If you're a bank, or other organization that's worried about having your brand spoofed in a phishing attack, first you need to detect the attacks, and then you need to act. Here are some of the things you can do:
- Receive complaints from consumers -- publish an email address for consumers to forward suspected phishing emails to. The abuse desk can reply to the consumer to confirm whether this was a legitimate message or a phishing attempt (e.g. spoof@paypal.com, internetsecurity@barclays.co.uk).
- Run spamtraps -- publish email addresses for the sole purpose of receiving spam. Scan the incoming spam for phishing attempts on your brand.
- Detect remote image loading -- scan your web server logs for the telltale signs of your images being displayed in web sites that don't belong to you.
- Takedown -- get the phishing web sites removed from the Internet. Work with:
- The ISP responsible for the email sender
- The hosting company hosting the phishing website
- The domain registrar responsible for a bogus copycat domain (e.g. paypalverify.com)
- Block -- inform consumer protection services to protect consumers while the sites are still available. For example:
- Google's anti-phishing toolbar
- Cloudmark's anti-fraud toolbar
- Microsoft's anti-phishing protection in IE7