One of the defining characteristics of a takedown provider is its ability to detect phishing sites. Through various approaches, takedown vendors have defined their strategies for detection of malicious emails - either building up their own spam traps, pulling data from third-parties like the Anti-Phishing Working Group, partnering with mail service providers, or even acquiring other organizations. While these approaches are often successful, in that they detect a significant number of phishing attacks, they are still incomplete, and often are missing a non-negligible amount of phish.
BrandProtect has recently observed a spike in activity for one of its customers; a large, NA-based financial institution with global presence. These attacks employ a “wildcard” DNS entry – eg. *.domain.com – and simple scripting to create hundreds of unique URLs, thereby circumventing exact-match antispam rules, and increasing the likelihood of phishing lure delivery.
Topics: cyber threats
On August 27, the website for the New York Times was redirected via DNS to a server controlled by the Syrian Electronic Army. The DNS record was quickly restored to normal, but not after the hack was discovered and talked about extensively online.
Last week, I had the privilege of attending the Microsoft-run Digital Crimes Consortium Conference (DCC 2013), held this year in lovely Barcelona, Spain. Unlike many of these “internet security” conferences, Microsoft did a great job pulling in the actual techs responsible for the fantastic work we are doing as a community, as opposed to middle- or upper-management who simply present the work done by others.
These days, it’s tough to find someone who hasn’t at least been sent a phishing email, let alone responded to one. Being the go-to computer guy in my family, I’ve had to deal with “can you just look at this email and tell me what you think?” or “Microsoft called me about my computer being hacked, can you come fix it?” on more than one occasion. And it’s not just my grandparents that I’ve had to educate, but younger family members as well – to support this finding, Norton released their Cybercrime Report last week which showed that Millennials were more likely to fall victim to cybercrime than Baby Boomers. To think, here I was worried about old dogs learning new tricks, when the new dogs were the ones that needed the most help.
Norton says that cybercrime cost $110 billion over the past 12 months – quite the lucrative venture, it seems, especially when you fail to see much in the way of prosecuting the offenders. We’ll occasionally hear about some high-profile carder or malware author’s arrest, but it seems that owners of file-sharing companies are of greater importance to law enforcement. Perhaps the banking associations need to hire the MPAA’s lobbyists.
I’ve been handling phishing takedowns for over 5 years now, and sat in on many client or prospect meetings. The client meetings are often straightforward – review of the past year, recommendations for moving forward – and allow us to demonstrate to our clients just how effective we are at our jobs. In the prospect meetings, we usually start by talking about the issues that the prospect is facing, but what I’m really interested in is hearing about the different strategies employed by companies to deal with online fraud – and some of these perspectives have really been surprising.
Having recently attended the Anti-Phishing Working Group's Counter e-Crime Operations Summit in Prague, I was hardly surprised to learn that most of our clients are interested in our Mobile App Monitoring service. I had 10 emails about it sitting in my inbox, all wanting more info about how BrandProtect can help identify mobile apps that are using our clients' names. I say that I was "hardly surprised" because for the first time, at any of the conferences I've attended, there was a major focus on the mobile space and some of the dangers present.