RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY RSA CYOTA PROJECT PROPOSAL RSA FRAUDACTION ANTI-PHISHING SERVICE V.1 2011
Overview This brief highlights the benefits of the RSA FraudAction Anti-Phishing Service, which employs a highly effective, comprehensive mitigation strategy against phishing attacks. The service s extensive, pre-scanned phishing feed, early detection methods, dual manual and automated qualification procedures, its extensive blocking network, speedy shutdown routine and forensicsextraction capabilities all make RSA a worldwide leader in phishing mitigation. Why the FraudAction Anti-Phishing Service? The RSA FraudAction Anti-Phishing service ( APS ) was created by RSA in 2004 to prevent and mitigate phishing attacks that target consumers mainly for the purpose of committing financial fraud. The APS is currently provided to over 360 customers, chiefly financial institutions, located around the globe, as well as other cloud-based service companies. Since its establishment, and as of October 15, 2011, the APS has successfully shut down over 500,000 phishing attacks hosted in 185 countries around the world. Offered as an outsourced, managed 24x7x365 service, the APS allows organizations to minimize resource investment, while providing an effective, real time solution against phishing attacks immediately upon their detection. Dedicated to closely monitoring the latest trends in online fraud, the APS is supported by RSA s exclusive Anti-Fraud Command Center (AFCC), which is staffed with an experienced team of 130 fraud analysts, making it the largest anti-phishing command center in the industry. Why Deploy a Phishing Mitigation Strategy? Deploying an effective, comprehensive mitigation strategy enables financial institutions to: Decrease financial losses incurred from phishing attacks, thanks to all the practices and procedures detailed further below, namely: Shutting down phishing attacks within one of the best shutdown medians in the industry! The timely shut down of phishing attacks substantially reduces the subsequent potential losses that may be incurred by a financial institution as a result of the fraudulent utilization of compromised credentials harvested via phishing attacks. (For details, see below.) Protecting your brand s reputation, and maintaining consumer confidence in your online banking channel by blocking malicious URLs through RSA s Global FraudAction Blocking Network the largest blocking network in the industry! (For details, see below.) Reducing the fraudulent utilization of harvested credentials by shutting down phishing attack drop points. (For details, see below.) CONFIDENTIAL PAGE 2 of 5
Identifying vulnerable banking vectors through the analysis of data elements requested in phishing attacks, and taking proactive measures to reduce the vulnerability of targeted banking vectors. (For details, see below.) Dramatically reduce the duration of a phishing attack, and enjoy one of the best shutdown medians in the industry -- only 5.4 hours 1! As part of the Anti-Phishing Service, you benefit from numerous early detection mechanisms that further expedite the detection and mitigation process, and consequently further reduce phishing exposure. Early detection methods employed by RSA, include the monitoring of: Detection feeds provided by the FraudAction Detection Network Partners. RSA has partnered with leading ISPs, webmail providers, and anti-spam companies to receive feeds of pre-scanned email messages and URLs drawn from internet resources located around the globe. Prior to their delivery to RSA, these feeds are scanned and filtered according to predefined patterns that indicate that a URL or email message is used for phishing. Our detection partners include leading service providers such as Commtouch, Yahoo and AOL. The customer s Abuse Mailbox. By monitoring a customer s abuse mailbox, RSA can scan over emails and websites reported by the bank s consumers to be spam email or phishing attacks. Emails forwarded to RSA undergo an initial automated scan, which flags any suspicious cases, and emails subsequently undergo manual review by the AFCC s fraud analysts. The customer s server weblogs. The ongoing monitoring of a customer s weblogs enables RSA to detect suspicious activity related to the setting up of phishing sites before an attack goes live. As phishing attacks may pull specific page elements from the customer s genuine website (e.g. genuine graphics or CSSs), or may refer victims to the customer s genuine URL, RSA can determine whether such references are made from a live or preloaded phishing attack. In this manner, RSA can take preemptive measures, such as blocking and shutting down a phishing domain during the attack-setup stage. Known rogue servers. Servers that are known to cater to malicious operations, and host such content as Trojan infection points, phishing kits, and mule network operations are monitored for new phishing attacks; at times enabling their detection prior to the kit going online. These servers are sometimes rented out to fraudsters by facilities known as bulletproof hosting services. Drastically decrease consumer exposure to attacks through RSA s Global FraudAction Blocking Network. RSA s exclusive site blocking network comprises some of the world s leading firewall vendors, ISPs and browser developers, including Microsoft, McAfee, Commtouch, AOL, Yahoo, Checkpoint, and Radware, among others. With the cooperation of our blocking partners, RSA ensures that tens of millions of online users are prevented from accessing confirmed phishing sites, even if they click on a link within a 1 Median Shutdown time for the month of August 2011. CONFIDENTIAL PAGE 3 of 5
phishing e-mail or bogus social network message. The FraudAction Blocking Network partners are provided with near real time feeds of attacks to enable their blocking as soon as they are identified by the AFCC as being malicious. This means that phishing attacks are blocked by our partners within minutes of their detection! By blocking and shutting down phishing attacks in a timely manner, RSA limits the duration of phishing campaigns that target your financial institution s brands, and limits the accessibility of phishing attacks to potential victims. Combined, these mitigation methods protect your brands reputation and maintain consumer confidence. Prevent fraudulent utilization of access credentials thanks to RSA s forensics recovery capabilities. Technical analyses of phishing kits conducted by the APS, enable locating the drop point deployed by phishing perpetrators to collect sensitive information from their attacks. By shutting down attacks drop points, we prevent fraudsters from utilizing the fruits of their cybercriminal operation. Among others, phishing drop points may consist of directories hosted on hijacked websites, fraudsters webmail accounts, or accounts opened at online form-distribution services. Thanks to RSA s forensics-recovery capabilities, the fraudster s drop point can be identified and shut down, thus preventing or reducing subsequent fraudulent transactions that would have been performed using the harvested credentials. Identify vulnerabilities in current authentication procedures. Being able to view images taken from phishing attacks enables our customers to perform a breakdown and analysis of data elements requested in phishing attacks. This in turn can assist in identifying specific vulnerabilities in the targeted vector, and enable the customer to take proactive mitigative measures. Analyzing the data elements harvested by attacks on your brands can help your organization identify the following fraud vectors: Online banking fraud Attacks requesting basic online banking data elements E-commerce fraud Attacks requesting CVV2 data elements Telephone banking fraud Attacks requesting telephone banking passwords and other identifying information, such as the accountholder s nationality, driver s license number or various phone numbers (work/home/mobile numbers) which may further be used to spoof the accountholder s number. Multi-vector operations Attacks requesting a complete set of data elements ATM fraud Attacks requesting complete data element sets + card PIN To learn more about RSA s Anti-Phishing Service and the layered protection approach against online threats, kindly contact your FraudAction project manager. CONFIDENTIAL PAGE 4 of 5
2011 RSA Security Inc. All rights reserved. RSA, the RSA logo, and FraudAction are registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other products or services mentioned are trademarks of their respective owners. CONFIDENTIAL PAGE 5 of 5