New feature can detect takeover efforts before they occur
Israeli cybersecurity start-up Segasec is adding to its managed service offering the ability to detect potential account takeover attempts aimed at online brands.
The Lowdown: The aim is to thwart such takeover attempts before the companies or their customers can become victims of phishing attacks or fraud scams, which can lead to consumer information being stolen and companies’ reputations being marred.
The Details: Segasec’s solution, which is delivered as a managed service, is designed to detect and mitigate consumer phishing scams, which can lead to customers having their personal information stolen or customers buying goods unknowingly, and can also damage the brand of the company they’re doing business with. Segasec uses Big Data analytics and machine learning algorithms to run quadrillions of scans to identify efforts by cybercriminals to take advantage of a brand to get to consumers.
Segasec’s service does everything from detecting and responding to attacks to blocking them and taking them down. The new early detection feature enables the vendor to detect a fake Website and secure consumer account credentials before they can be accessed by hackers. Throughout this, the consumer’s data remains encrypted via a public key to which Segasec does not have access. The new feature is closed beta for certain financial services and retail customers.
The Impact: Security breaches that expose customers’ personal data can be costly. For example, British Airways ran afoul of the European Union’s General Data Protection Regulation (GDPR) when a phishing scam in mid-2018 diverted customers from the airline’s official site to a replicated Website designed to steal credentials. The EU fined the airline $230 million.
Segasec this year looked at domain spoofing efforts aimed at customers of Walmart, Wayfair, and Best Buy in the week before Mother’s Day and found a significant uptick in activity. The company found that 188 domains related to Walmart’s brand had been created, compared with 80 new domains two weeks before the holiday.
Background: Cybersecurity vendor Proofpoint in a report this year found that more than 75% of companies discovered fraudulent domains leveraging their brand and 96% discovered exact matches of their own brand-owned domains, with only the top-level domain (TLD) – such as .net instead of .com – being different.
The Buzz: “This is a highly differentiated capability, which, to our knowledge, no other phishing-focused security software company offers,” said Segasec CEO Elad Schulman. “The ability to collect information from the attacker’s environment without getting detected by the attacker is very unique. The dynamic nature of attacks, coupled with automation attackers are using and their cloaking capabilities, is a constant threat to brands. Our new feature should help them and their customers sleep better at night.”