Not long ago, most companies whose brands were being abused in phishing scams focused their efforts mainly on shuttering the counterfeit sites as quickly as possible. These days, an increasing number of phished brands are not only disabling the sites, but also seizing on the opportunity to teach would-be victims how to spot future scams.
Instead of simply dismantling a phishing site and leaving the potential phishing victims with a “Site not found” error, some frequent targets of phishing sites are setting up redirects to phishing education pages.
For the past 20 months, Jason Hong, assistant professor of computer science at Carnegie Mellon University‘s Human Computer Interaction Institute, has been measuring referrals from phishing sites to an education page set up by the Anti-Phishing Working Group (APWG), an industry consortium. Hong said the site now receives close to 25,000 referrals per month from phishing sites that brand owners have modified.
The redirect process works like this: The brand owner or company whose customers are targeted by the phishing site verifies it as a scam site, and then the site’s ISP, hosting provider or domain registrar will redirect the phishing site to the APWG education page.