当前位置:Home>About Us>Processing

  • 举报邮箱:jubao@apac.cn
  • 举报电话:010-58813000
  • 举报平台:jubao.apac.cn
 
Recognition and Handling Procedures of Phishing Sites
发表日期: 2010-11-30
打印 文本大小:

 Ⅰ. Recognition and Handling Procedures of Phishing Site

1. A website shall be recognized as “phishing site” if one of the following conditions exists:

1) The website information is identical or similar with counterfeited website with a view to seize users’ information;

E.g. Illegal academic degree inquiry websites published by Ministry of Education of the People’s Republic of China: “chsi.com.cn” vs. “chinadxsxlrz.com”

2) There exists possibility for website information to mislead visitors and the used domain name is identical or similar with that of counterfeited object with a view to seize users’ information;

E.g. Commercial Bank of China: “icbc.com.cn” vs. “1cbc.com.cn”

Bank of China: “bank-of-china.com” vs. “bank-off-china.com”
3) There exists possibility for website information to mislead visitors and the used domain name is highly approximate to trade name, signs and other information of counterfeited object with a view to seize users’ information;

E.g. UnionPay: “chinaunionpay.com” vs. “cnbank-yl.com”
4) The lottery drawing and winning activities of counterfeited object concerning website information are false with a view to seize users’ information;

 E.g. QQ lottery drawing and Q coins winning websites counterfeiting Tecent.
 5) Other types of phishing sites.
2. A website shall not be recognized by Alliance as “phishing site” if one of the following conditions exists:

1) Malicious website where there exists no possibility for website information to mislead visitors but site phishers seize users’ information by technical means such as Trojan or virus programs;

2) Counterfeited website where there exists possibility for website information to mislead visitors but it does not aim to seize users’ information;

3) Website where there exists possibility for website information to mislead visitors but it jumps to a site recognized as “phishing site”. 

3. The scope of phishing sites handled by Alliance is as follows:

1) Only handle reporting concerning phishing sites of Alliance members, which are reported by members or the public to counterfeit Alliance members.

2) Handle phishing sites under CN domain names, suspend domain name resolution and resolve domain names to introduction pages of phishing sites, which include introduction to domain name suspension resolution, directions to phishing sites and user remainder, etc.

3) Handle phishing sites under COM domain names and other types of domain names, push and submit them to international organizations and browser suppliers and try to obtain treatment by negotiation of international organizations. Meanwhile, when net citizens visit phishing sites using browsers, they will offer them warning and reminding. 

. Handling Procedures of Phishing Sites

1. Handling Procedures of Phishing Sites under CN Domain Names

1) Upon receipt of complaints towards phishing sites concerning Alliance members, Secretariat shall summit them to Third-party Technical Recognition Mechanism for webpage reservation and technical analysis. Secretariat shall make judgment within one working day and for phishing sites which are complex, questionable and difficult to judge, it shall judge after consulting Expert Steering Committee for advice.

2) If a website is recognized as a phishing site, an email shall be sent to notify domain name registrar who shall stop domain name resolution within 2 hours of receiving the notice and direct domain name resolution to introduction page to phishing site.

3) If a registrar fails to stop domain name resolution within 2 hours, CNNIC, domain name registry, will directly stop domain name resolution and direct it to introduction page to phishing site.

4) If a domain name registrar has any objection, it may appeal to Secretariat under Alliance.

5) Secretariat under Alliance shall notify relevant member units of handling results.
2. Handling Procedures of Phishing Sites under Non-CN Domain Names

 1) Upon receipt of complaints towards phishing sites concerning Alliance members, Secretariat shall summit them to Third-party Technical Recognition Mechanism for webpage reservation and technical analysis. Secretariat shall make judgment within one working day and for phishing sites which are complex, questionable and difficult to judge, it shall judge after consulting Expert Steering Committee for advice.

2) If a website is recognized as a phishing site, phishing site address shall be pushed and submitted to relevant international organizations and browser suppliers. If the phishing site is registered through a national registrar, an email shall be sent to notify the domain name registrar, who shall stop domain name resolution and direct it to introduction page of phishing site.

3) If a domain name registrar has any objection, it may appeal to Secretariat under Alliance.

4) Secretariat shall notify relevant member units of handling results.

. Reporting Content of Phishing Site and Contact Means

1.   Reporting Content of Phishing Site

1)  Phishing Site Reporting Form (See Attachment Ⅰ)

2)  Page section of phishing sites named by domain names

2.   Contact Means:

1)  Contact Person: Xi Jingjing

2)  Email: fdy@apac.cn

3)  Telephone: 86-10-58812696

相关附件
相关文档
Copyright 2010 Anti-phishing Alliance of China All Rights Reserved