Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
As we outlined in our Practical Guide to Reducing Digital Risk, the integrity of brand and identity is essential in protecting a business. Adversaries are routinely impersonating businesses and critical online services to target customers and significant business transactions: they’re registering domains, creating fake mobile applications, imitating documents sent in email, spinning up spoof social media profiles of key executives – all with the aim of duping people to comply with their schemes allowing them to steal, disrupt, damage or destroy.
Last year’s indictments issued by the United States Department of Justice (DOJ) against an individual associated with Lazarus Group underscored just how effective well targeted phishing can be: culturally relevant, free from spelling and grammar errors, and hitting the right psychological buttons to yield a result.
These types of impersonation are not only of interest to security teams. They are also particularly acute for fraud teams, who are grappling with increasing online payment fraud risks, which are notoriously difficult to measure on a global basis. However, by detecting these impersonation attempts, organizations can better detect the targeting of customers, as well as the sale of fraudulent and counterfeit goods.
There are four main ways adversaries impersonate an organization’s online brand to target customers or employees.
Even the least sophisticated threat actors have access to a wide variety of forums, groups, and tools where they can learn the latest phishing techniques, as well as purchase step-by-step tutorials and phishing templates to conduct their campaigns (we outlined many of these tools and techniques in our recent research, Tackling Phishing).
In serving our customers, we regularly see BEC and Whaling attacks routinely combine false domains with out of band communications on convincing looking web services. In some cases, whole call centers are set up to perpetuate the deception. Knowing the location of legitimate assets and detecting the anomalies can help manage this risk.
With SearchLight, organizations register their brand names, web domain names, social media handles, and official mobile applications as assets for digital monitoring. Through the SearchLight portal, we provide the most relevant and critical digital risks with complete visibility, context, recommended actions and ways to take down these phishing attempts.
There are many tools available to identify these impersonations, such as DNS Twist, Xorz’s Phishing Catcher, and URLCrazy. You can read more about the risks surrounding online brand security in our Practical Guide to Reducing Digital Risk, which outlines some additional free and inexpensive tools that organizations can use to start securing their online brands.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.