Home M3AAWG Blog Unmasking the Phishing Battlefield
Posted by the M3AAWG Content Manager

Authored by Ken Simpson

The Messaging, Malware, Mobile Anti-Abuse Working Group (M3AAWG) conference in February 2023 brought together top industry experts to discuss the ever-evolving landscape of phishing and brand impersonation. One of the more interesting panels featured representatives from a brand protection company, an internet reputation data provider, and a security engineer from a major e-commerce brand. The panel discussion dove into the challenges and solutions surrounding phishing takedowns and combating brand impersonation.

The first topic explored the difficulties hosting companies face in responding to phishing takedown requests. A lack of accepted standards for making and responding to takedown requests often hinders the efficiency of the process. Interestingly, the panelists noted that the takedown process can be smooth and effective when the hosting provider has a direct relationship with the requesting entity. However, things can slow down significantly when that relationship is non-existent or not yet established.

As the discussion shifted to brand impersonation, it was revealed that most brands rely on takedown services, paying these providers to eliminate phishing websites on their behalf. Surprisingly, law enforcement plays a minimal role in day-to-day phishing management, except when targeting major phishing groups for arrest. Brands and their takedown service providers primarily shoulder the responsibility of managing phishing threats.

A staggering 40% of phishing sites are hosted on compromised web hosting infrastructure, such as hacked WordPress sites, and an additional 25% are hosted directly on paid domains owned by the phishing gang. This reality underscores the importance of robust cybersecurity measures for both hosting providers and domain owners.

The increasing use of cloaking techniques by phishing gangs emerged as a significant challenge in detecting phishing sites. These techniques include blocking requests from IP addresses associated with anti-phishing companies, targeting specific User Agents, injecting tokens into phishing URLs to prevent crawling, and employing CAPTCHAs to filter out non-human crawling. These advanced tactics demonstrate the need for sophisticated and adaptable countermeasures to stay ahead of the ever-evolving phishing threat landscape.

This eye-opening panel discussion illuminated the complexities of the ongoing battle against phishing and brand impersonation. It is clear that collaboration, information sharing, and the development of standardized takedown request procedures are crucial in combating these threats. The cybersecurity community must continue to innovate and evolve to outpace cybercriminals and ensure the safety and security of the digital world.

Phishing and brand protection are among M3AAWG’s Priorities and Focus Areas. We publish guidance and recommendations for the industry here.

Have ideas for topics to cover at future M3AAWG meetings? We are looking for proposals, including our upcoming meeting in June 2023. More information and to submit ideas visit our Call for Proposals page. 

The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.