Today, with thousands of phishing attacks every month, targeting hundreds of global financial brands, it is important for financial institutions to protect themselves and their customers first and foremost against phishing, while preparing in advance and putting additional measures in place to combat more sophisticated attacks as well. The single most effective way for an organization to reduce the impact of phishing and protect its brand, customers and assets is to shut down fraudulent websites. Although additional protection mechanisms certainly exist and should be leveraged, disabling a phishing site simply stops the attack. This ensures that the fewest consumers—who   are duped by a phishing email into clicking on a link to a fraudulent site—are actually defrauded after landing on the spoofed site.

This then begs the question: What is the best way to effectively shut down fraudulent websites? This paper establishes several best practices that financial institutions— or any organization faced with phishing—can take to effectively disable fraudulent websites and explores the importance of managing an effective command center when combating phishing.