Saturday, June 29, 2013

A Conversation With The Anti

The APWG provides a forum for the discussion of phishing issues and testing of potential solutions. Archives of phishing scams and other valuable information and resources are available through the organization's Web site.

Peter Cassidy is the secretary general of the APWG. He manages the organization's day-to-day operations and is involved with conference development and management, speaking, membership expansion, organizational growth, and development of the directional orientation of APWG's research and data collection services.

Web Host Industry Review: It seems like the APWG has been making some important strides in terms of membership. What does the involvement of banks and other groups targeted by phishing add to the APWG?

Peter Cassidy: A deep understanding of how the threat affects them in reality and how it affects them in terms of customer relations, and how it affects them in terms of the decision cascade that comes into play when you are talking about fixing a problem like this. We really do wonderfully inform the larger membership about the complexity of doing things like applying a new kind of authentication procedure. A lot of this stuff, on paper, looks lickity-split. We spend a lot time on the phone with journalists. We spend a lot of time giving documents out to credit unions, banks, financial institutions and community groups - two or three times a week. We'll get anything from a local cop to a worker at a senior center to a credit union, will call up and say, "hey, can we have some top ten tips to prevent phishing from happening to our customers or our constituents?" And we mail all that stuff out and make sure they have enough material to cover their constituents. Often we'll send package presentations to law enforcement that they can use on their own. And they call us up and we'll go over the stuff as best we can so that they can give a presentation and educate the public - sort of on our behalf.

And just how aware is the average Internet user of the threat posed by phishing?

As the organization grows, will it become more involved in recommending specific means for combating fraud online?

PC No. We really need to be agnostic. As soon as we start picking winners we stop researching reality, we stop interrogating what reality is and what needs to go there. But what we will always do is try to pull in the largest body of thinkers and vendors and push them out into the world because I think that it is going to be a multiplicity of solutions at a number of different frontiers that is going to put it down. Not one single bullet.

What is the long-term solution? What will it take for Internet users to be safe from phishing?

PC It will take the return on investment to plunge below the level at which organized crime will want to be involved with phishing. So that means not one bullet is going to take care of it. It means life is going to be hard and expensive for them at the network level. Life is going to hard and expensive from them at the client level. Life is going to be hard and expensive for them at the transaction level. So I think the moment it becomes too expensive for them to do this is the moment it all goes away, because they are rational businessmen like anyone else.

What can law enforcement agencies contribute to the APWG and vice versa?

PC An understanding of how to deal with law enforcement, how to inform law enforcement, how to get information to them in the right formats and the right order. That's really important. It's very easy to get lost because law enforcement is big. And I think phishing has helped financial institutions and other victims sort of organize their thinking and organize the protocols on how to deal with these kinds of things. Because even if phishing is put away, electronic crime is not going to disappear.

What kind of relationship do you currently have with law enforcement?

PC Great. The latest plenary session of the APWG was at the United States Secret Service headquarters Washington, DC. We have a very large police presence at the APWG.

What are the organization's goals long-term? How will you measure failure or success?

PC The moment we are put out of business. For us, the faster we put ourselves out of business, the more successful we are.

No comments:

Post a Comment

ShareThis