Allure Security announced the availability of its new website phishing detection and response capability. Built on patented beacon technology, Allure’s Software-as-a-Service (SaaS) alerts security teams in real-time when cybercriminals build spoof versions of their customer-facing websites as part of a phishing attack.
Allure empowers organizations to be more proactive before a phishing scheme has the chance to succeed, protecting the private credentials of customers and keeping the company’s brand reputation intact.
As more transactions between all types of businesses and their customers move online, the opportunity for attackers to steal credentials and other valuable information through phishing attacks continues to grow.
The Center of Applied Internet Data Analysis (CAIDA) estimates that 30,000 web spoofing attacks are launched each day, with the goal of tricking consumers into giving up their login credentials used to access legitimate websites.
Making matters worse, phishing is becoming more sophisticated and difficult to spot, even for the trained security professional. Recent attacks have even successfully bypassed two-factor authentication (2FA) systems. This not only puts consumer data at risk, but it also damages the reputations of companies whose websites are spoofed.
“Current approaches to detect and mitigate phishing attacks are falling short. Enterprises have plenty of solutions for employees–email security filtering, employee training, DNS monitoring, and sophisticated website proxy systems. Unfortunately, none of these can help protect their customers, who are often the real victims of phishing.
“Enterprises are left to rely on domain monitoring for spoof websites, which is slow, reactive, and unreliable,” explained Salvatore Stolfo, founder and CTO of Allure Security.
“Allure’s innovative product directly addresses the problem of customer phishing by actively detecting each customer access to the spoof website in near real-time. Furthermore, Allure helps enterprises take down malicious sites, and even helps launch an active defense that devalues stolen customer credentials by flooding the adversary with fake information.”
Allure’s approach is to embed its patented beacon technology into the code of a company’s customer-facing website. When an adversary scrapes a legitimate website to launch a spoof version, these beacons are activated, sending real-time alerts to the company’s security team and collecting information about each access to the site.
Security teams can immediately start the takedown process, and they’ll know the scope of the impact on their customers. They may even be able to tell, with some analysis, which customers were impacted by the attack.
Using Allure’s patented deception technology, defenders can take their response strategy even further to disrupt the economic advantage that hackers have when orchestrating a phishing attack.
Thanks to advances in machine learning, Allure can generate and inject decoy credentials into a spoof website, convincing an attacker that their scheme has worked and a customer has entered their login credentials. But in fact, these are highly convincing decoys with no value to the adversary.
Leveraging decoy technology devalues the stolen credentials and creates uncertainty on the part of the attacker.