Dylan Sachs

Recent Posts

Abuse Box Forwarding (ABF) - Improve Response Time, Reduce Manpower, Compliance

Posted by Dylan Sachs on Thu, Feb 08, 2018

One of the defining characteristics of a takedown provider is its ability to detect phishing sites.  Through various approaches, takedown vendors have defined their strategies for detection of malicious emails - either building up their own spam traps, pulling data from third-parties like the Anti-Phishing Working Group, partnering with mail service providers, or even acquiring other organizations.  While these approaches are often successful, in that they detect a significant number of phishing attacks, they are still incomplete, and often are missing a non-negligible amount of phish.  

Read More

Topics: Phishing, solutions for phishing

ThreatAlert: Wildcard DNS Attack Spike

Posted by Dylan Sachs on Mon, Oct 19, 2015

BrandProtect has recently observed a spike in activity for one of its customers; a large, NA-based financial institution with global presence.  These attacks employ a “wildcard” DNS entry – eg. *.domain.com – and simple scripting to create hundreds of unique URLs, thereby circumventing exact-match antispam rules, and increasing the likelihood of phishing lure delivery. 

Read More

Topics: cyber threats

How to Take Down a Phishing Site: 5 Crucial Steps

Posted by Dylan Sachs on Mon, Dec 09, 2013

After telling people what we do here at BrandProtect, people often ask me “How do you ‘take down’ a phishing page?”  Well, today I’m going to tell you.  Phishing mitigation is a multi-step process that involves several steps.  First and foremost, you have to find them. 

Read More

Topics: Malware, scam, Phishing, Risk, copyright, phishing take down

Why the New York Times Hack is a Bigger Deal Than You Think

Posted by Dylan Sachs on Thu, Sep 12, 2013

On August 27, the website for the New York Times was redirected via DNS to a server controlled by the Syrian Electronic Army.  The DNS record was quickly restored to normal, but not after the hack was discovered and talked about extensively online.

Read More

Topics: hackers, Phishing

Internet Security Brings Out The Best Of Us

Posted by Dylan Sachs on Fri, Mar 01, 2013

Last week, I had the privilege of attending the Microsoft-run Digital Crimes Consortium Conference (DCC 2013), held this year in lovely Barcelona, Spain.  Unlike many of these “internet security” conferences, Microsoft did a great job pulling in the actual techs responsible for the fantastic work we are doing as a community, as opposed to middle- or upper-management who simply present the work done by others.

Read More

Topics: Brand Protection, cybercrime, internet security, microsoft

Banks are trying to fight cybercrime, but their hands are tied

Posted by Dylan Sachs on Wed, Sep 12, 2012

These days, it’s tough to find someone who hasn’t at least been sent a phishing email, let alone responded to one.  Being the go-to computer guy in my family, I’ve had to deal with “can you just look at this email and tell me what you think?” or “Microsoft called me about my computer being hacked, can you come fix it?” on more than one occasion.  And it’s not just my grandparents that I’ve had to educate, but younger family members as well – to support this finding, Norton released their Cybercrime Report last week which showed that Millennials were more likely to fall victim to cybercrime than Baby Boomers.  To think, here I was worried about old dogs learning new tricks, when the new dogs were the ones that needed the most help.

Norton says that cybercrime cost $110 billion over the past 12 months – quite the lucrative venture, it seems, especially when you fail to see much in the way of prosecuting the offenders.  We’ll occasionally hear about some high-profile carder or malware author’s arrest, but it seems that owners of file-sharing companies are of greater importance to law enforcement.  Perhaps the banking associations need to hire the MPAA’s lobbyists.

Read More

Topics: Malware, Identity Theft, Security, data breach, Phishing, cybercrime, Internet Threats

Got a phishing problem? A takedown provider can help

Posted by Dylan Sachs on Mon, Jun 11, 2012

I’ve been handling phishing takedowns for over 5 years now, and sat in on many client or prospect meetings.  The client meetings are often straightforward – review of the past year, recommendations for moving forward – and allow us to demonstrate to our clients just how effective we are at our jobs.  In the prospect meetings, we usually start by talking about the issues that the prospect is facing, but what I’m really interested in is hearing about the different strategies employed by companies to deal with online fraud – and some of these perspectives have really been surprising.

Read More

Topics: Reputation Management, Phishing

APWG conference reinforces focus on mobile

Posted by Dylan Sachs on Tue, May 22, 2012

Having recently attended the Anti-Phishing Working Group's Counter e-Crime Operations Summit in Prague, I was hardly surprised to learn that most of our clients are interested in our Mobile App Monitoring service.  I had 10 emails about it sitting in my inbox, all wanting more info about how BrandProtect can help identify mobile apps that are using our clients' names.  I say that I was "hardly surprised" because for the first time, at any of the conferences I've attended, there was a major focus on the mobile space and some of the dangers present.

Read More

Topics: mobile app monitoring, risk management, Reputation Management

Recent Posts

Posts by Topic

see all