08:30 – 09:00

09:00 – 09:25

Meeting Room: Sky Lounge

TLP: Green

Welcome speeches

• Vodafone Germany colleagues, 15'
• Andrija Višić, ETIS Central Office, 10'

09:25 – 09:30

Groups separate and start their meetings

ANTI-ABUSE WORKING GROUP MEETING STARTS

IN THE EVENT PLAZZA CONFERENCE ROOM

09:30 – 11:00

Meeting Room: Event Plazza

TLP: Amber

Introduction and Roundtable, 10'

Goal: Welcome speech and agenda overview, followed by a roundtable where all participants introduce themselves (only name, company, role).

Moderator: AAWG Chair

Company Updates, 50'

Goal: Each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also delivering expectations from this 2-day meeting. New members in the group receive a longer time slot, if requested.

A Power Point Template to fill in will be circulated to all members in advance of the meeting.

Goal: Identify evolving abuse patterns—such as e-mail & SMS phishing, spam, smishing, and infrastructure exploitation—targeting telecom networks. By examining trends like the abuse of 5G-connected devices, compromised endpoints, and spoofed telecom identities, the discussion aims to enhance cross-sector collaboration on detection, response, and abuse reporting.

Presentation: TBC, 20'-30' from a vendor specialised in following threats against telcos in the cyberspace

11:00 – 11:30

Coffee Break

11:30 – 13:00

Meeting Room: Event Plazza

TLP: Amber

Theme: In every ETIS meeting, we look at the overview of best practices when it comes to implementation of:

• Walled Garden
• DMARC
• P25
• DNSSEC
• DANE
• BIMI
• CAA
• Antispam Layers
• + etc.

Moderator: AAWG Core-team

Discussion: What has changed since the last update? Which companies would like to explain a certain way of doing things. All, 20’

Theme: tbc

Moderator: AAWG Core-team

Presentation 1: tbc

Q&A session

13:00 – 14:00

Location - Vodafone Cantine

Lunch Break

14:00 – 15:30

Meeting Room: Event Plazza

TLP: Amber

Goal: Discuss trends in Business Email Compromise and Vendor Email Compromise targeting telecoms. How AI is used to identify high-trust relationship abuse in email. Telecom-specific case insights (e.g., SMS-based spoofing starts from email vectors). 

Following companies invited to present:

• Mimecast
• Abnormal Security 
• Recorded Future
• Proofpoint
• Fortinet
• etc.

Demos? End-to-end flow from detection to response in a telecom context

Moderator: AAWG Core-Team

15:30 – 16:00

Coffee Break

16:00 – 17:00

Meeting Room: Event Plazza

Presentations expected from telecom operators showing bast practices, and suppliers providing detection tools.

Moderator: AAWG Core-Team

18:30 – 20:00

20:00 – 22:30

09:00 – 10:30

Meeting Room: Sky Lounge

TLP: Green

Theme: Telecom operators increasingly face abuse and fraud challenges when customers unknowingly connect malware-infected devices purchased from untrusted online marketplaces. This session explores how anti-abuse and cyber fraud teams detect, mitigate, and respond to such threats while balancing privacy, scale, and customer experience.

Moderator: Andrija Višić, ETIS Central Office

Presentation 1: Swisscom(?), 15’ + Q&A

Q&A session: 5'

Presentation 2: Deutsche Telekom, 15' + Q&A

Presentation 3: tbc

Moderated discussion:

Other:

“ETIS as a European Telco ISAC – update”, Andrija Višić, ETIS CO, 5’

11:00 – 11:30

Coffee Break

11:00 – 12:30

Meeting Room: Event Plazza

TLP: Amber

Format & Goal: Telecom operators and suppliers can choose to present on any of the topics proposed below.

Topic list - 10-15' each:

• AI for Behavioral Email Threat Detection
• AI-Enhanced Spam and AntiAbuse
• AI-Powered Threat Intelligence for Telecom-Specific Fraud
• AI for Real-Time Voice and SMS Reputation Analysis
• AI for Telco Brand and Customer Impersonation Defense
• Other? Email Andrija at av@etis.org 

Moderator: AAWG core-team

Q&A session after each presentation

12:30 – 13:30

Location - Vodafone Cantine

Lunch Break

13:30 – 14:30

Meeting Room: Event Plazza

TLP: Amber

Moderator: AAWG core-team

Theme & Goal: This technical session delves into real-world examples of how CERT, SOC, and CSIRT teams in telecom environments collaborate with anti-abuse and fraud departments to detect and mitigate complex threats. It highlights the exchange of enriched indicators of compromise (e.g., DNS sinkhole hits, command-and-control IPs, malware hashes), SIM swap detection signals, signaling abuse (SS7/Diameter/GTP) data, and customer behavior anomalies correlated with threat actor TTPs. Case studies include coordination on APT-attributed phishing campaigns targeting subscribers, large-scale smishing attacks, and insider fraud investigations. Participants will gain insights into the data pipelines, SIEM integrations, and API-based sharing models that make these collaborations effective, along with considerations around data sensitivity, retention, and regulatory compliance.

Volunteers to prepare a discussion session to email Andrija at av@etis.org before October 2025

14:30 – 15:15

Meeting Room: Event Plazza

TLP: Amber

Theme: TBC

Operators and suppliers to propose presentations or discussion topics, e.g.:

• Walled Garden (updates from last time)
• tbc
• Other? Email Andrija at av@etis.org 

15:15 – 15:30

Meeting Room: Event Plazza

TLP: Green

A short session dedicated to follow-ups and discussing topics that arose during the meeting’s discussions. Participants will brainstorm and compile a list of future topics for consideration in upcoming ETIS events.

Before leaving, participants are kindly requested to fill out the Feedback Form.