Anti-Phishing is a Group-IB service, offered as part of our Brand Point Protection package, and adapted to the needs of banks and other financial institutions. The major aim of Anti-Phishing is monitoring and detection of phishing and other unlawful online uses of the financial institution’s brand (such as scam sites or fictitious banks), and alerting the involved parties of such incidents. This is achieved by continually growing our systematic database of malicious sites on the Russian segment of the Internet.
The finalized service model is an integrated information cycle for collecting data on malicious online resources, such as:
- phishing sites;
- fake baking sites;
- fake affiliate sites;
- fake lottery sites;
- other sites unlawfully using brands for fraud.
After being added to the Group-IB database, the information obtained as part of our monitoring effort is scrupulously analyzed for contextual and technical malevolence by several experts with vast counter-cybercrime experience. Should the analysis yield positive results, the expert classifies the resource as a phishing site, or another kind of malicious site.
Next, Group-IB’s experts move on to configuring various automated measures to neutralize the malicious content. As part of these measures, rapid notification of involved individuals and organizations is conducted, such as:
- hosting providers;
- domain registrars;
- owners of the compromised sites and servers;
- local governmental and private CERTs;
- anti-phishing lists and toolbars;
- DNS operators;
- other parties.
Notification is carried out via technologies relevant to the malicious resource, be it telephone, email, fax, text messaging, online forms, or other methods of conveying information. Alerts are sent out within previously agreed upon time intervals for each site, depending on the kind of fraud present.
The work is completed only when the malicious resource is fully neutralized, the malevolent content is no longer publically accessible online, and its discovery by search engines is no longer possible. Next, the data collected is forwarded to Group-IB’s forensics and legal departments in order to discern the identity of the persons responsible, arraign them, and seek compensation for the client’s reduced profits and damaged reputation.
The detection of phishing sites and their neutralization allows:
- to increase the revenue for the legitimate business while attracting new customers due to the severed flow of finances to the fraudulent resources;
- to decrease reputational loss due to the propensity of the phishing sites for creating a negative image for the financial institution’s information system, which, in turn, generates negative reactions from the client’s customers, widely available online for the general public and the media;
- to seek compensation for the damages sustained from the operation of the fraudulent site while bringing the perpetrators to justice;
- to have the ability to preemptively detect and neutralize phishing and other malicious sites prior to the launch of the relevant online campaigns, leading to the minimization of negative consequences for the client’s online businesses.