6

Our real web site is www.abc.com. Recently Intel notified us of another web site www.fake.com having some parts of the site appearing the same as our real site. This is obviously a phishing site.

Not much damage has been done and I don't think our users are stupid enough to recognize www.fake.com as our real site and try to access it. However, I would like to know what are the mitigation measures we could take.

I reckon sending our users an email or a company circular to warn them that we have only one real site is a must. What else can we do to prevent?

WhiteWinterWolf
  • 19,142
  • 4
  • 59
  • 107
JinPangPang
  • 1,931
  • 2
  • 16
  • 27
  • 2
    This is more a legal issue than a security one. The best way to prevent the phishing of login credentials is by using U2F – Neil McGuigan Dec 18 '15 at 00:50
  • Blocking the fake domain and its IP address on the corporate proxy/network would be a start, and for a legal solution I guess you could claim copyright infringement since the fake site copies your real one. – André Borie Dec 18 '15 at 01:29
  • 5
    contact the hosting company and report the site – schroeder Dec 18 '15 at 02:42
  • @NeilMcGuigan - Do you feel that any 2FA would be sufficient or that U2F provides better security than other 2FA solutions? – Neil Smithline Dec 18 '15 at 04:01
  • @NeilSmithline U2F prevents phishing by only "connecting" to known domains that you have previously registered with. Other 2FA's won't help here. – Neil McGuigan Dec 18 '15 at 04:07
  • Thanks @NeilMcGuigan - I'll go reread the U2F documentation. I guess I missed something. – Neil Smithline Dec 18 '15 at 04:09
  • @NeilSmithline A googler outlines some info here: https://security.stackexchange.com/questions/71316/how-secure-are-the-fido-u2f-tokens – Neil McGuigan Dec 18 '15 at 04:13
  • 3
    Thanks for the info @NeilMcGuigan. U2F does seem better at preventing phishing than other 2FA. I found this helpful too https://developers.yubico.com/U2F/Protocol_details/Overview.html – Neil Smithline Dec 18 '15 at 05:46
  • I don't think this strictly is a duplicate, since the current question "What can be done?" has a broader scope than "Where to report?", but I think the following question is still very relevant: [Where to report malicious URLs, phishing, and malicious web sites?](http://security.stackexchange.com/q/1728/32746) – WhiteWinterWolf Dec 18 '15 at 09:32

1 Answers1

1

I know that RSA offers services that will, among other things, take down phishing sites. More information can be found here.

I have experience with them and I must say, whenever we request a take down on a phishing site, their response is quite fast.

Unfortunately, I have no idea regarding costs etc.

Jeroen
  • 5,813
  • 2
  • 19
  • 26