Services  |  Solutions  |  Technology  |  Vulnerability Research  |  Security Resources  |  Certifications   |  About

Host Discovery Vulnerability Management Solutions Penetration Testing Training - NSAT™ Training - TEAM Enterprise Risk Assessments Policy Anti-Phishing & Internet Fraud Alert General Consulting

Phishing - Overview

Phishing” attacks are becoming more prevalent and more sophisticated every day, and pose a serious threat to financial institutions and individuals on several levels.  A phishing attack is an attempt, usually via e-mail, to trick an individual into divulging personal information, particularly details about their account at your financial institution.  The most typical and obvious aim is to enable the attacker to steal from the individual’s account.  Some attacks attempt to convince the targeted individual to participate in an investment scam purportedly “endorsed” by your institution.  All phishing attacks involve illegal activities that infringe on your trademarks and service marks, and are potentially injurious to the reputation of your institution.

What can you do to protect your institution and your clients from these attacks?  Digital Defense now offers a specialized service aimed at alerting you when a “phisher” appears to be preparing an attack against your clients, and at putting operational phishing sites out of business fast.  We offer this service through an alliance with Internet Identity, a highly respected provider of these specialized services with an impressive track record of success in this field.

The Digital Defense Advantage

Digital Defense, Inc. is your “one-stop-shop” security service provider, and through our partnership with Internet Identity, we are able to leverage our market influence to ensure our clients receive the attention they deserve.  Also, because we offer a multitude of security service offerings, you will save time and money by leveraging one trusted security service provider for all your IT security service needs; ultimately reducing the costs of managing multiple IT security contracts.

Solution Descriptions

Phishing Fundamentals

The key to a successful phishing attack is the establishment of a Universal Record Locator (URL) that, at first glance, resembles the legitimate URL used by your institution.  (The URL is the unique address where a resource, e.g., a web page, is found on the Internet.)  The phony URL will be used to add an air of authenticity to both the initial phishing e-mail sent to the target and to the web site, the unsuspecting victim is directed to, in an attempt to obtain their account particulars.  More sophisticated phishers will also “borrow” your name, logo, and website content in an attempt to make their e-mails and web site appear to be authentic.

Detection Services

Our partner, Internet Identity, seeks out web sites that appear to be set up to support phishing attacks, and monitor SPAM e-mail to spot likely phishing  

attack messages.  Finding phishing sites as soon as they go live is the first key to limiting the damage those sites cause.  Internet Identity’s PowerShark systems constantly hunt the Web, spam e-mail and domain registrations, looking for phishing sites that target your brand in their earliest stages of life. 

Internet Identity often locates sites before the phishers send out spam “lures” to attract their victims.

Internet Identity’s intelligent algorithms focus on known “red light districts” of the Internet that are vulnerable to hackers and phishers, and find sites that are not visible to traditional Web spidering systems and search engines.  Using their proprietary Web Page DNAÔ technology, the PowerShark systems quickly and efficiently analyze the content they find, and escalate suspicious pages to Internet Identity analysts for review and confirmation.

Internet Identity monitors the domain space continuously and investigates any suspicious new registrations that may target your brand.  Additionally, Internet Identity aggregates consumer reports from various private and public reporting locations.  All sites reported from these sources are analyzed for phishing content. 

Through our partnership, Internet Identity immediately reports verified phishing sites that target your brand directly to you, via their PowerShark online portal, and by optional e-mail alerts.  Once a site is confirmed as a phish, Identity's systems continue to monitor the site frequently until it is confirmed to be down.  Once a site is taken down, Internet Identity continues to monitor it to ensure that they are immediately aware of its reactivation.

Response Services

Once a phishing website is discovered and verified, Internet Identity leverages their unique relationships with a number of service providers that allows them to quickly block phishing attacks at the browser or gateway level for a large percentage of Internet users.  Sites can be blocked in a matter of minutes, making site blocking the first line of defense against live phishing sites.

Any phishing sites that Internet Identity finds targeting your brands are reported to their reporting network via their RealPhish data feed.  As our client, you may also report sites to Internet Identity for tracking and blocking, regardless of whether you request Internet Identity to deactivate the site.  When Internet Identity confirms the existence of a live phishing site, they immediately transmit the address of that site to a number of providers whose tools and services block their users (including your clients) from ever getting to a phishing site or receiving a phishing e-mail.

Site Takedown Services

Our partner, Internet Identity, is a widely-respected provider of phishing site deactivation services, with excellent relationships built over time with ISPs, web hosting companies, domain registrars, and computer emergency response teams around the world.  Because of Internet Identity's collaborative approach to phishing site deactivation, there is a high degree of cooperation by the service providers.  Internet Identity employs several multi-lingual fraud analysts and a top-notch translation service to ensure that they can address phishing sites wherever they exist.

Deactivation Process

Unlike some vendors, Internet Identity uses lawful means to shut down phishing sites on your behalf.  Internet Identity's deactivation process usually includes the following steps:

• Detection and reporting of the phishing site, either by Internet Identity, or by another entity.
• Confirmation that the site is a true phishing site. 
• Provide the phishing site URL to all RealPhish recipients currently under contract to receive reports from Internet Identity to allow such partners to block sites or e-mail or warn their clients of the nature of the site.
• Internet Identity executes the following activities as needed to deactivate the phishing website as quickly as possible.
• Determine the phishing website location.
• If a domain name is utilized, determine the domain registrar.
• Perform other research or forensic investigation as necessary.
• Contact the Host and/or supporting Internet service providers.
• Contact the Registrar to remove the domain name from the DNS and lock the domain registration.
• For (30) thirty days after deactivation is completed, any reoccurrence of a phishing website at the same hosting location is considered to be a continuation of original incident, and Internet Identity will deactivate the site again at no additional charge.

Service Availability

Internet Identity is constantly monitoring and evaluating suspicious sites, and is available to commence takedown activity 7 days a week, and 24 hours per day, every day of the year.

Incident Record Keeping

Internet Identity will retain full records for all phishing websites that have been deactivated through this engagement.  Records will include, but are not be limited to, history of communications with involved providers, copies of sites, and any data pertaining to the registration of a domain or creation of a website account by the criminal that can be obtained.

Benefits

Quick Action Is Critical! Phishing websites only stay up for a very short amount of time.  It is critical that you take quick, decisive action to achieve an effective response.  When your organization detects a phishing attack (either actual or planned), you will be able to provide a timely warning to your customers/members to help them avoid becoming the unsuspecting victims of an attack

As the saying goes, fore warned is fore armed! The information you receive as part of this service will enable you to protect your institution from being “used” by cyber criminals to help them attack your clients.  At the same time, you receive the information necessary to help protect your reputation and the integrity of your valuable intellectual property (trademarks, trade names, logos).  The dividends to you in terms of preserving your reputation and member/customer loyalty can be priceless