swisspentest - Phishing Threat Intelligence

Threat Detection and Prioritization

Nearly 1000 phishing attacks against Universities have been detected since September 2017.


Phishing Threats

Misused trust

Phishing attacks are attempts to gain access to personal data of a user via fake websites, e-mails or short messages.

The aim of the fraud is to use the data, for example, to loot an account and harm the end user or the company.

Our Preventive Solution

Threat Intelligence

With the swisspentest Threat Intelligence, so-called "homographic domain attacks" can be prevented. In this type of attack, the victim for example receives a phishing e-mail with a login link that looks identical to the URL of a trusted organization. The attacker makes use of the similar appearance of different characters and can thus obtain the user's login credentials. One module of the swisspentest Threat Intelligence searches the Internet for similar-looking URLs to detect possible fake websites. An example of a similar-looking character is "r" and "ŗ". What looks like a stain on the screen can lure end users to a fake website in order to steal their user data.

In order to carry out a successful phishing attack, an attacker needs an e-mail address to be able to send an e-mail with a link (e.g. a fake survey or contest) on which the user should click to visit the fake website. The email addresses of relevant people are often unintentionally contained in the meta tags of website media. Our scanning engine automatically scans your websites for hidden but publicly accessible email addresses.

In addition, the engine scans the App Stores for fake apps that disguise themselves as legitimate applications. This way countermeasures can be taken to protect user data.


The Power of Innovation

Wie gewohnt von früheren Projekten ist der Support der KastGroup persönlich und es wird sehr auf die Bedürfnisse des Kunden eingegangen...
Hans Hess
Senior Partner, scheggpartner AG
Referenzen lesen