In today’s evolving cyber landscape, it’s not enough to just deal with attacks.
Businesses need to take a more proactive stance by training staff on what to look out for and have the right processes and technologies in place to monitor and mitigate risk. This is especially true when it comes to phishing where criminals try to entice consumers and employees to click on links or open attachments in an effort to get access to personal information, login credentials or other data.
A key part of being proactive is using a criminal’s own data against them. Data collected from known phishing sites and kits (the code that powers the site) can empower your organisation to fight back. This data is called phishing intelligence and is a feature of the MarkMonitor AntiPhishing Service, designed to help protect your business beyond “whack-a-mole” shutdowns.
But how? First, phish log files can provide a list of victims, some of whom could be your customers, or IP addresses that accessed the phishing site. This helps you quickly protect your customers and organization. Second, it can be used to shut down email addresses that phishers use to collect credentials. Third, by finding commonalities between kits (grouping them into “families”) you can gain additional insights into new phishing kits attacking your organisation and others.
This valuable intelligence gives your organisation the tools to be more assertive in protecting yourself and your customers. It also is useful when working with law enforcement in pursuing repeat offenders and can help inform your wider threat intelligence and security environment.
Intelligence gleaned includes:
- Discovered data from automated analysis of the phish kit can identify the online persona of the phisher who created or modified the phish kit, as well as the email collection point where victim credential information is often sent externally after it has been submitted to the phishing site. It is through this harvested data that phish kits can be clustered into related families.
- Phish log files harvested from the phishing site typically contain a caches of victim credential data or a list of IP addresses that have accessed the site.
- When clustered and reported in the MarkMonitor online portal, a customer can see how heavily families of phish kits are targeting them, their industry, or global entities at any one time.
- The fight against cyber criminals is an ongoing one. But that doesn’t mean it’s a losing battle. With the right approach, technology and by working with partners like MarkMonitor, you can protect your business and your customers from cyber threats and mitigate the risk to your organization, brand reputation, and bottom line. Using phishing intelligence against phishers is just one of innovative ways to tackle online fraud.
Learn more about fighting phishers who target your brand here.