What are Anti-Phishing Tools?
Phishing frequently tops lists of common cybersecurity attack types alongside malware attacks. They often go hand-in-hand, with a successful phishing attack being used to infect systems with malware, for example. (Note that malware can, and does, spread via other attack methods). Phishing is the most reliable way to trick employees and customers into sharing sensitive information and data. Phishing attacks are also getting simpler for anyone to carry out due to the availability of off-the-shelf hacking-as-a-service phishing tools.
Tools That Allow Anyone to Phish
In the past, planning and executing a successful phishing attack required malicious actors to have some technical skills. This is no longer the case. In the same way that traditional IT services have become commoditized, so have phishing tools and other cybersecurity attack services.
Many cybercriminals do the work to compile the information needed to mount attacks on organizations, and then they offer these as pre-built “phishing kits’ for sale on the regular and dark web. These kits come with preconfigured spoof website designs to mimic known brands, as well as spoof domain names designed to trick people and information about users in organizations that can be used for targeted spear-phishing.
Monitor for Attack Planning
The IntSights Threat Intelligence Platform monitors the web and dark web sites where phishing kits and other indicators of cybersecurity attack planning are discussed and traded. We monitor for available metrics that predict an attack. For example:
• Domain spoofing - the registration of lookalike domain names that are used to trick people in phishing attack URLs and spoof websites
⁃ Typo-squatting - domain names that are close to legitimate ones but with common typos
⁃ Homoglyphs - using characters that look similar such as lower-case L and upper-case I - l and I
• Monitor website address information changes
⁃ Whois information
⁃ MX, A, and other DNS records
⁃ IP address reputation information
⁃ SSL/TLS certificate activity
Combining change information like this with intelligence from multiple web and dark web sites, featuring expert analysis by the IntSights security team, highlights potential and imminent attacks targeting organizations.
Any potential phishing or other cybersecurity attack threats that are identified by the IntSights Threat Intelligence Platform can be countered with takedowns and focused perimeter blocking.
The IntSights remediation team and our extensive partner network are skilled in creating and submitting targeted takedown requests to web hosting providers, domain name registrars, and other cloud service providers. Submissions are formatted precisely for each service and provide all the information and justifications required for a successful preemptive takedown to prevent phishing attacks.