Fraud Defenses Crowdsourced Abuse Reporting Device Fingerprinting Email Reputation Service IP Reputation Service SR 11-7 Compliance Supervised Machine Learning Two-Factor Authentication (2FA) Unsupervised Machine Learning Fraud Tactics Bot Attacks Call Center Scams Device Emulators GPS Spoofing P2P VPN Networks Phishing Attacks SIM Swap Fraud URL Shortener Spam Web Scraping Fraud Types App Install Fraud Application Fraud Bust-Out Fraud Loan Stacking Synthetic Identity Theft Phishing Attacks What are phishing attacks? The term “phishing” describes a process whereby a fraudster attempts to obtain private information from an unsuspecting victim by impersonating a legitimate querying entity. The term itself is a variation of the word “fishing” which, when used colloquially in phrases like, “He was fishing for compliments,” or “She was fishing for clues,” refers to attempts to try and subtly elicit certain responses, or reveal certain pieces of information. The term first came into use by a group of hackers on AOL who used fake accounts to, “trick users into revealing PII such as passwords, birth dates, credit card numbers, and social security numbers.” Email is one of the most common tools fraudsters use to commit phishing attacks. Some phishing attacks target specific individuals, occasionally with outsized impacts, as was the case when John Podesta, Hillary Clinton’s presidential campaign chairman, was the victim of a phishing attack that had a negative impact on Clinton’s campaign for the presidency. Other phishing attacks target entire companies, as was the case with one of the costliest attacks ever, when Google and Facebook were scammed out of $100 million. What Should Companies Know about Phishing Attacks? Phishing continues to be one of the most common fraud attack types. According to Google’s security blog, Gmail alone blocks more than 100 million phishing emails every single day. According to Verizon’s 2019 Data Breach Investigations Report, 32% of data breaches in 2018 involved phishing. Company employees are regular targets of phishing attacks, and can often end up being the unintentional enablers behind massive data breaches. This was the case in 2015 when health care giant Anthem suffered a breach in which nearly 80 million records were stolen. The attack began with phishing emails sent to a small number of employees. Anthem ultimately had to pay out $16 million in a class action settlement. There are many different types of phishing attack types. The Anthem attack was an example of a “spear” phishing attack, in which a fraudulent email is specifically tailored to target a particular organization. The tailoring is done to increase the likelihood of recipients at the organization believing the communication to be legitimate. Other examples include “clone phishing,” in which a previously sent authentic email is reused for fraudulent purposes. To prevent phishing emails from being exposed as fraudulent, bad actors use services such as URL shorteners to hide the true identity of malicious emails. Email is not the only mechanism fraudsters use for phishing attacks. Text and social media are also commonly used to obtain sensitive information. According to the Vade Secure Phishers’ Favorites report for Q1 2019, social media phishing increased 74.7 percent over the previous quarter. DataVisor Protects Against Phishing Attacks The increasing complexity and scale of phishing attacks has rendered legacy prevention strategies like email reputation services largely irrelevant, and now that fraudsters can use tools such as cloud infrastructure and residential virtual private networks (VPNs) to mass-create anonymized IP addresses in very short periods of time, IP reputation services have also become outmoded. Fortunately, technologies such as unsupervised machine learning offer a means to meet the scale of these attacks. Many of DataVisor’s clients rely on solutions like dCube and dVector to spot coordinated attacks before they happen. Prior to selecting DataVisor for fraud prevention, one of our clients, a social platform with over 180 million users, was wrestling with numerous platform threats. After implementing DataVisor’s solutions, the organization’s fraud teams were able to detect a wide variety of attacks leveraging fake or compromised accounts, including “sleeper cell” accounts still in the incubation stage. This resulted in a dramatic reduction in both financial and reputational damage.