Usually, we have to take a few days, even a few weeks to figure out a phishing campaign and take action to stop them. The detection and blocking is still mainly based on reports of users.
So is there any way to detect phishing attacks actively and early even before the first victims accesses to it?
We have developed algorithm based on “predictive analytics” technology, which can predict phishing attacks by evaluating a domain name and website as soon as it is registered and erected.
A typical example, out of nearly 150K domains registered on 12/12/2016, the system has reported to us about a suspicious domain name: zaloapp.mobi, through semantic analysis of the domain name and the related information such as the IP address resolution, Whois information …
Moreover, by Malware Graph phishing, we also discovered from zaloapp.mobi a server that this domain name leads to: 22.214.171.124, which is 1 “reservoir” containing all the phishing sites, many new domain names have been created in the last few days:
A detected “reservoir”