News and Events:

• 21-22 Jul 08: APWG to Briefs Identity Protection Forum Hosted by the Internal Revenue Service in Washington, D.C.
  Dr. Laura Mather, APWG Managing Director of Operational Policy, will address the Identity Protection Forum in Washington, D.C. hosted by the IRS. The purpose of the Forum is to unite key executives and experts in the fields of privacy and identity theft from both public and private sectors, in the domestic and international arenas, to share common experiences and successes in the protection of identity information and gain insights into trends and future developments in this area of growing interest.
   
• 23 Jun 08: APWG Industry Liaison Rod Rasmussen collaborates on anti-crime issues with broad set of Internet constituencies at 32nd ICANN Meeting - Paris France
  This week, Industry Liaison Rod Rasmussen briefed several ICANN constituencies on the latest phishing and e-crime trends at the most widely attended ICANN meeting to date. The APWG continues its close work with the SSAC (Stability and Security Advisory Committee) and held briefings on the latest phishing trends with the Registry Constituency, Business Constituency, and a special Law Enforcement session. Several private briefings with ICANN staff were also held to continue the close working relationship between the organizations. The APWG also presented its recently released version of the "Registrar Best Practices for Anti-Phishing" document to the Registrars' Constituency. Further, the APWG is actively participating in the Policy Development Process on Fast-Flux DNS for the GNSO (Global Name Supporting Organization) which kicked-off at this meeting.
   
• 17-19 June 08: FSTC's 2008 Annual Conference
  This years event, On The Innovative Edge: Successful Strategies for Financial Services, is a direct reflection of the cutting edge work of FSTC and is open to non members. This annual event offers more than discussion on the challenges but solutions as well. Attendees also gain perspective on what is around the curve and are better prepared to keep their companies secure, resilient, and competitive.
   
• 28 May 08: SSAC post an Advisory on Registrar Impersonation Phishing Attacks
  The ICANN Security and Stability Advisory Committee describes a form of phishing attack that targets domain name registrants. In this Advisory, SSAC describes generic forms of this type of attack. We consider types and formats of information included in legitimate email messages that various registrars use when corresponding with customers. We discuss how phishers manipulate these information types and formats to create a bogus correspondence that is designed to socially engineer the registrar¹s customer into visiting an impersonated registrar web site. The attacker designs the impersonated web site to dupe the customer into disclosing domain management account names and credentials. We discuss some of the current recommended practices to minimize or prevent phishing attacks employed by common phishing targets such as financial institutions and large corporations. We recommend measures that registrars can take to make their correspondences with registrants less "phishable² and identify ways for registrants to detect and avoid falling victim to this form of phishing.
   
• 21 - 22 May 08: APWG Deputy Secretary-General Foy Shiver addresses World Cyber Security Summit 2008 - Kuala Lumpur, Malaysia
  Mr. Shiver keynotes the 2008 World Cyber Security Summit (WCSS) to be held in conjunction with 16th World Congress on Information Technology 2008 in Kuala Lumpur, Malaysia. The theme of the workshop is “E-Commerce and Cybercrime” and will address issues that are affecting and challenging the sustainability of critical information infrastructures and organisations.
   
• 18-22 May 08: APWG presents to Annual AusCERT Asia Pacific Information Security Conferenc Meeting - Gold Coast, Australia
  APWG Industry Liaison Rod Rasmussen presents at the annual AusCERT Asia Pacific Information Security Conference meeting on the status of the APWG's counter e-crime efforts and programs, including the Internet Policy Committee's ongoing initiatives.
   
• 23-25 Apr 08: APWG Internet Policy Committee (IPC) members present to 17th Annual WWW conference - Beijing, China
  APWG IPC Committee member Greg Aaron leads a panel discussion that includes several APWG members on "Protecting the Web: Phishing, Malware , and Other Security Threats" at the WWW2008 conference.
   
• 15 Apr 08: APWG Secretary General Peter Cassidy keynotes the SoftForum's CODEGATE Hacking & Security Conference - Seoul, Korea
  Mr. Cassidy keynotes the CODEGATE conference, presenting his talk, "Mapping the Frontiers of the Electronic Crime Threat From Consumers? Desktop to National Equities Markets."
   
• 1 April 2008: APWG to Briefs the Federal Trade Commission
  Dr. Laura Mather, APWG Managing Director of Operational Policy, will brief the Federal Trade Commission (FTC) on educational initiatives within the APWG.
   
• 1 Apr 08: APWG Secretary General Peter Cassidy addresses the Council of Europe - Strasbourg, France
  Mr. Cassidy speaks at the OCTOPUS Interface Conference on Cooperation Against Cybercrime. The 2008 Conference will focus on the cooperation between service providers and law enforcement, the state of cybercrime legislation and the effectiveness of international cooperation. Mr. Cassidy joins the panel, Cybercrime threats and trends to review contemporary trends in the technologies and techniques by cybercrime organizations.
   
• 17 March 2008: APWG Rereleases Memorandum on Phish Site Shut Downs and Whois Data
  The APWG Internet Policy Committee has update the Whois Use Case document, originally created in July, 2007, to include use cases associated with IP Whois data. Since IP Whois data is equally useful in investigating and terminating phishing sites, the APWG-IPC determined that it would be beneficial to include information about the use of IP Whois in the phish site shut down process. The document also includes information on the timeframes of phish site shut down as well as an explanation of the organizations who drive phish site shut down.
   
• 10 - 12 Mar 08: APWG addresses APCERT Annual General Meeting - Hong Kong
  Deputy Secretary-General Foy Shiver addresses the Asia Pacific CERT community with a briefing on the status of counter e-crime efforts and programs designed to battle both crime and fraud on the internet.
   
• 3 Mar 08: APWG Releases Dec 2007 Phishing Trends Report
  The APWG's combined report, covering phishing activity during December 2007 is available here: APWG Phishing Trends Activity Report for December 2007.
    
• 22 Feb 08: APWG Secretary General Peter Cassidy joins the advisory board of Cybersafe Initiative - Eugene, Oregon.
  Secretary General Cassidy meets with the CSI advisory board to help map direction for this US Department of Justice project, organizing a public awareness project to promote online security and consumer computer user safety.
   
• 10-14 Feb 08: APWG Industry Liaison Rod Rasmussen briefs ICANN constituency meetings on latest phishing threats - New Delhi, India
  APWG Industry Liaison Rod Rasmussen presents updates on latest phishing threats and APWG DNSPWG initiatives to ICANN constituency groups including gTLD Registries, Business, ISP, and IP. Also provides closed-door briefing to Security and Stability Advisory Committee (SSAC) on sensitive threats to DNS infrastructure, and provides in-depth briefing on Fast-Flux Phishing as part of the open SSAC meeting.
   
• 30 Jan 08: APWG Secretary General Peter Cassidy addresses the
  Ministry of Economy, Trade and Industry (METI) - Tokyo, Japan
  Secretary General Cassidy addresses the METI and co-host Council of AntiPhishing Japan, opening their 'Information Security Day' conference on“Trends in ID Theft / Phishing, Fraud and Countermeasures Against Them”.
   
• 28/29 NOV 07: APWG Updates the UN's Office of Drugs and Crime
  APWG Research Fellow Patrick Cain was one of 15 participants in the UN's Office of Drugs and Crime (ODC) core group of experts on identity-related crime meeting in Courmayeur, Italy on November 28 and 29, 2007. The ODC convened the experts pursuant to the UN Economic and Social Council (ECOSOC) resolution 2204/26 and directed by the UN Commission on Crime Prevention and Criminal Justice's April 2007 recommendation to provide technical and legal assistance to member countries on id-related crimes.
   
• 8 Nov 07: APWG addresses the Council of Europe - Tomar, Portugal
  APWG Secretary General Peter Cassidy joins a panel at the CoE's conference on
  identity theft and cybercrime to delineate the problem set and related
  technical trends, to inform the Council's policy development and the
  final implementation of the CoE's Convention on Cybercrime.
   
• 5 Nov 07: APWG to brief the Organization of American States at the II Cyber Security and Cyber Crime Workshop - Miami
  The primarily goals for this week long event are designed to provide theoretical information, demonstrations and "hands on" experiences with the latest in cutting edge forensic tools on cyber security. This opportunity to increase collaboration and partnerships between participating OAS Member-States and private corporations and Academia will aid to better protect critical infrastructure from the cyber threat. Deputy Secretary-General Foy Shiver will update attendees on the state of Phishing, Internet Fraud and movements to curtail these activities.
   
• 18 Oct 07: APWG Updates Luxembourg attendees to the Hack.lu conference
  APWG Deputy Secretary-General Foy Shiver and Resident Research Fellow Pat Cain hold a Phishing Workshop to update Luxembourg Security and Banking officials on the current status of electronic fraud at the 2007 Hack.lu security conference.
   
• 26 Sept 07: APWG Releases Report on status of Phishing and Tasting
  The Domain Name System Policy Working Group performed a study on the use of domain tasting by phishers. The study shows that while it does not appear that domain tasting is utilized by phishers, the increase in infrastructure anti-phishing companies must have to monitor for new phishing domain registrations has negatively impacted the anti-phishing community.
   
  

Consumer Advice on Phishing
Check out the advice we've compiled for consumers on phishing. Visit the Resources pages for more information:

• How to Avoid Phishing Scams
• What To Do If You've Given Out Your Personal Financial Information