How a global bank uses Netcraft’s detection and disruption services to perform takedowns on thousands of phishing attacks each year with a 100% success rate.
Challenge
The bank wanted a new solution to address phishing threats targeting the bank’s customers and employees. Cybercriminals were enticing unsuspecting users to fraudulent sites and applications where their personal information could be collected and used to access the victim’s bank accounts. These attacks not only posed a financial threat to the customers, but they had the potential to damage the bank’s brand name and reputation. Given the constant and ongoing threat of phishing attacks, the bank decided to pursue a 3rd party solution.
Solution
The bank, searching for a solution with early detection capabilities and quick takedown response time, selected Netcraft to protect its brand, customers, and people.
Customer Profile
TYPE OF CUSTOMER
TOP 50
BANK IN THE WORLD
CUSTOMER SIZE
> $1 TRILLION
IN ASSETS
TENURE WITH NETCRAFT
3+
YEARS
Impact at a Glance
9,000
phishing takedowns per year
50%
attacks taken down in less than 5½ hours
3x
faster takedown times than the industry average
Performance Detail
Effective Threat Detection
As a customer for several years, this bank has seen great success with Netcraft’s services preemptively identifying and validating attacks or fraudulent websites. Netcraft uses advanced automation to process over 5 million reports of suspected malicious URLs every day, collected from a multitude of sources.
As with most financial institutions, many attacks are phishing attempts, but Netcraft’s technology has the ability to detect over 80 different attack types. For this customer, Netcraft has also identified hundreds of fake mobile apps and social media profiles.
Disruption and Takedown
Netcraft has performed over 50,000 takedowns for the bank with impressive results relative to the speed and effectiveness. Specifically, with Netcraft, the median takedown time is 5½ hours, which is 3x faster than the industry average attack lifetime.
Netcraft maintains transparency throughout its process, providing customers with real-time updates on all live attacks along with direct access to incident-level and aggregated data.
Interesting Insights
Lookalike Domains
Of all of the attacks Netcraft has seen against this customer, one quarter of them are hosted on lookalike domains specifically created to look like they are owned by the customer. This is higher than the 18% Netcraft sees across all its takedown customers.
Registrar
The largest proportion of attacks targeting this customer, about 40%, have domain names registered at Namecheap. GoDaddy and Porkbun trail behind with 4% and 3%, respectively. Netcraft also saw 3% of attacks linked to only an IP address, without a domain name.
Hosting Country
The majority of attacks (40%) on this bank were based out of the United States. This is only slightly higher than the 34% average seen across all Netcraft’s bank and credit union customers.