Once a bank has been alerted to the fact that it is the subject of a phishing attack, the race is on to close the target phishing site as quickly as possible. When the fraud is inadvertently hosted by an otherwise reputable and experienced organization, this can be routine.

However, professional fraudsters will take steps to ensure that the process is as difficult and time consuming as possible: your time is their money. Fraudsters will often host their sites in developing countries with limited law enforcement resources and incentivize the hosting company to keep the site running as long as it possibly can. Indeed, some unscrupulous hosting companies actually promote fraud hosting as a service.

Netcraft's service helps banks and other financial organizations combat these techniques, so that once a phishing site has been detected, Netcraft responds with a set of actions which will limit access to the site and should ultimately cause the fraudulent content to be eliminated.

Countermeasures

• Netcraft Toolbar
  (http://toolbar.netcraft.com) is an Internet Explorer toolbar, which protects users against phishing sites. Whether a phishing site is reported via the toolbar or through some other channel, Netcraft blocks access for everyone using the Netcraft toolbar.
• Hosting Company
  Netcraft will identify, contact and liaise with the company responsible for hosting the fraudulent content. Netcraft enjoys excellent relations with the hosting community, and many of the world’s largest hosting companies are Netcraft customers. Netcraft can exercise its existing relationships with these companies to provide a swift and smooth response to the detection of the site. If the hosting company is reputable, this may be sufficient to ensure a prompt end to the fraudulent activity.
  
  However, some hosting companies offer fraud hosting as a service whereby they are incentivized to keep the site up as long as possible, and this necessitates more extensive action.
• Local Law Enforcement Agency
  Netcraft will identify, contact and liaise with the law enforcement agency in the hosting company's local jurisdiction.
• Upstream Bandwidth Providers
  Netcraft's geographically-distributed performance collectors can trace multiple routes to the server hosting the fraudulent content. This allows the upstream bandwidth providers to be identified and notified. If the upstream connectivity providers perceive that their business may be damaged through being identified as providing connectivity for a fraud site or larger fraud hosting operation, they may black hole the individual site, or withdraw their services from the hosting company. This type of action effectively makes the hosting company unreachable from a proportion of the internet, even though it may be reachable from others.
• Publish Details of the Fraud Site
  Details of the scam can be published on Netcraft.com web sites. Netcraft is a widely read site (see http://news.google.com/news?q=netcraft&num=100) and the publicity may reach people in the local jurisdiction who are able to help, and further encourage the hosting and connectivity providers to react.
• Bespoke Options Available
  Additional bespoke anti-fraud are also available.
• Next Steps
  Please contact us sales@netcraft.com, +44-1225-447500, to discuss your requirements. Netcraft provides additional services to search for and pre-empt frauds and phishing attacks.