Versafe Anti Phishing Technology

Using layered security, automatic engines and a 24/7 operation center, Versafe efficiently detects phishing attacks as they are being set up, monitors the fraudulent activity, documents the  incident and takes down the fake site, all before scam e-mails are sent to the organization’s customers. The collected information then serves for forensic investigation of the event and for laying the ground to protect against the next wave of attack.

Versafe’s knowledge and experience are evident in the proven methodology used to prevent, protect and react against phishing attacks.

Versafe’s systems are all managed by a user-friendly console, with privileges settings defined by the organization’s security management.

Versafe’s components are embedded in the application layer and do not require the organization’s clients to install anything on their PC, resulting in a transparent process that does not affect the user experience or ease of use.

Detection

Versafe’s objective – fast, definitive detection and identification of a phishing attack.

vTrack – Versafe’s advanced software component designed to immediately recognize the copying of the organizations’ site, and its use anywhere else on the net. As soon as an attacker begins building a fraud site, the system alerts about the potential threat.

vScan – advanced scanning mechanisms that search the web for keywords, graphics, logos and other parameters comprising a similar site to that of the organizations’ and that can be used for fraudulent activity. Versafe’s cooperation with ISPs, search engines and online security firms enhance the effectiveness of identifying potentially harmful sites.

vSpam – Versafe uses an array of e-mail servers and accounts to collect SPAM from around the world. The mail is scanned, using an automated engine, for keywords, graphics, logos and other parameters. E-mail that is suspected of being a potential threat is treated, utilizing cooperation with Anti SPAM firms, and monitored.

vDomains – Versafe detects the registration of domains with similar names, keywords and features in real time. Potentially threatening domains’ activities are monitored.

vAlert – real time alerts are activated by phone, text messaging, e-mail, the SIEM console and/or the Versafe control console (based on the organization’s preferences). Concurrently, the 24/7 operation center  initiates automatic and manual procedures for event management and fraud site shut down.

Documentation

Versafe’s objective – document the scam for investigation into the identity of the attacker, the precise timing and method of the attack and detection of any possible affected users.

Versafe documents:

  • The IP addresses of the attacker, the victims and the server used for the phishing site
  • Domain registration details
  • URL addresses used
  • Chronicle progress of the attack
  • The attack’s web pages
  • Screen shots of the attack, scam mails and other forensic evidence
  • Files found on the attacker’s serve, relating to the incident

Prevention

Versafe’s objective – immediate shutdown of the fraudulent site, prevention of the clients’ deceit and confusing the attacker.

As soon as a phishing attack is identified, the following actions are initiated:

  • Immediate automatic mail notifications are sent to the ISP, the storage company and the domain registration firm regarding the scam and formally requesting the site shutdown.
  • Versafe’s 24/7 operation center shuts down the fake site utilizing its working relationships with the ISP, the storage company and the domain registration firm in the shortest possible time frame.
  • Automatic mail notifications are sent to the browser abuse management personnel and to security firms in order to blacklist the fraud site and warn or prevent the surfers from accessing it.
  • Honeypots, containing fake user names, passwords, credit card numbers and other credentials, are fed to the hacker in order to cause confusion, to gain access to the attack server and for forensic use. The honeypots are customized to the organization and are deployed from several IP addresses and separate computers.
  • Real time alerts are sent to the organization’s control center in order to identify any users that may have been affected and to take the appropriate actions, based on the predefined company procedures and protocol.

Investigation

Versafe’s objective – investigate the attack in order to learn of any possible affected users, to track and identify the attacker and to quickly identify future attacks of the same form.

Versafe phishing investigations include:

  • Identifying any affected users of the current attacks
  • Identifying the attacker and use the information discovered (including IP address, nicknames, mail server, logs, email, etc.) to find the assailant and bring to his exposure in the real world.
  • Event Report, including all documentation collected on the fraud and all actions taken during the attack.