- The APWG-IPC and CMU’s CUPS created a webpage to educate users about phishing. The page (http://education.apwg.org/r) explains that they have just fallen for a phishing communication (email or otherwise) and advises consumers and enterprise users ways they can help themselves to avoid being victimized in the future.
- As part of the process for shutting down a phishing site, we are asking ISPs, registrars, and anyone else who has control of the phishing page to take the following steps
- Determine if the brand being phished has approved having the phishing site URLs re-used to redirect their customers (who’ve been fooled) to this educational page
- If the brand has approved the use of the redirect, instead of serving an error page when a customer arrives at the URL, redirect them to the APWG/CMU Phishing Education Landing Page
The APWG-IPC created a separate webpage that will help the manager of the company whose servers have been co-opted for use in phishing attack learn how to initialize redirects to the APWG/CMU education page:
The APWG and CMU’s CUPS encourages all brand owners to approve this process, all takedown providers to request the use of this redirect scheme, and all ISPs, registrars, registries, etc. to redirect to this page instead of serving an error page.
If you would like to learn more about this initiative, please contact us.