How To Protect Your Brand From Fraud?
Thomsen Trampedach offers a bespoke anti-phishing/brand-impersonation monitoring service that focuses specifically on brand impersonation with field-proven monitoring capabilities, and a dedicated anti-phishing mailbox that is managed on the client’s behalf. In short, the customizable service includes:
- Creation and management of a phishing mailbox to which the organization can report perceived abuse for action and control.
- Monitoring of newly registered domain names
- Monitoring of hostnames in newly published SSL certificates
- Monitoring of Social Media.
- Monitoring of Paid Ads
- Monitoring of Phishtanks (directories of phishing scams)
Last year alone for one of our clients, our team analyzed hundreds of thousands of perceived risks and took action on 19549 unique websites, closing over 85 % of them.
Thomsen Trampedach will set up an anti-phishing mailbox with a dedicated incident team. Anyone in your organisation is encouraged to forward fraudulent attempts to our team. Our team will analyse the threat and through the use of semi and automated enforcement mechanisms in our case-management system report the threat to the various ISPs promptly. The dedicated account manager will help set up ‘how-to’ guides for your website to guide recipients through the necessary steps for submitting the fraud to our team.
“During certain global malicious campaigns our team analyse and address over 4000 perceived scam emails a day”
We offer Web monitoring for phishing cases by performing reverse searches for unique identifiers from the existing cases collected from various sources such as abuse-mailboxes, domain monitoring or threat exchangers with the scope of proactively detecting unreported phishing pages, gathering data, and neutralising the attacker’s infrastructure.
Our team investigate newly registered domain names daily, and suspicious domain registrations are added to our brand protection case management system and immediately enforced when signs of fraudulent or malicious behavior are detected.
The majority of online abuse such as phishing, harmful activity, and brand impersonation is happening on websites having a Secure Sockets Layer (SSL) certificate.
An SLL certificate enables an encrypted connection between the browser and the web server, and websites without an SSL certificate are often categorised as not safe by browsers. Most users today associate websites starting with HTTPS (SSL certified) as secure. This perceived safety assurance together with the easy setup of an SSL certificate has made this the new arena for fraud.
Thomsen Trampedach has developed a solution that monitors in real-time newly published SSL certificates from transparency Certificate logs and scans for our client’s brand names in the domain name (hostname / common name) that is protected by the SSL certificate. The results are categorised according to risk in our case-management and enforcement system, which allows our team of professionals to proactively act on the biggest threat to our clients as they happen in real-time.
“Our SSL monitoring solution scans approx 5 million certificates a day.”
Social Media Monitoring
Our team monitor Social media and enforce unauthorised activities such as impersonation including in paid ads, via available tools (such as Facebook’s Commerce & Ads IP Tool).
Monitoring of Phishing Directories
Thomsen Trampedach anti-fraud solution includes monitoring of directories of phishing scams, and has developed a tool that automatically scans the biggest databases of phishing.
Deep dive investigations
Our team can perform deep dive searches about phishing cases that require extra attention from the client or even the involvement of public authorities and issue reports with the gathered information.
Anti-Phishing Working Group (APWG) Partner
Thomsen Trampedach is a proud partner of the Anti-Phishing Working Group (APWG), and contributes to APWG’s collective databases on phishing and cybercrime.
Most important is to act quickly against the fraud, thereby reducing its effectiveness. Once the risk is analysed, any fraudulent emails should be included as evidence to the internet service providers (ISP), together with a clear explanation of how the email/website is engaging in fraudulent behaviour.
SSL monitoring is essential for anti-phishing services as it provides a stream of data that enhances the industry standard domain name monitoring result. From SSL monitoring one can find abuse happening in sub-domains such as brand.buyglobal.com, data that is not retrievable in registry databases. This is important as a big part of brand impersonation online is happening in sub-domains and not in the domain name.
Anti-fraud Team Lead
Are you interested in getting a consultation regarding how your business can work with mitigating fraud? Don’t hesitate to contact us.