Brand Protection from Phishing at Scale with AUSCERT’s Takedown Service A major public-facing institution experiences a surge in phishing attempts during key financial times of the year. Its digital identity is frequently exploited by threat actors who impersonate it to extract sensitive information from individuals. Challenge High Volume of Phishing Attempts: A surge in phishing websites exploiting the institution’s renowned name at specific times. Sophisticated Lures: Many campaigns used official-looking domains and cloned websites to deceive users. Urgency to Protect the Brand and the Public: Public trust and safety depended on removing malicious content quickly. Limited Internal Takedown Resources: The institution had good detection capabilities, but takedown requests would have been too time-consuming for them. Solution 1. Direct Reporting Channel The institution securely submitted suspected phishing URLs, screenshots, and email headers to AUSCERT using an encrypted, member-only channel. During peak financial milestones, submissions rose to hundreds per week. 2. Triage & Verification AUSCERT analysts manually verified each submission for validation. Automation was supplemented with human analysis to confirm malicious behaviour and avoid false positives. 3. Takedown Execution AUSCERT initiated takedowns by contacting: Hosting providers and registrars. Domain authorities. Third-party abuse contacts across global networks. Where possible, they also used CERT partnerships and API integrations for rapid removal. 4. Threat Intelligence Sharing All verified malicious domains and infrastructure were added to AUSCERT’s Malicious URL Feed, protecting other members in real time. They were also added to Google Safe Browsing and Netcraft. 5. Follow-Up & Feedback The institution received status updates on takedown progress and closure, including success confirmations and timelines, allowing for clear internal reporting. Outcome Dozens of phishing sites removed weekly, in particular during key financial milestones. Fast turnaround on phishing domain deactivation, reducing public harm and reputational risk, and enhancing brand protection. Community-wide defence by integrating takedown IOCs into AUSCERT’s threat feeds. Scalable support that delivers on brand protection. Reliance on AUSCERT’s strong network of international partnerships. Possibility to have comprehensive overview of takedown statistics.