Have you ever been phished? Would you know the difference between a phishing website and your bank’s legitimate website? We all hope we could identify the difference between our financial institution’s domain and a phony one. However, statistics indicate that 30 percent of phishing emails are opened. To make matters worse, more than 400,000 fraudulent sites were visited each month and more than 13,000 new phishing sites cropped up daily in 2016. Based on an internal study, IBM researchers determined that 70 percent of credentials are collected within the first hour of a phishing attack.
It is no secret that cybercriminals are dynamic in their attack methods. In the last decade, phishing has undergone a profound transformation, and fraudsters have developed sophisticated tools to gain access to unsuspecting victims’ banking information through fake emails and websites. These advanced tactics and compelling lures trick a large number of people who land on these pages. Victims often inadvertently disclose their login credentials or payment card information, making phishing a lucrative pursuit for cybercriminals.
Phishing in Troubled Waters
Financial institutions aim to keep all their customers’ information and funds safe from fraud. They often have multiple security systems, external services, and internal fraud and security teams. However, phishing attacks occur outside of online banking sessions. Most banks use phishing takedown services to try to keep pace with the growing number of attacks, but these services, while effective in taking down the threat, may take hours or days. By then, it is often too late.
Read the white paper: Adapt to new phishing threats and assess websites automatically
IBM Trusteer’s new cognitive approach, developed by IBM Trusteer Research and the IBM Cyber Security Center of Excellence at Ben-Gurion University, Israel, is incorporated in IBM Trusteer Rapport using patented machine learning and advanced analytics to monitor unstructured website data including links, images, forms, text, scripts, document object model (DOM) data, URLs and more. Sophisticated algorithms evaluate many variables, generate highly accurate threat scores that indicate which brands are under attack and separate legitimate sites from phishing traps.
Additionally, the technology learns with each interaction, giving it the ability to keep up even as phishing tactics change. When you add these new and robust features to existing analytics and other global security intelligence data, IBM Trusteer Rapport can help financial institutions protect their customers like never before.
Reel In Phishing Attacks With IBM Trusteer
But detecting a phishing site is only half the battle. When the IBM Trusteer Rapport solution identifies a suspicious site, it can rapidly notify or block the end user to help prevent the theft of credentials and payment card data.
Traditional anti-phishing takedown services are generally unable to shut a site down before it infects others, since it only takes about 82 seconds from the moment phishing attacks are launched for the first person to fall victim. Furthermore, phishing sites have a median uptime of 10 hours.
By combining machine learning and advanced phishing detection capabilities with client-based fraud protection, IBM offers a huge leap forward in the area of fraud prevention. Due to its advanced capabilities, IBM Trusteer Rapport continuously learns so it can adjust accordingly when cybercriminals change their attack methods.
There’s an easier, faster and more effective way to combat financial fraud due to phishing. To learn more about IBM Trusteer Rapport’s phishing detection solution, please contact your IBM representative or IBM Business Partner, or download the white paper, “Adapt to New Phishing Threats and Assess Websites Automatically.”
Senior Financial Crimes Intelligence Specialist, IBM Red Cell