RSA FraudAction
Phishing Protection
Overview:
Protect your customers and your organization against phishing, Trojan attacks, social media threats and rogue mobile apps using the all-inclusive RSA FraudAction threat management service. RSA FraudAction:
- Identifies a new phishing attack every 30 seconds
- Blocks 96 percent of malicious sites in 30 minutes or less
- Has shut down more than one million cyber attacks globally
The online channel has never experienced such an innovative, globally integrated crime network as the one it faces today. Criminals have the most advanced technologies at their disposal and operate a sophisticated underground economy:
- Phishing continues to grow
- Trojans are more sophisticated and easier to obtain
- Rogue mobile apps infiltrate public app stores
- Social media is riddled with fake business pages
To date, RSA FraudAction has:
- Shut down over 1 million cyber attacks
- Identified over 1 billion cyber attacks globally
- Recovered hundreds of millions of compromised credentials
The need to have protection against these different types of attacks is critical because they are becoming more and more interrelated-Trojans often have a mobile app component. Social media has become a new haven for fake business pages, created by cybercriminals to mislead consumers.
For complete fraud protection, organizations are challenged either to manage multiple vendors-multiple service metrics, budget requirements and different business relationships, as services for different threat vectors are provided by different vendors-or they have to be selective and prioritize one threat vector over others and take the risk of becoming vulnerable to certain attack types.
Features:
Rogue Mobile App Detection & Shutdown
Monitors all major app stores, detects malicious and unauthorised apps targeting consumers, and shuts down rogue mobile apps.
Trojan Detection & Shutdown
Detects and investigates Trojan malware attacks and works to shut down the fraudulent sites connected to them.
Phishing Protection
Identifies phishing attacks via a broad partner network and active scanning of millions of URLs per day to ensure quick blocking and shut down of confirmed phishing sites.
Social Media Threat Protection
Identifies social pages either directly linked to fraudulent activities targeting your organization or that attempt to mislead your customers by spoofing your organization and/or its affiliates.
Benefits:
- Provides your organization with protection against phishing schemes, Trojan malware, rogue mobile apps and social media threats in one all-inclusive managed service.
- Allows your organization to redirect in-house resources focused on online fraud prevention to higher priority activities.
- Reduces your organization’s risk of incurring fraud losses and experiencing reputational damage due to phishing and other cybercrime activities.
Solutions:
RSA FraudAction 360
In order to defend against today’s complex attack schemes, RSA FraudAction 360 combines all the threat vectors into an all-inclusive external threat management service for complete fraud protection against phishing, Trojan attacks, rogue apps and social media threats. Additionally, customers can gain deeper insight into emerging threats with intelligence reports that provide visibility into the cybercrime underground.
External Threat Mitigation
With an all-encompassing service, organizations can:
- Deploy fewer in-house resources to manage external threats
- Obtain full fraud protection without leaving any threat vector uncovered
- Manage only one vendor budget for 24/7 anti-fraud operations
The RSA FraudAction 360 external threat management service offers the following components:
- Anti-Phishing
- Anti-Trojan
- Anti-Rogue Mobile App
- Social Media Threat Protection
- Select RSA FraudAction Cyber Intelligence Data Feeds and Reports
Anti-Phishing
RSA FraudAction detects and mitigates phishing attacks. The service is designed to help organizations respond to an attack when it takes place and perform detailed forensics following an attack.
Monitoring and Early Detection
RSA employs multiple early detection strategies including monitoring customers’ weblogs. RSA FraudAction detection resources enable our analysts to scan billions of URLs per day, including customers’ abuse mailboxes, and perform both automated heuristic and manual qualification of suspicious URLs.
Real-Time Alerts and Reporting
Once a suspicious URL is confirmed to be a threat, customers are immediately notified and can monitor the latest threat information and status in real time via the RSA FraudAction dashboard. The online reporting portal also provides shutdown timeframes as well as industry and geographic trends.
Exclusive Site-Blocking Network
RSA has become the first line of defense for over 96% of the world’s web traffic with its blocking feed for users of all major internet browsers, including mobile browsers and customers of leading data security providers and ISPs. As soon as the attacks are identified, near real-time feeds of phishing sites are sent to these organizations, which enable them to block phishing sites within minutes of their detection.
Shutting Down Phishing Sites
RSA leverages its long-standing relationships with over 16,000 different hosting authorities and its multilingual capabilities to enable the quick shutdown of fraudulent sites on a global scale. To date, RSA has been responsible for shutting down more than 1 million fraudulent sites hosted in more than 187 countries.
Anti-Trojan
RSA FraudAction detects and mitigates the damages caused by Trojan attacks. The service is designed to identify malware threats, respond to an attack when it occurs and minimize the threat by blocking end-user access to the attack’s online resources.
Identification and Analysis
RSA FraudAction has formed a network of partners in order to achieve a high level of detection. This network includes organizations in several technology areas, including consumer antivirus firms, intelligence operations and internet gateways. When an RSA FraudAction partner detects malware, the Trojan’s information is sent to the RSA Anti-Fraud Command Center (AFCC) for investigation. Expert analysts perform static and dynamic analysis, which uncovers triggers, communication points and other data, as well as the Trojan’s modus operandi on an infected system. When possible, Trojan drop points are monitored in an attempt to recover end-user credentials that have been compromised.
Shutdowns
RSA works on behalf of customers to shut down fraudulent sites connected to each attack’s infection points. After the fraudulent sites are uncovered and analyzed, the RSA AFCC initiates the site shutdown with the cease-anddesist procedure through interaction with ISPs, web hosting facilities and domain registration providers.
Anti-Rogue Mobile App
RSA FraudAction helps organizations reduce fraud losses by taking action against malicious or unauthorised “rogue” mobile apps. The service monitors all major app stores, detects apps targeting organizations’ customer bases and shuts down unauthorised apps-reducing threats to organizations’ reputation and financial losses due to mobile app fraud.
Monitoring and Detection
The service delivers constant visibility into mobile app stores, providing a proactive online defense for organizations. Continuous monitoring of apps stores helps organizations to stay ahead of potential threats and be aware as soon as an unauthorised app surfaces.
Shutting Down Rogue Apps
After detection and shutdown approval, RSA initiates the removal of the rogue app. The service ensures customers’ control over apps representing their organization, allowing only apps issued and/or authorised by the organization to be available in the app markets. The service also ensures that customers and hundreds of millions of online mobile app users are prevented from accessing phishing, malware and other unauthorised apps even before the rogue apps gain exposure and popularity within the app stores.
Social Media Threat Protection
Social media has emerged as an integral communication fabric that weaves together your organization’s brand and associated service offerings with clients. As threat vectors have emerged through new social threads, cybercriminals are abusing social media pages to conduct fraud or initiate a fraud scheme. Organizations are challenged with the task of persistently monitoring for risk across digital channels, including social media, as manual, in-house options struggle to address risk management needs.
RSA FraudAction is designed to provide visibility into social media pages and help organizations distinguish between authorised business pages and potentially hazardous ones. By monitoring social media, RSA FraudAction identifies pages that are directly linked to fraudulent activities targeting your organization, or attempting to mislead your clients by presenting themselves as your organization and/or affiliates. RSA FraudAction enables organizations to rapidly remediate social media fraud threats before severe, long-lasting damage occurs.
RSA Fraudaction Cyber Intelligence
The RSA FraudAction Cyber Intelligence operation provides insight into cybercrime trends and in-depth investigations into fraud methods and operations within the global cybercriminal underground.
Complimentary feeds and reports from the RSA FraudAction Cyber Intelligence Tier 1 service are included in RSA FraudAction 360 without any additional fee. These threat reports and data feeds can be easily integrated into other back-end systems.
RSA Fraudaction 360 Intelligence Deliverables:
- IP Feed: Daily list comprised of high-risk IPs, such as proxies/SOCKS and RDPs
- Email Feed: Daily list of compromised corporate personal employee email addresses and spam emails
- Mule Accounts Feed: Comprised of mule accounts recovered by RSA intelligence analysts
- Item Drops Feed: Comprised of physical mailing “drop” addresses to which “reshipping mules” accept items purchased with stolen cards
- Credit Card Feed: Comprised of compromised credit/debit card details traced in the underground
- Quarterly Newsletter: Global phishing statistics and Trojan statistics as well as an overview of reported trends from the past quarter
- Threat Reports: Report findings on new attack methods and trends from the cybercrime underground
Documentation:
Download the RSA FraudAction Datasheet (.PDF)