APWG CMU Phishing Education Landing Page

The Phishing Education Landing Page replaces phishing pages with a redirect that sends users to educational instruction when they click on phishing URLs – instead of a confusing 404 message. APWG established this utility in 2008 for ISPs to educate consumers about avoiding phishing at the “most teachable moment”: when they have just clicked on a link in a phishing communication

APWG and the Carnegie Mellon CyLab Usable Privacy and Security Laboratory (CUPS) joined forces to educate consumers about phishing and established this redirect utility for ISPs to instruct the most vulnerable consumers — at no new cost. Online safety instruction, delivered by a tyrannical though empathetic owl, is presented in one of 21 languages, geared to the language settings of users’ browsers. See: http://phish-education.apwg.org/r/

 translated landing pages
The phishing education landing page answers in 21 languages. Scripts interrogate users’ browser settings and serve up the right version. 

Here’s how it works:

  • The APWG-IPC and CMU’s CUPS created a webpage to educate users about phishing.  The page (click here) explains that they have just fallen for a phishing communication (email or otherwise) and advises consumers and enterprise users ways they can help themselves to avoid being victimized in the future.
  • As part of the process for shutting down a phishing website, we are asking ISPs, registrars, and anyone else who has control of the phishing page to redirect visitors to phishing websites to the Phishing Education Landing Page at http://education.apwg.org/r

The APWG-IPC created a separate webpage that will help the manager of the company whose servers have been co-opted for use in phishing attacks learn how to initialize redirects to the APWG/CMU education page (click here)

The APWG and CMU’s CUPS encourage all brand owners to approve this process, all takedown providers to request the use of this redirect scheme, and all ISPs, registrars, registries, etc. to redirect to this page instead of serving an error page.

If you would like to learn more about this initiative, please contact us at: info@apwg.org