Greg Aaron’s selected papers and speaking engagements:
Studies:
- Greg is the editor of the APWG’s quarterly Phishing Trends Reports, 2011 to present, and co-author of APWG’s Global Phishing Surveys 2008 – 2015.
- Phishing Landscape 2024: An Annual Study of the Scope and Distribution of Phishing. July 2024.
- Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing. August 2023.
- Phishing Landscape 2022: An Annual Study of the Scope and Distribution of Phishing. July 2022.
- Malware Landscape 2021: A Study of the Scope and Distribution of Malware. November 2021.
- Phishing Landscape 2021: An Annual Study of the Scope and Distribution of Phishing. September 2021.
- WHOIS Contact Data Availability and Registrant Classification Study. January 2021.
- Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing. October 2020.
- Domain Name Registration Data at the Crossroads: The State of Data Protection, Compliance, and Contactability at ICANN. March 31, 2020.
- Potential for Phishing in Sensitive-String Top-Level Domains: A Study for the ICANN Board of Directors. May 2015.
Presentations, panels, and press include:
- October 9, 2024: Greg Aaron quoted in The New York Times article “Some of the Web’s Sketchiest Sites Share an Address in Iceland.” “At a time when cybercrime and concerns about misinformation are increasing,” the [domain name] industry has become “very opaque,” said Greg Aaron, president of Illumintel, a consulting firm that provides internet policy and security services.
- September 25, 2024: presentation: “The Future of Phishing — And What To Do About It.” APWG eCrime 2024, Boston, MA.
- June 26, 2024: presentation: “Global Phishing Survey.” Global Measurement Infrastructure Design Project, CAIDA, University of California San Diego.
- June 11, 2024: panelist: “Using Artificial Intelligence for DNS Abuse Detection and Mitigation.” ICANN80, Kigali, Rwanda.
- March 20, 2024: presentation and panelist at Phishing Prevention: A Symposium on Protecting Consumers and Businesses, American University U.S. Chamber of Commerce, Washington, D.C.
- November 15-17, 2023: “Fighting Phishing: Where We Go from Here”, presentation at APWG Symposium on Electronic Crime Research 2023 (eCrime 2023), Barcelona, Spain.
- April 5, 2023: “Protecting Your Organisation from Phishing Attacks: a Proactive Approach.” Anti-Phishing Working Group seminar, moderator.
- June 20, 2022: Greg was interviewed at the DNS Research Federation Forum at Chatham House, London. YouTube. In this interview, Greg describes how the Internet was built without security in mind. While this enabled the rapid growth of the Internet, it has also created cybersecurity challenges with wrestle with today. Greg describes the DNS as “something of a secret” — something that makes the Internet work, without people having to understand how it works. As a cybersecurity researcher, Greg also highlights the challenges of gathering the data and information needed for good decision-making.
- November 30, 2021: interview with SIDN about phishing and DNS security
- November 3, 2021: “Phishing Landscape 2021: The Who, Where, and How Much of Phishing.” Global Online Scam Summit II.
- October 21, 2020: “WHOIS Changes Under GDPR: Impact to End-Users and Public Safety.” Presentation and panel at ICANN 69.
- April 29 2020: “Brand Protection: A Crucial Layer in a Multi-Layered Defense.” Presentation to the Cybersecurity Tech Accord.
- December 9, 2019: “Criminal Domain Name Abuse,” presented at the Workshop on Internet Economics: Knowledge of Internet Structure (KISMET), University of San Diego, CA USA
- June 5, 2019: e-crime case study, presented at The National Cyber-Forensics and Training Alliance (NCFTA) Cyber Crime Forum / Slam Spam 2019; Pittsburgh, PA USA
- October 25, 2018: “Lose Fat Fast!” E-crime case study, presented at ICANN64, Barcelona, Spain
- October 24, 2018: “The General Data Protection Regulation (GDPR)” Cross-community panel session, ICANN64, Barcelona, Spain
- September 18, 2018: “GDPR and WHOIS: Balancing Privacy Rights While Fighting Cybercrime,” APWG EU Symposium on Electronic Crime Research, Krakow, Poland
- May 16, 2018: “GDPR and WHOIS,” presentation at APWG eCrime 2018, San Diego CA, USA
- February 21, 2018: “GDPR Compliance Models,” presentation at M3AAWG 42, San Francisco CA, USA
- June 28, 2017: “DNS Abuse,” presentation to ICANN ALAC, ICANN59, Johannesburg, South Africa
- March 13, 2017: “Effective DNS Abuse Mitigation: Why and How,” presentation and panel at ICANN 58, Copenhagen DK
- June 14, 2016: “Carders: Best Practices in the Financial Space to Combat Fraud,” presentation and panel at M3AAWG 37, Philadelphia USA
- June 2016: Global Phishing Survey: Domain Name Use and Trends in 2015-2016; APWG Symposium on e-Crime Research, Scottsdale, AZ USA
- June 1, 2015: “Domain Abuse in ccTLDs,” presentation at CENTR Jamboree 2015, Stockholm, Sweden
- May 26, 2015: Global Phishing Survey: Domain Name Use and Trends in 2H2014;APWG eCrime Conference, Barcelona, Spain
- February 8, 2015: “Technical Analysis of Abuse Monitoring Performed by Registry Operators”, presentation at Public Safety Workshop, ICANN conference, Singapore
- October 23, 2014: Domain Names: New gTLD Abuse and WHOIS Changes,” presentation at M3AAWG 10th annual meeting, Boston USA
- April 9, 2014: Global Phishing Survey: Domain Name Use and Trends in 2H2013; APWG Counter-eCrime Operations Summit VIII (CeCOS VIII), Hong Kong
- March 24, 2014: “Abuse in the New gTLDs: Landscape and Rules of Engagement”, presentation for closed law enforcement session, ICANN conference, Singapore
- October 19 2013: “Internet Governance”, International Association of Chiefs of Police annual meeting, Philadelphia, Pennsylvania USA
- September 17, 2013: Global Phishing Survey: Domain Name Use and Trends in 1H2013; APWG eCrime Researchers Summit (eCrime 2013), San Francisco USA
- April 24, 2013: Global Phishing Survey: Domain Name Use and Trends in 2H2012; APWG CeCOS VII, Buenos Aires, Argentina
- February 26, 2013: “Malicious Use of Domain Names: An Overview”, APRICOT conference, Singapore (remote webcast)
- October 15, 2012: “Detecting Abuse in TLDs”, ccNSO Tech Day, ICANN conference, Toronto CA
- October 12, 2012: “Diagnosing the DNS: How Many Abusive Domain Names Are There?”, Council of European National Top-Level Domains (CENTR) annual meeting, Brussels
- October6, 2013: Global Phishing Survey: Domain Name Use and Trends in 1H2012, APWG eCrime, Puerto Rico
- October 4-5, 2012: moderator, Global Annual Symposium on DNS Security, Stability and Resiliency (DNS-EASY), Puerto Rico
- April 21-25, 2008: “Protecting the Web: Phishing, Malware, and Other Security Threats.” Proceedings of the 17th International Conference on World Wide Web, WWW 2008, Beijing, China,
ICANN Security and Stability Advisory Committee (SSAC) papers; main co-author:
- SAC122: SSAC Report on Urgent Requests in the gTLD Registration Data Policy (12 December 2023)
- SSAC2023-14: SSAC Public Comment on Amendments to the Base gTLD RA and RAA to Modify DNS Abuse Contract Obligations (18 July 2023)
- SAC119: Feedback to the GNSO Transfer Policy Review PDP WG (5 August 2021)
- SAC118: SSAC Comments on Initial Report of the Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data Team – PHASE 2A (15 July 2021)
- SAC115: author, alternate/dissenting View. “SSAC Report on an Interoperable Approach to Addressing Abuse Handling in the DNS.” (19 March 2021)
- SAC112: Minority Statement on the Final Report of the Temporary Specification for gTLD Registration Data Phase 2 Expedited Policy Development Process (EPDP) (20 August 2020)
- SAC111: SSAC Comment on the Initial Report of the Temporary Specification for gTLD Registration Data Phase 2 Expedited Policy Development Process (4 May 2020)
- SSAC2019-02: Registration Data Services Query Reporting (3 May 2019)
- SAC104: SSAC Comment on Initial Report of the Temporary Specification for gTLD Registration Data Expedited Policy Development Process (21 December 2018)
- SAC101: SSAC Advisory Regarding Access to Domain Name Registration Data (14 June 2018)
- SAC097: SSAC Advisory Regarding the Centralized Zone Data Service (CZDS) and Registry Operator Monthly Activity Reports (12 June 2017)
- SAC091: SSAC Comment on Identifier Technology Health Indicators (20 January 2017)
- SAC077: SSAC Comment on gTLD Marketplace Health Index Proposal (22 January 2016)
- SAC074: SSAC Advisory on Registrant Protection: Best Practices for Preserving Security and Stability in the Credential Management Lifecycle (3 November 2015)
- SAC069: SSAC Advisory on Maintaining the Security and Stability of the IANA Functions Through the Stewardship Transition (10 December 2014)
- SAC068: SSAC Report on the IANA Functions Contract (10 October 2014)
- SAC061: SSAC Comment on ICANN’s Initial Report from the Expert Working Group on gTLD Directory Services (6 September 2013)
- SAC058: SSAC Report on Domain Name Registration Data Validation (27 March 2013)
- SAC055: SSAC Comment on the WHOIS Review Team Final Report (14 September 2012)
- SAC054: SSAC Report on the Domain Name Registration Data Model (11 June 2012)
- SAC053: SSAC Report on Dotless Domains (23 February 2012)