You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Briefing Session on Registrar impersonation in phishing attacks

Date: Tuesday, 26 August 2008

Time: 1300 UTC (For the time in various timezones click here)

Participants:

Staff: D Piscitello (Presenter), N Ashton-Hart, F Teboul, M Langenegger

Interpretation: French and Spanish

Recording of the Adobe Connect Session: http://icann.na3.acrobat.com/p96515498/

(If you have never attended a Connect Pro meeting before: Test your connection and get a quick overview)

Audio Recording: English, Español, Français

Meeting Number: AL.BRIEF/CC.0808/2

Agenda:

Dave Piscitello, Senior Security Technologist at ICANN and ICANN Staff member supporting the work of the Security and Stability Avisory Committee will give a presentation on Registrar impersonation in phishing attacks from a user perspective. Following the presentation there will an opportunity to ask questions.

Reference Materials:

Presentation on Registrar Impersonation (25 August 2007): English (PDF)

SSAC Advisory on Registrar Impersonation Phishing Attacks (26 May 2008): ENGLISH, FRANCAIS, ESPANOL (PDF)

Background Information:

Phishers exploit many forms of email that merchants or financial businesses send to customers. The goal of such email messages is to lure a customer to a web site that appears to be the customer's bank or merchant and cause the customer to disclose his account information. The phisher uses this information to fraudulently use the customer's credit cards or financial account, or steal the customer's identity. Domain name registrars control domain name information of behalf of their customers (registrants), and mostly correspond with registrants by email. They are thus a particularly valuable phishing target, and a registrar-impersonating phisher tries to lure a registrar's customer to a bogus copy of the registrar's customer login page, where the customer may unwittingly disclose account credentials to the attacker who can then modify or assume ownership of the customer's domain names.

The Advisory recommends ways registrars can reduce phishing threats. For example, including only the information necessary to convey the desired message in customer correspondence, the registrar can reduce the opportunities for phishers to personalize messages and thus make them more convincing. Registrars can also avoid the use of hyperlink references in email messages, provide some form of non-repudiation of origin, and educate customers of the phishing threat and consequences registrars use to minimize the exposure of their registrants to phishing risk in email correspondence and at registrar web sites.

This Advisory also recommends ways for registrants to detect and avoid falling victim to this type of phishing attack. For example, customers should avoid clicking on hyperlinks in all email correspondence, be suspicious of email correspondence from a registrar that claims an urgent response is required, and should not trust an email simply because it is personalized. The Advisory also recommends services registrants should consider when choosing a registrar.

Dial-outs

English Channel:

TBA

Spanish Channel:

TBA

French Channel:

TBA

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.

Dial-In Numbers

USA: Toll-Free (North America Only): +1 (800) 550-6865 / USA Toll: +1 (213) 233-3193

Unable to render {include} The included page could not be found.
  • No labels