[council] Invitation to SSAC Briefing on Registrar Impersonation

[Glen de Saint Géry <Glen@xxxxxxxxx>]

On behalf of the ALAC

Dear all,

We would like to invite you to a briefing attended by Dave Piscitello from the 
Security and Stability Advisory Committee (SSAC) on Registrar Impersonation in 
Phishing Attacks.
The briefing will be on August 26th at 1300 UTC. The meeting will be recorded 
and there will be simultaneous interpretation in French and Spanish.
Please find the SSAC Advisory on Registrar Impersonation and participation 
instructions on the meeting page. There is also a link to follow this 
presentation using Adobe Connect.

https://st.icann.org/alac/index.cgi?registrar_impersonation_in_phishing_attacks

What is Registrar Impersonation in Phishing Attacks?
The attacker impersonates a domain name registrar and sends an expected or 
anticipated correspondence to a registrar's customer (a registrant) regarding a 
domain name related matter. Examples of expected correspondence include a 
notice of pending expiration of a domain name registration, a promotional 
email, a notice informing the registrant of an account management issue, or 
generally, any correspondence that requires or encourages a customer's 
immediate attention. The correspondence, however, is bogus. The phisher creates 
a web site that is deceptively similar to the registrar's site to induce the 
customer into accessing his domain management account and unwittingly disclose 
his account credentials to the phisher. The phisher will use the customer's 
captured credentials to access the customer's domain name portfolio, alter DNS 
information of domain name(s) in that account and use the domains to abet 
additional attacks.

Regards,
Matthias Langenegger
At-Large Coordination Officer
Internet Corporation for Assigned Names and Numbers (ICANN)

Glen de Saint Géry
GNSO Secretariat
gnso.secretariat@xxxxxxxxxxxxxx
http://gnso.icann.org