Internet Policy Committee

The mission of the Internet Policy Committee (IPC) of the APWG is to help developers of Internet policy understand evolving electronic-crime threats and assist in the development of domain name system (DNS) and other Internet-related policies that protect Internet users and organizations from e-crime.

The APWG IPC was formed in 2006. IPC members include people from registrars, registries, academia, law enforcement, vendors, financial institutions, technology consortiums, and other APWG members. The IPC has been very successful at carrying out its mission over the last two years.

IPC members have been attending and briefing Internet policy makers at many forums since its inception, including extensive involvement with the ICANN community, and have managed to bring various ICANN constituency members into the APWG community as well. Initiatives completed by the IPC include advising the ICANN WHOIS and Fast Flux working groups, providing use cases for how WHOIS is used in phishing site take–downs, publishing statistics on domain name use and phishing trends — including a study on the use of sub-domains by phishers, and publishing registrar best practices.

Ongoing work includes creation of a registry-level domain suspension process, studies of website vulnerabilities that lead to phishing site creation, continued data studies, and launching initiatives to educate both users and web site operators on phishing.

An example initiative to educate users about phishing is the APWG redirect education page. The redirect page harnesses the "most teachable moment" - when the consumer is fooled by a phishing communication. Instead of showing 404 errors to consumers when they go to a phishing site that has been taken down, the consumer is redirected to an education page hosted by the APWG.

The page explains to the consumer that they have fallen for a phishing scam and gives them online safety pointers. By participating in policy creation groups, publishing relevant statistics, and working to educate consumers, the APWG IPC is helping make the Internet a safer place.

APWG - Industrial, Technical and Government Advisories From the APWG Internet Policy Committee
gTLD Expansion Issues (DRAFT) - This is the WORKING draft of the APWG IPC's document entitled, "Potential issues in malicious use and abuse of the domain naming system created or exacerbated by the new gTLD expansion" It is still under consideration, and there will be a follow-up document that will offer recommendations for dealing with issues brought out in this paper.

Global Phishing Survey: Domain Name Use and Trends in 2H2008 - This study is a comprehensive analysis of the phishing that took place in the second half of 2008 (2H2008). Highlights include:
  • Phishing attack and uptime statistics for all top-level domains
  • How phishers targeted specific registrars and top-level domains, and change their preferences over time
  • Domain name registration patterns, and use of subdomains for phishing
  • Other trends pointing to anti-abuse strategies

Global Phishing Survey: Domain Name Use and Trends in 1H2008
Previous Phishing Survey Release: Trends in 2007

What to do if your Web site has been Hacked - This document is a reference guide for any web site owner or operator who suspects, discovers, or receives notification that it's web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containments, recovery, restoration and follow-up when an attack is suspected or confirmed.

Making Waves in the Phisher’ Safest Harbors: Exposing the Dark Side of Subdomain Registries - This advisory discusses how phishers now use what we call subdomain registries to provide safe harbors for malicious and criminal activities. The advisory also discusses measures individuals and organizations can consider if they opt to make these harbors less attractive and effective to phishers.

Anti-Phishing Best Practices Recommendations for Registrars - The purpose of this document is to provide a set of recommendations to the domain registrar community that can substantially reduce the risk and impact of phishing on consumers and business worldwide. The recommendations focus on 3 areas where registrars can be of assistance: Evidence Preservation for Investigative Purposes, Proactive Fraud Screening and Phishing Domain Takedown.

The Relationship of Phishing and Tasting - The Domain Name System Policy Working Group performed a study on the use of domain tasting by phishers. The study shows that while it does not appear that domain tasting is utilized by phishers, the increase in infrastructure anti-phishing companies must have to monitor for new phishing domain registrations has negatively impacted the anti-phishing community.

Memorandum on Domain Take-Downs and WhoIs Data - The APWG, as an observer to the ICANN Whois Privacy WG, prepared a memorandum on how anti-phishing fighters use the DNS Whois data to disable phishing sites. ICANN is contemplating removing most of the address data from the gTLD (.com, .net, .org) DNS Whois servers and the APWG is concerned about retaining access to this data to support our phish fight.