
Re: Phishing take down notices.
From: "Ford, Bryan" <bryan.ford () NDUS EDU>
Date: Thu, 22 Jun 2017 19:39:01 +0000
Thank you everyone for your responses looks like Google reporting seems pretty popular. Not surprised by phishtank glad to know Keith can help out with that. Will have to look at the others some great ideas. Thanks Bryan From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keith Hartranft Sent: Wednesday, June 21, 2017 2:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing take down notices. Bryan, We did a presentation via Educause/RI last September called School of Phish. Via Google Safebrowsing reporting and Phishtank these get into Browser blocks very quickly if reported and verified. I'm kkh288 in PT and would be happy to add verification assistance if you let me know your reporting "handle". We track a few other edu reporters here that our team assists with. https://www.phishtank.com/user.php?username=kkh288 As for the domain itself ... different domains yield different results. Forms places like Formcrafts and CognitoForms immediately 404 the site if abuse is reported. I'd also look "nearby" as phishers using those sites set up a number of similar forms. Others such as Weebly, WebHost, Yola, Wix do process takedowns ..... the time varies. Some "free build" sites are poor and a compromised WP host can be really hit-or-miss. You might also try reporting to the Netcraft plugin as they often do notification as well. That's a quick hit primer but there's so much more. I'd be happy to chat further with those seeking help. Thanks, Keith On Wed, Jun 21, 2017 at 3:11 PM, Ford, Bryan <bryan.ford () ndus edu<mailto:bryan.ford () ndus edu>> wrote: How are you reporting a takedown notice for a phishing site. Presently we have no standard for takedown notices. We will notify the Domain owner most times, but it seems to take them sometime to do it. I know there is phishing reporting sites for just about every vender out there. I tried Phishtank and the voting thing in my very novice view is clunky at best. Is anyone a member of APWG and a phishing reporter ? If so any wisdom on how it works. I see there a site in the APWG where you can report phishing but you also need the header information, 90 % of the time we don’t get when a user reports phishing. We have been playing with the Netcraft toolbar extension and like the end user ability to report phishing directly, but we are just evaluating it. I am in the belief that most anti phishing venders use a feed from at least one organization to populate their databases. Forgive me if this has be addressed but I could not find anything in Educause on this subject. Sincerely Bryan Bryan Ford Information Security NORTH DAKOTA University System Core Technology Services 4349 James Ray Drive Grand Forks, ND 58203 701.777.6484<tel:(701)%20777-6484> (o) cts.ndus.edu<http://cts.ndus.edu> -- Keith K Hartranft, CISSP, CISM, PCI-DSS ISA & PCIP Chief Information Security Officer Lehigh University 610-758-3994
Current thread:
- Phishing take down notices. Ford, Bryan (Jun 21)
- Re: Phishing take down notices. Haas, Mike (Jun 21)
- Re: Phishing take down notices. Keith Hartranft (Jun 21)
- Re: Phishing take down notices. Ford, Bryan (Jun 22)
- Re: Phishing take down notices. Joel Anderson (Jun 21)
- Re: Phishing take down notices. Philip Webster (Jun 21)