If you would like to learn more about this initiative, please
contact us.
|
Getting Started
Once it has been determined that a number was being used for a faxback scam:
- Determine the incoming fax number(s) from Caller ID data or from Call Detail Records.
- Receive and destroy the incoming faxes. These documents will likely
contain the personally identifiable information (PII) of individuals.
- Using the APWG fax back page, fax the numbers gathered in Step 1.
The APWG fax back page will direct the recipients to the appropriate resources.
FoIP providers, fax server hosting companies and ISPs need only retrieve the instructional fax back page in PDF or TIFF format and ready it for transmission back to customers who send information to fax numbers which have been found to have been utilized for scams.
(Depending on the house systems, FoIP providers, fax server hosting companies and ISPs can use one version or the other as they both contain identical content.) Each format can be found at these URLs:
http://education.apwg.org/faxback/faxbackpage.pdf
http://education.apwg.org/faxback/faxbackpage.tif
FoIP providers, fax server hosting companies and ISPs can archive the page image on their own fax server system and organize their fax server scripts to respond automatically to incoming faxes to fax numbers that have been disabled for being used in a scam.
Life Cycle
Most of the damage in an online phishing attack is inflicted in the first 8 hours or so. Tying up a fax line for more than a few days, therefore, would be counterproductive and costly to an enterprise already running on thin margins.
APWG requests that, for consumer benefit and minimal disruption to FoIP providers and fax server hosting companies’ enterprises that these response scripts be kept live for one week before the number is released to normal customer use.
|
