打击网络欺诈：一种系统防御方法

W H I T EP A P E R Contents Foreword Executive summary Introduction 1.1 Criminals exploit digital infrastructure services at scale9 2 A systemic defence approach11 2.1 Prevention12 2.3 Mitigation18 Conclusion Appendix: Glossary Disclaimer This document is published by theWorld Economic Forum as a contributionto a project, insight area or interaction.The findings, interpretations andconclusions expressed herein are a resultof a collaborative process facilitated and ©2025 World Economic Forum. All rightsreserved. No part of this publication maybe reproduced or transmitted in any formor by any means, including photocopying Foreword Akshay JoshiHead, Centre forCybersecurity; Member of Philip ReinerChief Executive Officer andCo-Founder, Institute forSecurity and Technology (IST) Three decades after the internet became publiclyavailable, digital connectivity has become as vitalto societies as physical infrastructure – enablingeconomic growth, social inclusion and innovationon a global scale. Originally designed to fosteropenness and collaboration among researchers,the internet’s architecture was not built with thesafeguards needed for today’s scale and complexity. There is no single blueprint for addressing sucha complex challenge, but there is growing globalconsensus on the urgency to act. This white papercontributes to that effort by presenting key insightsand outlining targeted opportunities for systemicsolutions. Its aim is not to attribute fault, but to Those who build and operate digital infrastructureshare a responsibility to protect the public good.Just like the physical foundations of modernlife, digital infrastructure must be designed andmaintained to serve society safely and sustainably.Meeting this challenge requires collective, forward-leaning action to complement existing approaches Recognizing the need to rebalance responsibilityfor cybersecurity, the World Economic Forum’sPartnership against Cybercrime – together withthe Institute for Security and Technology (IST) – ledtheAdvancing Systemic Defenceworking groupto fight phishing and cyber-enabled fraud. Building Executive summary The accelerating scale and impactof phishing and cyber-enabled Phishingandcyber-enabled fraudare a growingglobal threat to users, consumers, organizationsand countries. The World Economic Forum’sPartnership against Cybercrime, in collaboration users from phishing and cyber-enabled fraud.Governments can accelerate adoption andimpact through national coordination hubs, 3.Mitigation:Enabling rapid, collective response This approach explores how a multistakeholdermodel can shift responsibility upstream,empowering those best positioned to act at scaleand prevent harm from taking root in the first place.These efforts sit in the space between public Even with prevention and protection inplace, timely detection and response remainessential. This paper calls for ecosystem-wide signal sharing – the exchange of verified,privacy-preserving indicators of abuse – andfor incentives that promote effective action This paper calls on stakeholders to act across threecomplementary pillars of systemic defence: The actions proposed in this paper build on provenapproaches already taking shape at the nationallevel, while charting new pathways for collaborationand scale. By taking advantage of this momentum,it will be possible to strengthen systemic defence 1.Prevention:Structurally reducing abuse before Prevention focuses on embedding safeguards atthe foundational layers of the internet to reducebad actors’ ability to acquire, build or operatedigital infrastructure for malicious purposes.Actions include strengthening risk-based due Technical terms inblue boldare explained inthe Glossary (see Appendix). 2.Protection:Embedding user safety by default Protection calls for proactive, scalable solutionsfor consumer-facing services – such as email,browsers and messaging platforms – to shield Introduction The growing scale and impact ofcyber-enabled fraud and phishing areescalating to become one of today’s and cyber intrusion. As a result, several policy-makers (see Box 1) have begun calling for a shift inthe cybersecurity burden of protecting consumersfrom scams and fraud, away from those withfewer resources who face the downstream effects Cyber-enabled fraud continues to increase inscale and exact a heavy toll on individuals and organizations around the world. Phishing – includingsmishing,vishingand other varieties – while hardlya novelty, remains at the core of these threats.Despite significant public- and private-sector Cyber risks for members of the public will be minimised by largely removing responsibilities forthe security of digital products and services from small and medium-sized enterprises (SMEs)and individuals, and placing them with government, manufacturers and service suppliers. Netherlands Cybersecurity Strategy,1p. 19 Today, end users bear too great a burden for mitigating cyber risks … The most