NEW: Forrester TEI Study: Bolster Delivered 278% ROI. Learn More  
Contact Us Support Log In
  • Platform
    • Domain Protection
      Domain Monitoring and Takedowns
      Use Bolster AI to Detect and Take Down Look-Alike and Fake Sites
    • Social Media Protection
      Social Media Monitoring and Takedowns
      Stop Fakes and Fraud from Eroding Your Business and Brand
    • App Store Monitoring
      App Store Monitoring and Takedowns
      Rapid Detection and Takedown of App Store Infringements
    • Dark Web Monitoring
      Dark Web Monitoring
      Get Actionable Insights into Dark Web Threats
    • 24/7 Platform Support
      24/7 Support
      Round-the-Clock Support When You Need It the Most
  • Solutions
    • Account Takeover Protection
      Account Takeover Protection
      Early Detection of Phishing Campaigns and Compromised Accounts
    • Phishing & Scam Protection
      Phishing & Scam Protection
      Protect Against Phishing and Scam Attacks That Bypass Traditional Defenses
    • Brand Protection
      Brand Protection
      Automatically Detect and Take Down Brand Abuse Sites
    • Typosquatting Protection
      Typosquatting Protection
      Automatically Detect and Take Down Impersonating Domains
  • Why Bolster?
    • Bolster technology
      Industry-leading AI Technology
    • Bolster takedown
      Industry-leading Takedown Technology
    • Bolster difference
      The Bolster Difference
  • Customers
  • Company
    COMPANY
    • Overview
    • Careers
    • Our Team
    • Press
    • Contact Us
  • Resources
    RESOURCES
    • Resource Center
    • Blog
    • Checkphish
    • Domain Risk Report
    • Global Fraud Index
    • Glossary
Request Demo
Blog Support Log In
Request Demo
  1. Home
  2. Customers
  3. Case Study
  4. CaptivateIQ
CaptivateIQ Logo

CaptivateIQ Expedites Takedown of Spoofed Domains and Fake Jobs

“It's great that Bolster has monitoring across domains and social media, and is able to present the risks. Having that laid out in an easy fashion is really helpful and allows us to make business decisions.”

CaptivateIQ

Head of Security

  • Company Overview
  • Challenges
  • Build vs. Buy
  • Choosing Bolster
  • Benefits
  • Looking Ahead

Company Overview

Based out of San Francisco, California, CaptivateIQ is a provider of Incentive Compensation Management (ICM) solutions that automate and improve the complex task of designing, processing, and reporting sales commissions. Now with around 300 employees, CaptivateIQ is leading the market in helping organizations design customized sales compensation plans. A VC-funded unicorn valued at $1.25 billion, CaptivateIQ has customers that range across hundreds of organizations in a multitude of industries and continents and include more than a third of the Forbes 2022 Cloud 100 companies. As a tech “unicorn”, CaptivateIQ needed to ensure that they protected their brand from malicious actors looking to profit off their accelerated growth.

“We were notified of a fraudulent job post, which ended up being a scheme to get victims to pay money as part of their onboarding. The perpetrator had even created a fake CaptivateIQ domain.”

CaptivateIQ, Senior Manager of Security

Challenges

Job scams, such as the one identified by CaptivateIQ, have become a growing challenge for multiple industries, especially as scammers get smarter and more creative. CaptivateIQ has seen exponential growth in size from their product development to their customers, and many hopeful job seekers were excited to be part of this monumental growth. However, attackers also noticed this trend and capitalized on it by creating spoofed CaptivateIQ domains to deceive job candidates into giving over both their personal information and funds. In an intricate scheme that involved multiple malicious actors impersonating CaptivateIQ’s recruiting and executive team, unsuspecting job seekers would be led through a fictitious job interview process and tricked into paying for job-related expenses like onboarding equipment shipping costs. While the total number of victims is unknown, the CaptivateIQ security team counted at least five duped interviewees that reached out to their organization since they began the process to take down fake CaptivateIQ content online.

“When we realized this was a sophisticated scheme that was impersonating our brand and affecting unsuspecting job seekers, we realized we needed to go on the offensive and find a tool out there that would help us. Not only just take this down but prevent it and monitor it in the long term.”

CaptivateIQ, Senior Manager of Security

Build vs. Buy

The CaptivateIQ security team ran into trouble when taking down spoofed sites as the domain registrar hosting these malicious sites simply did not respond to their repeated requests. CaptivateIQ’s security team realized they needed a vendor that already had relationships with hosting providers and could broker the takedown in an expedited manner. In addition, CaptivateIQ had limited mechanisms that allowed them to detect, with certainty, other malicious sites across the internet. While the CaptivateIQ security team has had experience building OSINT (Open-Source Intelligence) tools for detection and monitoring, their security and IT team was only 10 strong and they knew that it would take months to build these detection tools, set them up, monitor them, and integrate them with the rest of their security stack. The arduous process of building the detection and monitoring tools coupled with the lack of response from domain registrars made it a no-brainer to find a brand protection vendor that specialized in the detection and takedown of malicious sites.

“The key value is that [Bolster]has direct connections with all the vendors that we need to work with to take down bad sites. For example, we emailed one registrar and they never got back to us. When [Bolster] did it, they got back to you the next day. I mean, till this day, they still have not replied to my email. It's been three months.”

CaptivateIQ, Senior Manager of Security

Choosing Bolster

Bolster came highly recommended from security leadership at a peer organization and CaptivateIQ’s security team had a seamless experience from demo to POC to deployment. During POC, Bolster was able to not only detect an active site spoofing CaptivateIQ but also take down the spoofed domain within 24 hours. The successful POC was enough to convince CaptivateIQ that Bolster was the right choice for them in protecting against current and potential future job scams. CaptivateIQ immediately saw the value of leveraging Bolster’s existing relationships to address their challenges. In the first week of deployment, CaptivateIQ was able to detect and take down two additional malicious domains spoofing their brand and monitor for any resurgence of fraudulent activity.

“It was an easy standup. We sent over the brand in terms of the name and logo. Then we started to see the results from Bolster’s search come in. And then we saw that one fraudulent domain and that was taken down pretty swiftly. That contributed to our decision to ultimately select [Bolster]as our tool of choice.”

CaptivateIQ, Senior Manager of Security

Benefits

Since deploying Bolster, CaptivateIQ has been able to continuously monitor both the open web and social media platforms for any potential job scams impersonating their brand. CaptivateIQ can now easily automate the takedown of spoofed sites without involving their legal team or having to devote manual hours to using OSINT tools to find active fraud or suspicious activity online. Being able to accurately detect potential malicious sites and take them down in an automated fashion has been essential to CaptivateIQ’s requirement for fast and accurate remediation. Beyond social and web takedowns, CaptivateIQ has also helped prevent many unsuspecting job seekers from falling victim to, and experiencing the future financial loss associated with these types of fake job scams. In taking the offensive with scammers, CaptivateIQ is setting an example of how to practice proactive security for the broader tech community.

Looking Ahead

CaptivateIQ has already leveraged many aspects of Bolster’s social media protection but is looking to expand coverage to fake job listings and other avenues for potential scams across social media sites. Bolster’s ability to offer a consistent detection and takedown experience across multiple different channels; whether the open web, social media, app stores, or even the dark web; has been a highly attractive differentiator. As this tech unicorn continues in its meteoric rise, they will also continue to expand in both use cases and channels to protect against potential and growing fraud. Bolster is proud to be a strategic partner to CaptivateIQ in the journey to make the internet a safer place.

“Even if you feel like you're a company that's not in a highly targeted space like the financial industry, you still can be affected by attacks. [Working with Bolster] has been a great experience and it's especially important for us to help others out there.”

CaptivateIQ, Senior Manager of Security

Bolster logo white

Bolster builds AI/ML technology to protect regular citizens from bad actors on the internet.

SOC Type II Certified
    • Technology
    • Website Takedown
    • Bolster Difference
    • Persona
    • Security
    • Legal
    • Engineering
    • Trust & Safety
    • Security
    • Legal
    • Engineering
    • Trust & Safety
    • Brand Protection
    • Phishing & Scam
    • Fraud Prevention
    • Account Takeover
    • Domain Monitoring
    • App Store Monitoring
    • Real-Time API
    • Social Media Protection
    • Resources Center
    • Bolster for Good
    • Global Fraud Index
    • Domain Risk Report
    • Blog
    • Checkphish
    • Glossary
    • Careers
    • About Us
    • Our Team
    • News
    • Contact Us
    • Media Kit
SOC Type II Certified
Copyright © 2023 Bolster Inc. All Rights Reserved.
Privacy Policy Terms of Services