Report Phishing

Report Phishing

-- Home
-- Report Phishing
-- APWG Events
-- Resources
-- Membership
-- APWG Member Site
-- APWG eCrime Newswire
-- Crimeware Map
-- Phishing Archive
-- Contact Us
APWG Global
Research Partners

 click here for a full listing


APWG eCrime Newswire
Powered by Exfacto!


More on APWG's Phishing and
eCrime Newswire Page
owl 2007 APWG General Members Meeting
Pittsburgh, PA
October 2 - 3, 2007
Program Sponsor
CERT Network Situational Awareness Group
Program Partner
Meeting Logistics

The APWG is pleased to present the 2007 Fall General Meeting. Please join us at this opportunity to bring yourself up-to-date on phishing's evolution across the globe. Count on two full days of presentations, panel discussions and in-depth round-tables.

At this two-day members-only meeting, the APWG will examine crimeware's evolution, the roles of Registrars, Registries and DNS in managing phishing attacks, public health approaches to managing the Botnet scourge, behavioral vulnerabilities and human factors that contribute to phishing's success as well as breaking news on Counter-eCrime tools and resources.

Participants in the eCrime Researchers Summit and the General Members Meeting are invited to the APWG eCrime reception at Carnegie Mellon University on the evening of Wednesday, October 3. Join us for a dinner buffet, drinks, and an eCrime cabaret performance.

APWG Members and Non-Members Please Note: The sessions at the Fall General Meeting are open to APWG Members Only. APWG organizers will vet all registrants that sign up for the conference. Interlopers will not be accomodated. If you haven't already, check membership rules and benefits at: Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, security solutions providers and research institutions. Members at the individual level and above are eligible to attend conferences.

REGISTRATION NOTICE : Registration for this General Members meeting is for the ONE event on October 2 and 3 and does NOT entitle the registree to attend the eCrime Researchers Summit on October 4 and 5. To also attend that event will require a separate registration, see this page for details.

Working Agenda
  Tuesday, October 02
7:30 AM

Breakfast & Registration


8:30 AM

Opening Remarks and Conference Overview

Dave Jevans

Peter Cassidy

  Global Statistical Overview of Phishing and Crimeware

Bassam Khan

  International Field Reports

Steve Martin
Australian High Tech Crime Centre
Economic & Special Operations
Australian Federal Police

Futoshi Nakada
Chair, Council of Anti-Phishing Japan
Marketing Director, SecureBrain Corporation
Cristine Hoepers

Dave Woutersen
Security Specialist

  Morning Break and Kaffee Klatsch
  Potent & Emergent Technical Vulnerabilities Report
Siege at the Desktop; Insurgency in Web Space
  Web Applications Vulnerabilities Survey and Review
Robert Hansen, CISSP
SecTheory LLC
  Web Applications Vulnerabilities Survey and Review
Weakest Link on the Desktop: Still the User

Jason Milletary
Internet Security Analyst

Nick Ianelli
Internet Security Analyst

Jeff Gennari
Internet Security Analyst

  Technical, Tactical and Operations Report

  eCrime Network For Hire Yinon Glasner
RSA Security, Inc.
  Of BIND and Cache: Potent Technical Vulnerabilities Within BIND 9 Transaction IDs

Amit Klein
Trusteer, Inc.

  The ROCK Targets Domain Name Management Systems:
Implications for eCommerce Security


Rod Rasmussen
Internet Identity, Inc.
  Phriendly Phishing Landing Page Strategies
Leveraging the Phishimg Victim Experience for Consumer Education
Todd Inskeep, CISSP
Bank of America
  Building the Global Crimeware Radar Array

Jacomo Piccolini
Brazilian Academic Research Network CSIRT


Afternoon Break and Kaffee Klatsch


APWG Operational Resources Session

  The APWG Contacts Counter-Phishing Signaling and Communication System and Related Federation Issues
Foy Shiver
Deputy Secretary-General
  The eCrime IODEF Extensions for eCrime Event Reporting and Its Implications for Automating eCrime Response Routines
Pat Cain
Cooper Cain, Inc.
APWG Resident Research Fellow
  APWG eCrime Event Repository 2.0
Dave Jevans

Working with Law Enforcement Session

  Enterprise Forensics and the Private Sector/Law Enforcement Interface

Joel Yusim
IT Project Manager


The Cyberpol Proposal
An eScotland Yard for Cybercrime?

Cst. Kathy Macdonald, CPP
Crime Prevention Unit
Calgary Police Service


Industry Collaborations at the Speed of eCrime:
A Colloquy and Call to Action by the National Cyber-Forensics & Training Alliance


Ron Plesco

SSA Tom Grasso


A Special NCFTA Presentation

Stalking the ROCK:
The NCFTA Shares Its Insights Into the Enigmatic ROCK Phishing Group

SSA Mike Eubanks

David Bonasso
Program Director, NCFTA

6:00 PM Closing Day One and Announcements
7:30 PM APWG Steering Committee Meeting

Dave Jevans
APWG Chairman



  Wednesday, October 03

07:30 AM



08:30 AM Behavioral Vulnerabilities Session Presentations and Panel


  Research Review:
Supporting Trust Decisions Research at Carnegie Mellon

Lorrie Cranor
Carnegie Mellon University
  You've Been Warned:
An Empirical Study of the Effectiveness of Web Browser Phishing Warnings
Serge Egelman
  Anti-Phishing Phil:
The Design and Evaluation of a Game That Teaches People Not to Fall for Phish

Steve Sheng
  Morning Break and Kaffee Klatsch

Domain Name System Policy Working Group
Presentations and Panel

This session will give an update on the activities of the Domain Name System Policy Working Group (DNSPWG).  The four teams on the DNSPWG will give reports on their respective areas.  These updates will include the status of the changes proposed to WHOIS by ICANN, progress in working with registries to suspend domain names used for phishing, best practices being prescribed for registrars and registries, statistics on the use of domain tasting in the phishing industry, an overview of DNSPWG's participation in the June 2007 ICANN meeting, and plans for the October ICANN meeting.  In addition, there will be an update on the various documents recently published by this sub-committee.

Laura Mather, Ph.D.
MarkMonitor & DNSPWG Co-chair

Rod Rasmussen
InternetIdentity & APWG DNSPWG Co-chair

Mario Maawad

Pat Cain
Cooper Cain, Inc.
APWG Resident Research Fellow

Greg Aaron

John L. Crain
Chief Technical Officer

Dave Piscitello
SSAC Fellow

David Maher
Senior Vice President
Law & Policy
Public Interest Registry

Mike Rodenbaugh
Generic Names Supporting Organization


APWG Roundtable
Botnets, Network Forensics and the Diplomatic Aspects of the Private Sector/Law Enforcement Interface in eCrime Suppression



Following Botnet Controllers Home:
Infiltrating and Monitoring eCrime Communications

Lawrence Baldwin
My | NetWatchman
  The Black Art of Mapping Criminal Actors to Correlative eCrime Events
Andre DiMino
  Fraud 2.0 – How Botnet proxies defeat current credit-card and banking fraud protection
Alisdair Faulkner
Director of Development

Geopolitical and Diplomatic Aspects of eCrime Networks

Sidney Faber
  Panel Discussion:
Ethical, Legal and Techo-diplomatic Challenges to Botnet Mapping and Remediation

Randy Vaughn
Baylor University

Gary Warner
University of Alabama at Birmingham

Andre DiMino

Mike Collins

Don Blumenthal
Infragard - Michigan Chapter

  Afternoon Break and Kaffee Klatsch
  APWG Roundtable
Plotting Priorities: 2008 and Beyond

APWG members, research partners and thought leaders consider the challenges facing the counter-ecrime community in a number of discrete technical, industrial and political dimensions including Desktop Protection/Hygiene, Security Usability/Consumer Education, Network Protection/Hygiene, DNS Protection/Hygiene, Law Enforcement and Response Strategies. Panelists posit priorities in engaging each of these aspects of the ecrime crisis at hand and consider their costs and consequences with the APWG plenary .

Dave Jevans
Chairman, APWG

Dan Schutzer
Executive Chairman
Financial Services Technology Consortium
Financial Institutions & Transaction Space Strategies and Priorities

Dr Randy Vaughn
Graduate Faculty
Baylor University
Networtk Protection: Hygiene Strategies and Priorities

Craig Spiezle
Desktop Protection:
Hygiene Strategies and Priorities

John L. Crain
Chief Technical Officer

Dr. Lorrie Cranor
Carnegie Mellon University
Security Usability and User Behavior Strategies and Priorities

Gary Warner
University of Alabama at Birmingham
Private Sector Response Strategies and Priorities

SSA Tom Grasso

  Closing Remarks
Dave Jevans

5:00 PM

APWG Field Trip to the NCFTA Labs

APWG Program National Cyber Forensics and Training Alliance has arranged for APWG conferees to tour their Pittsburg laboratories

Registered APWG conference attendees will receive information on sign-up for this trip at the meeting.
5:15 PM

Birds of a Feather Sessions at the NCFTA


Crimeware and Crimeware-Spreading URL Reporting and Data Sharing

Botnet Data Reporting and Data Sharing

7:30 PM

APWG eCrime Fighters Night Out

APWG Conference Week Partner CMU CyLab hosts the evening's dinner, drinks and revelries for all attendees of the General Members Meeting and the eCrime Researchers Summit.



Location, Transport and Accommodation Logistics
Holiday Inn Select
100 Lytton Avenue
Pittsburgh, PA 15213
Tel: +1.412.682.6200
Fax: +1.412.681.4749
Hotel Map

This year's General Meeting and all event meetings are being held at the Holiday Inn Select University Center Pittsburgh. Nestled in the center of Pittsburgh's academic, medical and cultural community, the hotel is adjacent to the University of Pittsburgh and walking distance from Carnegie Mellon.

Local Attractions
* Heinz Field & PNC Park
* Andy Warhol Museum
* Phipps Conservatory
* Kennywood Amusement Park
* Sandcastle Water Park
* Mellon Arena
* The Waterfront Shops & Restaraunts
* Station Square Freight House Shops
* Mt. Washington & Duquense Incline
* Shadyside Shopping District
* Soldier's & Sailors Hall
* Southside Nightlife District


Hotel Room Reservations
For reservastions please use 3-letter code "APW" and contact the hotel at 1.800.864.8287 or visit their website. The negotiated APWG discount rate is availalbe for the nights of September 30 through October 6, based on availability. To qualify for the APWG rate registrations must be received before September 14 at 5:00 PM EST. Please mention "APW" when registering for this special rate. After September 14, please contact the hotel directly to determine availability and rate.

Standard Rooms $112 single/double *
(Rate subject to local taxes)

Check In Info / Cancellation Policy
Check-In time is 3:00 p.m. or later. Anyone arriving prior to 3:00pm will be accommodated as soon as possible, but should be advised that there may be a wait. Check-out time is 12 noon. Arrangements can be made for baggage storage with our front desk staff. An advance deposit will be taken at time of booking. Deposit is refundable only if reservation is cancelled 72 hours prior to arrival date. No-shows and reservations cancelled less than 72 hours in advance will be charged in full plus taxes.

* This room rate is not commissionable to travel agents.

Call for Presentations  
For this meeting, the APWG is still developing, reviewing and receiving, proposals for research presentations from the membership and from visiting scholars. Financial institutions, technology, vendors, ISPs, law enforcement representatives and inter-disciplinary study groups working within the APWG research committees are all invited to send their proposals to Secretary-General Peter Cassidy at
Vendor Sponsorship Opportunities  

APWG is offering an opportunity to build relationships while marketing your company to a targeted audience of communications service, technology companies, security companies, regulatory and law enforcement officials and financial institutions during its Fall 2007 General Meeting in October.

Sponsorships are a personal, non-intrusive way of conveying your message. Additionally, your participation can help support activities vital to the overall success of the APWG and its research partners, which ultimately contributes to the success of the entire counter-phishing stakeholders' community.

The following benefits are available to Meeting Sponsors, once your sponsorship is confirmed:

Recognition in on-site signage displayed during the meal or break
Distribution of one giveaway such as a literature pack

There are a number of meal or break sponsorship opportunities available for APWG members who want to use the meetings as an opportunity to communicate their brand and message to members of the APWG and presenters, each either a critical decision maker or a thought leader in his or her own right.

For more information on sponsoring oportunities please contact APWG Deputy Secretary-General Foy Shiver at

About the Anti-Phishing Working Group  

The Anti-Phishing Working Group (APWG) is focused on giving industry stakeholders a confidential forum to discuss phishing issues, define the scope of the phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem. Where appropriate, the APWG will also look to share this information with law enforcement. Membership is open to qualified financial institutions, e-commerce companies, the law enforcement community, and industry. Because phishing attacks and email fraud are sensitive subjects for many organizations that do business online, the APWG has a policy of maintaining the confidentiality of member organizations.

The Web site of the Anti-Phishing Working Group is It serves as a public and industry resource for information about the problem of phishing and email fraud, including identification and promotion of pragmatic technical solutions that can provide immediate protection and benefits against phishing attacks.

The APWG was founded by Tumbleweed Communications and a number of member banks, financial services institutions, and e-commerce providers. It held its first meeting in November 2003 in San Francisco. The APWG, an organization of more than 2500 members and more than 1600 member companies, police and government agencies worldwide was officially established as an independent organization in June 2004, controlled by its executives and board of directors and an advisory steering committee.