New FTC Spam & Phishing Report

On December 28 the U.S. Federal Trade Commission (FTC) made a new report available to the public, “Spam Summit: The Next Generation of Threats and Solutions.”
The report describes the findings from a July 2007 workshop the FTC hosted, and proposes follow-up action steps to mitigate the damages caused by malicious spam and phishing.

The report also provides:
* Recommended action steps to fight spam and phishing
* An overview of the FTC’s role in fighting spam and phishing
* Results from the FTC’s 2007 Harvesting and Filtering Study
The report provides an interesting short history of spam and the subsequent next generations of annoying as well as malicious and privacy-invading messages.
The report also provides an interesting discussion of how, in October 2007, the FTC brought the first case using tools under the U.S. Safe Web Act (SAFE WEB), to stop spammers operating domestically and from outside the U.S., in Canada and Australia.
The report provides some good information and examples that could be used within spam and phishing awareness communications and training sessions.
Here’s an excerpt that provides the FTC’s recommendations for fighting spam and phishing:

“V. Next Steps
Based on the information provided by Spam Summit panelists, public comments submitted in response to the Spam Summit press release, and the Commission’s own research and law enforcement experience, FTC staff proposes the following next steps to combat malicious spam and phishing.
A. Stakeholders Should Heighten Collaboration Among Criminal Law Enforcement, Industry, and Other Stakeholders
The Summit record confirms that criminal authorities are best suited to tackle the problems of malicious spam and phishing. By collaborating with industry and working globally, the efforts of criminal law enforcement can only be heightened. Toward this end, stakeholders should maximize the effectiveness of partnerships among criminal law enforcement, industry, and other stakeholders in the fight against malicious spam, both domestically and abroad. In addition, the FTC will continue to bring civil law enforcement actions as appropriate.
B. Stakeholders Should Intensify Efforts to Deploy Technological Tools
Authentication technologies are critical building blocks for other spam-fighting tools. Stakeholders have made significant strides in the deployment of these technologies. Staff will encourage continued industry-driven efforts to deploy authentication, and, in turn, work with stakeholders to: (1) encourage entities and associations to authenticate outbound email;97 (2) educate senders about how to properly configure and authenticate their email; (3) urge ISPs to further implement negative scoring for non-authenticated email; and (4) urge ISPs that have the ability to detect bot activity to stop bots immediately to prevent unauthorized access to consumers’ computers by spammers and phishers.
C.Stakeholders Should Continue to Develop and Disseminate Effective Educational Materials for Consumers and Businesses
Consumer and business education can have a significant impact in the fight against spam and phishing.98 Because spam is an ever-evolving problem, stakeholders should revitalize efforts to educate consumers about how to protect their computers from online threats and improve methods for disseminating educational materials to consumers and businesses.99 In addition, the Summit identified consumer-interfacing tools such as spam reporting buttons as valuable tools for ISPs and reputation service providers.100 Accordingly, staff will encourage industry to continue to develop and fine-tune such tools.”

Tags: , , , , , , , , , ,

Leave a Reply