How to Redirect a Phishing Site Web Page to the APWG.ORG Phishing Education Page

 

Important note to program participants: To verify any communication about the APWG/CMU Phishing Education Landing Page Program, please open a new browser &ndash do not click on any links in email or instant message - to go to the homepage of the APWG and click on the link for the redirect education initiative.  This way you can be sure that the redirect you are creating is going to a legitimate APWG web page.

The APWG and Carnegie Mellon Cylab Usable Privacy and Security Laboratory (CUPS) are working to educate consumers on the perils of phishing and how to avoid them. As part of this initiative, we are requesting that instead of disabling phish sites, ISP, registrars, and other infrastructure entities put an HTTP redirect in place of the phishing page at the phishing URL. The redirect would send a user who has been tricked into visiting a phish site to go to the Phishing Education Landing Page at the “most teachable moment”.

In addition, by including a parameter that is the URL of the website that was taken down, you will also help the APWG and CMU’s Cylab Usable Privacy and Security Laboratory to track the success rates of the various phishing education campaigns. This is invaluable information and we appreciate your cooperation in including this parameter in the redirect URL. Your efforts can help educate consumers and enterprise computing users so that they can better protect themselves from electronic crime.

This page has information on how to implement a redirect to the education page.

Implementing a redirect in Apache

There are several ways to implement a redirect in Apache, but the following method is one of the simplest.

  1. Create a .htaccess file in the directory where the phishing site was stored. Note the leading dot on the .htaccess filename.
     
  2. The .htaccess file should contain the following text:
     
    Redirect 301 /the-phishing-page.html
    http://education.apwg.org/r/?www.phishsite.com/the-phishing-page.html
    (In the above text, “the-phishing-page.html” should be replaced with the filename of the phishing webpage that was taken down and “www.phishsite.com/the-phishing-page.html” should be replaced by the full URL of the phish site that was taken down. Note that there are two things that need to be replaced by the full URL of the phish site. For example, “the-phishing-page.html” could be “signin.html” and "www.phishsite.com/the-phishing-page.html" could be “yourcompany.com/update/signin.html”)
     
  3. The .htaccess file should be owned by an unprivileged "utility" user and group, and set to be world readable and writable by no one.
     
    More information about .htaccess files can be found here: http://httpd.apache.org/docs/2.2/howto/htaccess.html

Implementing a redirect in IIS

To redirect to the APWG/CMU education URL in IIS, change the HttpRedirect property for the resource to:

http://education.apwg.org/r/?the-phishing-page.html, PERMANENT

Note that “the-phishing-page.html” should be replaced with the filename of the phishing webpage that was taken down. For example, “the-phishing-page.html” could be “signin.html.”

More information on IIS redirects can be found here:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/
b652c863-6334-40be-8a97-db4b368f3ecc.mspx?mfr=true