Summary:
Phishfort offers a comprehensive protection against phishing plus brand protection, adding deep knowledge and experience on takedowns.
Abstract:
The Internet can be a very big blind spot for brands and projects, making it difficult to continuously find and deal with attacks on a timely and effective manner.
PhishFort is committed to fighting Phishing and brand abuse, making a safe space for brands and users.
Motivation:
We are aware of the rise of Phishing attacks that Curve has experience in the last few weeks. This is detrimental not only to the users but to also to the brand’s reputation.
Specification:
We rely on a two part strategy, through a combination of automation and the work of professionals. The first part consists of finding the threats, and the second part is removing them from the internet.
Finding Threats
We use specific programs called harvesters to retrieve information from the sources we have identified to be the best fit. This creates a daily influx of information that needs to be sorted to find where possible threats are. This very big array of data gets processed by our IA, to finally create a list of possible threats that will be further investigated by our 24/7 operations team.
- Detection
- Blocklist
- Takedown
Social Media monitoring
Social media phishing up 100% this year. We monitor and takedown imposter accounts across major platforms
Proactors:
We have created technology designed to interact with scammers on social media at the moment they are creating an attack, including a Twitter honey pot, discord bots, and more to come.
TAKEDOWNS
Once we have identified an attack, we remove it. To do this we blocklist every threat and at the same time proceed to remove it
Phishfort BLOCKLIST:
- Every attack we find is blocklisted.
- Our Blocklist is consumed by many actors: Web Browsers, Anti viruses, Internet providers, specific Web 3 actors (like Metamask) and many others. It currently reaches more than 418 MAU
- This is instantaneous and it creates a FIRST LAYER OF DEFENSE before the takedown happens.
- After the takedown is completed it remains on our blocklist for a year, preventing future attacks on the same url.
THE TAKEDOWN
The removal of the URL, the social media account or the app.
We do it through a wide network of registrars and host providers. We are directly integrated with some
Everything we do it’s based on evidence collection. We know what they require to execute a takedown
Managed Intervention : Our takedown process is totally hands free - we don’t require you to lift a finger.
Legal team on board. We use legal procedures like DMCA.
Real time tracking: Follow and track the entire process on our dashboard.
Communications
-
Curve’s team will have a private communication channel (Telegram or Slack) shared with our 24/7 operations team. Every query and report is immediately attended to.
-
Free plugin: we have a free browser plugin that feeds out from our Blocklist. You can check if we have flagged a site as dangerous and you can report a site to be taken down.
-
The Dashboard: you will have access to the dashboard where we show all the information of every incident that we find. You can report incidents and download reports through the dashboard.
Some of the projects that we protect:
Pricing
Protection Packages
-
Detection Package: flat fee for Detection 1000 USD/month per brand (Including Unlimited Website, Domain and Social Media Detection) plus a fee for every takedown (150 USD per takedown).
-
Unlimited takedowns package: During a free trial, we will estimate the amount of activity that Curve will have in a year to determine a flat fee that will include unlimited detection plus unlimited takedowns.
For:
Curve is experiencing numerous phishing attacks and instances of impersonation on social media. This is detrimental to the brand and could potentially expose users’ funds and information.