Identity and credential theft and misuse are the most common methods used by cybercriminals to breach business and government systems, steal data and cause disruption. As Australia fights back against cybercrime, the ability for us to strike back against phishing and swiftly takedown fraudulent websites is paramount.
One of the tools used for criminals to gain access to usernames and passwords is phishing. Criminals send emails, use social media messages or even QR codes that direct people to websites that trick people into providing personal information.
Much of the attention on mitigating the risk and minimising the damage caused by phishing attacks focuses on blocking attempts before they reach users and educating people on how to identify potentially fraudulent messages. This is vitally important but only deals with one side of the phishing equation.
There is an ongoing, global effort to find and remove websites that are used to steal user information such as personally identifiable information (PII) and usernames and passwords. Phishing takedown services are a vital part of the cybersecurity landscape and are one of the unsung heroes of our cybersecurity defences.
The impacts of phishing can be broadly put into two groups. On one side, there are the individuals who have been tricked into accessing a fraudulent website. They might have been tricked into paying money for a non-existent product or service or provided information that could be used to access other systems such as online banking or the tax office.
Todayโs cyber criminals are armed with increasing technical skills and artificial intelligence that enable them to create very convincing copies of real websites. A business whose website is being impersonated can quickly find themselves in a reputation-damaging crisis if people believe they are being duped.
Phishing takedown services identify where the dodgy website is hosted and contact the website owner or hosting company to request its removal. While that sounds simple, the global and largely ungoverned nature of the internet can make this an extremely complex process. AUSCERT provides takedown services for its members that remove fraudulent websites from all over the world.
We have collectively taken down thousands of websites over just the last few months. This requires not just local action but the cooperation of law enforcement and other security agencies. The global network of Computer Emergency Response Teams (CERTs), of which AUSCERT was the first in Australia, is a critical part of this effort. We work locally but engage globally with CERTs around the world and global agencies, internet providers and law enforcement to enable phishing sites to be taken down as quickly as possible. And that information is shared to all AUSCERT members to protect the whole community.
As well as removing fraudulent websites, takedown services are important in the fight against online extortion. While ransomware remains a significant threat, criminals are now exfiltrating data and threatening to release it unless they are paid. Takedown services are vital for shutting down websites where criminals exchange and sell information and attempt to hold Australian businesses to ransom.
The good news is that there are tools available to assist organisations and individuals to determine if a website is legitimate. Cuckoo allows you to check a websiteโs bona fides and whether it is being used to steal data or access information on your computer without your consent. And if an organisation believes they have been the victim of fraud they can report it directly to AUSCERT or the ACSC who can investigate and initiate takedown procedures.
Phishing remains a significant issue for organisations and individuals. Phishing takedown services are a critical part of our nationโs cyber defence. By disrupting the actions of cybercriminals, Australia can fast track efforts towards reaching our goal of becoming the most cybersecure nation in the world by 2030.