Dear all, We would like to invite you to a briefing attended by Dave Piscitello from the Security and Stability Advisory Committee (SSAC) on Registrar Impersonation in Phishing Attacks. The briefing will be on August 26th at 1300 UTC. The meeting will be recorded and there will be simultaneous interpretation in French and Spanish. Please find the SSAC Advisory on Registrar Impersonation and participation instructions on the meeting page. There is also a link to follow this presentation using Adobe Connect. https://st.icann.org/alac/index.cgi?registrar_impersonation_in_phishing_atta cks What is Registrar Impersonation in Phishing Attacks? The attacker impersonates a domain name registrar and sends an expected or anticipated correspondence to a registrar¹s customer (a registrant) regarding a domain name related matter. Examples of expected correspondence include a notice of pending expiration of a domain name registration, a promotional email, a notice informing the registrant of an account management issue, or generally, any correspondence that requires or encourages a customer¹s immediate attention. The correspondence, however, is bogus. The phisher creates a web site that is deceptively similar to the registrar¹s site to induce the customer into accessing his domain management account and unwittingly disclose his account credentials to the phisher. The phisher will use the customer¹s captured credentials to access the customer¹s domain name portfolio, alter DNS information of domain name(s) in that account and use the domains to abet additional attacks. Regards, Nick Ashton-Hart, Matthias Langenegger, Frederic Teboul ICANN At-Large Staff email: staff@atlarge.icann.org