A multi-layered approach is necessary to prevent exploits and spam outbreaks in your network. Unfortunately there are some problems you'll never have complete control over. As detailed as your company's processes may be, and despite the security rules and regulations outlined to users, phishing will still occur occasionally. In these situations the swiftness of the takedown becomes most important. Your response time is likely excellent if you already have an abuse team scanning reports around the clock. However, besides disabling scams as quickly as possible, it is also important how you disable them.
You might consider redirecting phishing pages to an educational resource about online scams. Our data center has been doing this for some time with good results.
DimeNOC.com/antiphish is the page we define in the compromised directory's .htaccess file. This way instead of simply disabling a directory containing a phish or showing a suspended note, we aim to help the Internet community along the way. It is nearly impossible to keep on top of every server in a data center, so being quick with the takedown is first priority while educating society takes the stage as well.
You also must remember that when you are proactive and responsive, you are also giving your company a competitive advantage. Many hosting companies are more concerned with the amount of sales they are getting in one day than giving careful attention to network activity. This is something that must change. Abuse hurts your servers, your reputation, and innocent people -- especially when it comes to phishing. Hosts and data centers have an important role in consumer awareness and that cannot be overlooked. Make sure that your customers know that you care about these problems.
[Antiphish Redirection Page]
More About Kayla
Surpass Hosting
Please allow me to add a few more points.
Responding quickly to phishing complaints saves hosting companies money. When you respond to the first complaint, then the incident is over. If you wait or fail to respond, your abuse system will receive hundreds of complaints that you'll have to waste time dealing with. Time is money.
Killing phishing sites quickly will reduce the number of phishing sites you get in the future. The phishers share experiences among themselves.
When they find a weak host they focus their attacks there. Conversely, they stay away from hosts that react strongly. Time is money, and when the phishing site goes down fast the phishers don't make much money.
And one operational pointer. When you remove a phishing site, make sure you close the hole they snuck in through. We see 1 out of 20 sites come back to life within a week in the exact same location. Usually the hole is your customer using weak passwords or poorly secured software packages. Whatever it is, you need to fix it or the phishers will come right back through that same hole.
Thanks again for speaking out on this topic!
Thank you very much for your comments. Your name seems very familiar; I feel like I've talked to you before. And your points are right on the dot. I am putting together a more inclusive phishing article and will give attention to all aspects that I can possibly think of. It certainly helps when we all come together to create the big picture.