Sorry to be annoying, I just signed up here. Lots of invaluable info!

I work for a company, about 200 employees.

After we got phished for the first time a few months ago, a few minutes later we got a call from Cyveillance. They were quite stalkerish in their sales tactics, and I got annoyed quick. They wanted $30k a year for their services.
I called MarkMonitor and inquired about their pricing. They wanted about the same, but eventually came down with some "new pricing" and it was 15k.
I kept saying no because 75% of the sites were hosted by yahoo and were easy enough to take down. But now we are getting them from Korea and India and are getting harder to take down, if I can get them down at all.
It's time consuming...We know the best defense is to educate our customers and we've done a darn good job of it but people are still annoyed at getting "emails from us"...Which neither company can help with anyway, but at least the links wouldn't work.

Is it wise to sign on the dotted line or just let these sites sit up there if I cant get them down? I just keep thinking it seems like an awful lot of money but I'm also wasting a lot of my workday on this crap!

Reading both your messages, is the situation that your financial site is showing up *in* phishing scams?? Or has your site been compromised and being used to run them???

Our site has been spoofed...
Copying of our site, uploaded elsewhere, internet banking pointing to the thiefs servers...
Lots of surveys, using our logo, sending emails out to thousands...

I just dont know how much more I can handle trying to take these down, as if I dont have enough to do as a network admin!
I just wonder if people commonly go with these expensive places that constantly monitor/takedown.
They both did some takedowns for us to show us how great they are, but yet a couple times they were out of the country and still took over 24 hours.
Ugh, I hate phishers!

You can go with a monitoring service .. and the response times *will* vary from very fast to many days. Any promise of a 24-hr takedown is an impossible goal. While some sites can be taken down in less than an hour, others can take considerably longer.

Did the 'Cyveillance' company just call you?? Unsolicited?? The tactics you describe wave a 'red flag.' Check the Google search page:

http://www.google.com/search?hl=en&q=%22Cyveillance%22

You mentioned the sites now being hosted in IN and KR .. these *will* take longer.

PM me ..

Phish Tank data is free of charge, by manually using their search tool, or by using their API programmatically.
http://www.phishtank.com/target_search.php
http://www.phishtank.com/faq.php#doesphishtankcostany
http://www.phishtank.com/api.php
Phish Tanks data is provided to the following organizations

via /pirt

The Antiphishing Working Group shares data with members (I assume that's that's the point of membership, anyway).
Basic member ship is $500.
Corporate Membership is about $5,000.
see http://www.antiphishing.org/

see also
https://www.digitalphishnet.org/default.aspx

Internal, internal.

* Bring it in side.
* External companies can/are great source of intell.
* Reporting can be a nightmare with external companies.

One thing that I've always found is that external companies very rarely understand your business, thus cant correctly apply a level of risk or consequence to your situation.

If you would like to have a more detail and open discussion please contact me via PM.

me = guest = bfn_402
I registered like 3 times with my yahoo address and never got a confirmation...not even in spam?
ETA - now I finally got one...weird, anyway, Ill stay fisher204!

Anyway, yes, I have been suspicious of Cyveillance since day 1! I swear they amp up everytime I reject a proposal...
Like they have a buddy on the side that does this for em, so Cyv gets business.
Scary!
Will PM you saintau.

In the interest of open discussion, please feel free to post any non-sensitive information learned in your PM session.
It may be there are some valuable tips my research did not turn up, and I think we can all benefit from public discussion of these general issues.

No problem.
I am glad I found this site, and am not the only one dealing with this crap!
I'm just nervous for the next step of attacks...like emails from "us" with trojans...just terrible for our brand, but we cant stop it.

Reason for PM was the fact that I dont really trust public forums professionally paranoided.

Given that, a general discusion is fine.

The main point of my discussion with fisher204 was that reporting for external companies can be hard. How can they prove that the site was taken down by them? Rather then the some othe group/internally detected by the hoster?

While some of these services can be useful the other gotcha is some count sites by IP's.

Thus if you got hit with fastflux hosted site you would get billed for lots of $$. and the longer it was up the more they would make. catch 22? should'nt it be longer its up the less they get payed?

Its really about how good your legal team is to get that contract undercontrol.

fisher204

This topic is a good one, our company uses an external source for monitoring and takedown of Phishing sites (I won’t say which one but they were mentioned in previous posts). Is it worth it? Yes and No, the problem our company has is that our “Footprint” on the net isn’t as big as say Ebay or other large companies. So what we find that happens most is that we or our customers discover the Phishing attack first, the emails then get sent to the monitoring company and tickets put in for takedown. They are pretty good at getting sites shut down quickly that are hosted in the US. Like you said, that’s easy it’s the overseas ones that are a bit trickier.

The last round of Phishing attacks we had were coming from a University server in Korea. This is where our dissatisfaction of the service came into play, they only went as far as the ISP when contacting someone about the incident. After sitting around for hours waiting on something to happen we decided to take matters into our own hands and contact the Admin of the University site. Not an easy task when you don’t speak Korean but with a little “out of the box” thinking we found a solution….call the English department of the University and ask one of the professors to be a translator between us and the site Admin. Within an hour of initial contact he had the site shut down.

One would think if your paying a company that much money for a service they would take every step possible to get the site shut down…including going past the ISP and directly to the source if need be. That’s our biggest complaint with the monitoring service, they don’t seem to be proactive enough when it comes to these matters. Who knows…maybe they are but we don’t see it from our side. One thing I learned is that you need to pester the heck out of them and make sure they know you are on top of what’s going on.

Thank you for sharing your view as an institution which has been spoofed by phishers.