StopClone’s anti phishing expertise cuts down the risks by 90%. Included in packages 3 and Blue Chip.
Phishing costs business millions of pounds every year with the criminal’s intent and dynamic continually changing.
StopClone has industry leading experience in tracking and taking down phishing content.
We help you locate and remove malicious content from the internet on your behalf. Depending on the subscription level that you have signed up for, we can do everything from one off web page removals through to extensive monitoring and active brand vigilance. We are that certain that we can get infringing content removed that our higher subscription packages offer you a service level agreement (SLA) for phishing web page removals. If we don’t remove the content within the SLA timeframe, we will provide a full refund equivalent to the takedown fee. We will also continue to monitor the situation enabling us to act quickly should the threat return.
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a digital communication. Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. As of 2020, phishing is by far the most common attack performed by cyber-criminals, with the FBI’s Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime.
Spear phishing involves an attacker directly targeting a specific organisation or person with tailored phishing emails. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success of the attack. Spear phishing typically targets executives or those that work in financial departments that have access to the organization’s sensitive financial data and services. A 2019 study showed that accountancy and audit firms are frequent targets for spear phishing owing to their employees’ access to information that could be valuable to criminals.
Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. Typically this requires either the sender or recipient to have been previously hacked for the malicious third party to obtain the legitimate email.
HOW THEY DO IT
Most types of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourname.example.com/, it appears as though the URL will take you to the example section of the your name website; actually this URL points to the “yourname” (i.e. phishing) section of the example website. Another common trick is to make the displayed text for a link (the text between the <A> tags) suggest a reliable destination, when the link actually goes to the phishers’ site. Many desktop email clients and web browsers will show a link’s target URL in the status bar while hovering the mouse over it. This behaviour, however, may in some circumstances be overridden by the phisher. Equivalent mobile apps generally do not have this preview feature.
Internationalized domain names (IDN) can be exploited via IDN spoofing or homograph attacks, to create web addresses visually identical to a legitimate site, that lead instead to malicious version. Phishers have taken advantage of a similar risk, using open URL redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted domain. Even digital certificates do not solve this problem because it is quite possible for a phisher to purchase a valid certificate and subsequently change content to spoof a genuine website, or, to host the phish site without SSL at all.
YEARS OF EXPERIENCE
CLIENTS IN THE UK
PROFESSIONAL STAFF MEMBERS