Phishing is a prevalent problem for businesses, particularly financial institutions. Over the years, many services have emerged to help organizations address phishing attacks that are targeting their customers' accounts. When seeking solutions, businesses find they have several options to choose from. These fall into three categories:
- Phishing takedown services
- Anti-phishing services
- Phishing protection services
These categories may seem interchangeable, but there are some key distinctions between them that make a big difference.
As phishing has evolved over the years, so too have solutions to stop it. Takedown services became available in the early days of phishing to mitigate attacks. As phishing grew more professional and prolific, anti-phishing services emerged to provide faster phishing detection in addition to takedown. Today, phishing protection services go beyond detection and takedown to disrupt the cybercrime operations that enable phishing threats.
Phishing Takedown Services
When a business learns their customers are receiving phishing emails, the first reaction is to try to get the phishing site shut down by digging through ISPs, hosting providers, domain registrars, law enforcement and other authorities on their own until they get to the right person. When that effort stalls or takes too long, they may look to professional phishing takedown services. Providers of these services use their experience and contact networks to streamline the process and get to the right engineer or admin more quickly.
These services are often delivered ad hoc or under a retainer contract for a set number of hours or phishing incidents. Using a takedown service will get the phishing site shut down faster than doing it on your own, but a phishing site can still be alive (and stealing customer credentials) for days depending on how quickly you detect the attack.
Anti-phishing services combine traditional takedown capabilities with 24x7 monitoring for phishing sites “in-the-wild.” This allows for earlier detection and faster response, leading to a shorter phishing site lifetime. To find potential phishing sites, these services ingest and analyze high volumes of email and web data. When a site is confirmed as matching your brand, takedown procedures are initiated.
These services are typically delivered under an annual or multi-year contract with fees per phishing incident. Since these services aren't dependent on you for detection, they can shorten the uptime of phishing sites to a much greater degree than takedown services. This means the risk of compromised accounts is much lower.
However, phishing sites are a cheap commodity in today's cybercrime world. It is easy for phishers to procure another host for their phishing site and resume operations. They make less per attack, but they easily make up the difference by launching more attacks.
Phishing Protection Services
Phishing protection services provide early detection and takedown, but don’t stop at shutting down phishing sites. These services go much further to disrupt phishing operations and dismantle the attack infrastructure. Leading-edge providers of phishing protection services peel back phishing sites and emails to find the underlying systems and tools phishers rely on to stage, launch and monetize attacks. This extends beyond phishing sites to include components such as phishing kits, credential drop sites, spamming tools, and money mule operations.
Like anti-phishing services, phishing protection services greatly reduce the average uptime of phishing sites. However, they have a more strategic objective: actively deter phishing attacks by making them unprofitable. This strategy leads to fewer attacks, fewer compromised accounts and less fraud. Accordingly, PhishLabs delivers Phishing Protection services at a fixed price that incentivizes the reduction of phishing attacks.
To learn more about how PhishLabs Phishing Protection delivers results beyond takedown and anti-phishing services, read the "How to Fight Back against Phishing" white paper.