Usually, we have to take a few days, even a few weeks to figure out a phishing campaign and take action to stop them. The detection and blocking is still mainly based on reports of users.
So is there any way to detect phishing attacks actively and early even before the first victims accesses to it?
We have developed algorithm based on “predictive analytics” technology, which can predict phishing attacks by evaluating a domain name and website as soon as it is registered and erected.
CyRadar Predictive Analytics: phishing is detected as soon as they are created
A typical example, out of nearly 150K domains registered on 12/12/2016, the system has reported to us about a suspicious domain name: zaloapp.mobi, through semantic analysis of the domain name and the related information such as the IP address resolution, Whois information …
Content of phishing websites
Moreover, by Malware Graph phishing, we also discovered from zaloapp.mobi a server that this domain name leads to: 143.95.63.79, which is 1 “reservoir” containing all the phishing sites, many new domain names have been created in the last few days:

A detected “reservoir”

There are also websites that impersonates The Tax Department
Most phishing sites are not detected by various security softwares. Of course, CyRadar is different, because we are taking the lead in predictive analytics trends 😀
Source: FB CyRadar
Related posts: