Source: securityboulevard.com – Author: pmiquel
Do-It-Yourself Takedown Struggles
A credit union based in the southern United States supports nearly 28,000 members with total assets of $530M from their headquarters in Alexandria, VA. For a credit union of this size, brand impersonation attacks are a known threat, but without scanning the internet for them, it is impossible to know how many spoofs and fake websites are out there.
When the credit union encountered a fake website featuring their brand and targeting their members, they attempted the takedown with their internal IT infrastructure team. In doing so, they discovered the takedown process to be fairly straightforward.
“Each step wasn’t necessarily hard. So much of life isn’t hard once you know the steps to take, but we weren’t really getting anywhere either.”
Senior Systems Administrator
The team submitted their takedown request to the domain registrar in the hopes it would be quickly removed. Unfortunately, registrars receive hundreds and thousands of takedown requests in a given period. There is no guarantee that the credit union’s request would be executed quickly or even at all. It was unclear how long the spoofed website was live before being discovered and just as unclear when the registrar would honor their takedown. Over a week had passed since submitting the request with no response.
Executing a takedown internally was simply too slow. The window between discovery and takedown was so long that a fraudster could have launched their phishing campaign and collected the personal information they were after.
Like many credit unions, this one takes their cooperative model very seriously. The relationship between the credit union and its members is critical to the value they provide and the organization’s survival. They bear a responsibility to protect their members from fraud, and this commitment drove the credit union to explore online brand protection solutions.
The Solution
A Fateful Free-Trial Demonstrates Clear Value
“[The fake website is] not just defrauding us, the institution. It could be defrauding our members. You don’t want that happening to other people, because you didn’t take a step or it could have been done faster.”
Senior Systems Administrator
The credit union is also a member of the FS-ISAC, a consortium for financial institutions to share cybersecurity information where they happened to learn of Allure Security’s online brand protection solution. They decided to see what Allure Security discovered in the broader web.
The fake website still awaiting a pending takedown appeared in the results. The institution had not heard back from the domain registrar, so they decided to execute the takedown using Allure Security’s service. Within a day, the website was removed, and the threat was over. What had become weeks without a response was resolved just like that.
Through this experience, the team recognized how flexible the threat of online brand impersonation can be. On Monday, the fake website could be posted on one service, on Tuesday, it could be taken down; and by Wednesday, it could be back up again and hosted on a different service. Each instance will have other web and IP addresses, different details to record, and a different takedown to undertake. Real online brand protection is a constant effort.
With this in mind, the credit union subscribed to our website spoof protection and social media protection.
The Results
Since subscribing to Allure Security’s services, the team has discovered and swiftly taken down several more website spoofs. The administrator remarked that the takedowns in these instances were so quick it’s unlikely the internal team would have even discovered them in the same period. That was the key value, according to the systems administrator. Allure Security could identify and eliminate a fraud scheme before it could become an incident.
In a proactive step to further protect their brand, employees, and members, the institution expanded its services to include social media protection. Fraudsters use social media channels like LinkedIn to research executives and operatives within an organization and devise impersonation schemes using their likenesses. The credit union chose to pursue social media protection due to the size of the attack surface. Though fewer than 100 employees, they also work with third-party contractors for social media services, significantly expanding potential impersonation targets.
The most significant result of working with Allure Security is that the administrator no longer needs to worry about online brand protection. She knows website spoofs are popping up across the internet, and she’s confident her team at Allure Security is knocking them down just as fast.
“Now I don’t worry about [online brand protection]. It’s happening in the background. For the most part, it’s set it and forget it. Which is very good.”
Senior Systems Administrator
Related Articles
Original Post URL: https://securityboulevard.com/2024/12/credit-union-in-u-s-south-supercharges-takedown-campaigns/
Category & Tags: Security Bloggers Network,case-study,Credit Unions – Security Bloggers Network,case-study,Credit Unions
Views: 2