On the way to the #APWG (Anti-Phishing Working Group) #Tech2023 conference in Dublin to talk about #RDAP.

Pretty excited, as this is my first in-person talk ever since the pandemic started. :)

https://apwg.eu/event/tech2023/

Reported #phishing #attacks have quintupled. The third quarter of 2022, Anti Phishing Working Group observed 1,270,883 total phishing attacks — is the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to #APWG. #Cybercrime #Cybersecurity #Phishing https://www.helpnetsecurity.com/2022/12/28/reported-phishing-attacks-quintupled/

The #APWG comments on the FTC proposed rule are posted. As a board member, I signed off on these.

In their comment, APWG concentrated on two issues:

1) WHOIS information is vital to the investigation of impersonation scams. The final rule should recognize the now acute issue of domain name registration data (“WHOIS”). While WHOIS data is critical to investigatory capability as it relates to online impersonation and crime, it unfortunately has been significantly truncated since the misinterpretation and over-implementation of the European Union’s General Data Protection Regulation (GDPR) by domain name registries and registrars. This underlines why a final rule is critically needed.

2) Trusted Notifiers are effective tools in impersonation mitigation. FTC should encourage the use of trusted notifier programs by registries and registrars as an avenue to address maliciously registered domain names, and should further encourage participation in trusted notifier programs by business or governmental entities that frequently are impersonated.

My $.02 Trusted Notifier (TN) programs will be essential to mitigating cybercrime but these cannot be left to #ICANN to define for many reasons, but most importantly, because ICANN's scope is limited to domain names, and having non-federated, individually scoped programs is a terribad idea.

#Whois #apwg #cybercrime #fraud #phishing

Proposed rule: https://www.regulations.gov/document/FTC-2022-0064-0002

APWG Comment: https://www.regulations.gov/comment/FTC-2022-0064-0073

#M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, https://cybercrimeinfocenter.org are cited as well.

The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

#infosec can effect change

Proposed Rule: https://www.federalregister.gov/documents/2022/10/17/2022-21289/trade-regulation-rule-on-impersonation-of-government-and-businesses#open-comment
Comment: https://www.m3aawg.org/sites/default/files/m3aawg_ftc_comments_on_impersonation_-_dec_2022.docx_.pdf

#M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, https://cybercrimeinfocenter.org are cited as well.

The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

#infosec can effect change

Proposed Rule: https://www.federalregister.gov/documents/2022/10/17/2022-21289/trade-regulation-rule-on-impersonation-of-government-and-businesses#open-comment
Comment: https://www.m3aawg.org/sites/default/files/m3aawg_ftc_comments_on_impersonation_-_dec_2022.docx_.pdf

My AWPG eCrime 2022 Symposium presentation on taxonomic conventions for cybercrime measurements is available at https://cybercrimeinfocenter.squarespace.com/s/The-Need-for-Clarity-Accuracy-and-Rigor.pdf

#cybercrime #phishing #malware #apwg #cybercrimeinformationcenter

I'll be giving a virtual presentation on Thursday 1 December at #APWG eCrime 2022 titled, The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics. We'll discuss how the lack of taxonomic conventions affects measurements and comparisons across studies.

#phishing #malware #spam

https://apwg.org/event/ecrime2022/

I'll share the presentation on Friday.

Proud to announce that tomorrow I'll be presenting my work (coauthored with @securescientist) titled:
THREAT/crawl - a Trainable, Highly Reusable, and Extensible Automated Method and Tool to Crawl Criminal Underground Forums
at the AWPG eCrime 2022 online conference!

📄​ Link to the paper 📄
https://michelecampobasso.github.io/assets/papers/threatcrawl.pdf

⬇️​ Link to the event ⬇️​
https://apwg.org/event/ecrime2022/

#ecrime #apwg #crawler #cybercrime #underground #monitoring #infosec #security #cybersecurity

Proud to announce that tomorrow I'll be presenting my work (coauthored with @securescientist) titled:
THREAT/crawl - a Trainable, Highly Reusable, and Extensible Automated Method and Tool to Crawl Criminal Underground Forums
at the AWPG eCrime 2022 online conference!

⬇️​ Link to the event ⬇️​
https://apwg.org/event/ecrime2022/

#ecrime #apwg #crawler #cybercrime #underground #monitoring #infosec #security #cybersecurity

I'll be giving a talk and leading a panel at the #APWG eCrime 2022 virtual event on December 1.

Title: The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics: How DNS and Other Abuse Statistics Can Mislead in the Absence of Conventions for Categorizing Cyber Events

#cybercrime #phishing #malware #dns

https://apwg.org/event/ecrime2022/

BEC Wire Transfers Average $80K Per Attack - That number represents a big uptick over Q1. https://threatpost.com/bec-wire-transfers-average-80k/158914/ #anti-phishingworkinggroup #averagetransactionamounts #businessemailcompromise #mostrecentthreatlists #websecurity #cosmiclynx #giftcards #thereport #phishing #q22020 #hacks #apwg #bec