In support of Cybersecurity Awareness Month 2022, APWG is reminding all counter-cybercrime communities of the awareness, education and cybercrime-reporting utilities that the global association maintains for industry and consumers worldwide. This year’s CSAM campaign theme — “See Yourself in Cyber” — speaks directly to APWG cybercrime suppression objectives, including the CSAM imperative for 2022 to recognize and report phishing — a cybersecurity standard operating procedure (SOP) that APWG enabled programmatically in 2004 with its phishing mail reporting service — the same year CSAM was established by presidential declaration. The APWG’s three awareness and education programs for industry and consumers support that the activist motivations of the CSAM 2022 campaign are:
The APWG Report Phishing email phishing lure forwarding service to alert block list managers and cybercrime responders to phishing attacks’ source and landing pages. The APWG CMU Phishing Education Landing Page to instruct credulous users of best practices at the most teachable moment: when they have just clicked on a phishing link to a decommissioned phishing website. The STOP. THINK. CONNECT. cybersecurity awareness campaign of shared cybersecurity awareness messaging assets, launched in 25 national campaigns since its inaugural deployment in 2010 as the cybersecurity awareness campaign of the federal government of the United States.
Pull the Alarm: Report Phishing to [email protected] and Be the First to Point to the Bad Guys The APWG Report Phishing forward program has routed billions of phishing email lures to industrial processes and analysts since it was formally established in 2004, a mechanism used by the general public, commercial enterprises, national governments and multilateral treaty organizations worldwide. Currently, the Report Phishing forward service processes a half million reports per month. If you have received a suspicious or obviously malicious phishing email, you can forward those to APWG for analysis and processing by APWG member companies and institutions. The best way to do this is to simply forward the suspected phishing email to [email protected]. Forwarding suspected phishing emails to APWG contributes directly to fraud and crime prevention services to protect users and track criminal activity. If your email client supports the option to “Forward As Attachment,” please use it as this will provide APWG’s systems with more detail for our member institutions to trace and monitor phishing websites. All data is handled responsibly and under contract with the APWG-vetted member community. APWG Proffers Awareness Jujitsu for Web Hosting Industry: Replace Phishing Pages With Educational Messaging In 2009, APWG and the Carnegie Mellon CyLab Usable Privacy and Security Laboratory (CUPS) established a redirect utility for ISPs that forwards users clicking on links to decommissioned phishing web pages to a special page of educational tips and advice. The Phishing Education Landing Page replaces phishing pages with a redirect script that sends users to educational instruction when they click on phishing URLs — instead of a confusing and largely blank Error 404 message. As part of the process for shutting down a phishing website, APWG requests that ISPs, registrars, and parties with control of a phishing page to redirect visitors to phishing websites to the Phishing Education Landing Page at http://education.apwg.org/r The APWG CMU Phishing Education Landing Page has been in continuous operation since 2009, reminding millions of credulous consumers to take care in their web-borne travels. The educational messaging is presented in one of 21 languages, calibrated to the language settings of users’ browsers. The STOP. THINK. CONNECT. Cybersecurity Awareness Campaign Provides Tested Messaging for Reminding Users of Best Cyber Practices The STOP. THINK. CONNECT. program is a cybersecurity public awareness campaign of shared assets promoted by industry, NGOs and national government deployments — and through cooperative relationships with multilateral treaty organizations. Currently, the campaign is deployed in dozens of countries. STOP. THINK. CONNECT. was conceived and initially proposed as a Messaging Convention by the APWG to its members in 2008 as a way to optimize user awareness and education by unifying the cybersecurity awareness messaging they receive and reducing the clutter of uncoordinated, inconsonant efforts. The campaign has been deployed by cabinet ministries, national CERTs, government agencies and NGOs in some 25 nations — the first in the United States in 2010. Most recently, the Messaging Convention has completed cooperative agreements with ministries in South America and Central Asia. See: https://messagingconvention.org/national-curators The STOP. THINK. CONNECT. slogan and badge and advisory suite is a complete package for a national, regional or localized cybersecurity awareness campaign and is offered at no cost and with no restriction on educational uses of the assets. About the APWG Founded in 2003, the Anti-Phishing Working Group (APWG) is an international coalition of counter-cybercrime responders, forensic investigators, law enforcement agencies, technology companies, financial services firms, university researchers, NGOs and multilateral treaty organizations operating as a non-profit organization. Its directors, managers and research fellows advise national and sub-national governments as well as the United Nations (Office on Drugs and Crime) as recognized experts (as defined by the Doha Declaration of 2010 and Salvador Declaration of 2015) as well as multilateral bodies and organizations. Operationally, the APWG conducts its core missions through: APWG, a U.S.-based 501(c)(6) organization; the APWG.EU, the institution’s European chapter established in Barcelona in 2013 as a nonprofit research foundation incorporated in Spain and managed by an independent board; the APWG’s Applied Research secretariat; and the STOP. THINK. CONNECT. Messaging Convention, Inc., a U.S.-based nonprofit 501(c)(3) corporation managing the development of the global STOP. THINK. CONNECT. cybersecurity awareness campaign. APWG’s directors, managers and research fellows advise: national governments; global governance bodies such as the Commonwealth Parliamentary Association, Organisation for Economic Co-operation and Development, International Telecommunications Union and ICANN; hemispheric and global trade groups; and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a founding member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. APWG’s clearinghouses for cybercrime-related machine event data send more than two billion data elements per month outbound to APWG’s members to inform security applications, forensic routines and research programs, helping to protect millions of software clients and devices worldwide. APWG Engineering continues to work with APWG member data correspondents worldwide to develop new data resources. The annual APWG Symposium on Electronic Crime Research, proceedings of which are published by the IEEE, attracts scores of papers from leading scientific investigators worldwide. The conference, founded in 2006 by APWG, is the only peer-reviewed conference dedicated exclusively to cybercrime studies. Source: APWG