Bolster Detection/Takedown Engine
A fully automated AI engine that detects and takes down phishing and fraud sites.
Fraud Prevention Command Center
A fully customizable and interactive dashboard, bulk scanner, domain asset management, and threat intelligence.
Brands are being targeted at an increasing rate…
4.2M new branded scam sites went online in 2019. (Up 27% from 2018.)
Finance, Tech, Retail, Pharma, and Travel are the most targeted industries.*
Nearly all of the top-1000 brands in the world have been phishing/scam targets.
$323 billion in losses are expected in 2020.
Let’s take a deeper look at why…
In weeks, a scamming developer builds a phishing kit specific to your brand.
For months, this developer sells the phishing kit on the dark web to a few hundred scammers.
In minutes, any one of those scammers deploys the phishing kit, creating hundreds of fake sites.
Scammers immediately watch the phished credentials roll in.
What does this mean?
Small problem today, huge problem tomorrow.
There’s a significant amount of up-front scam work happening before you even see a single page targeting your brand. This up-front work lays the foundation for an exponential explosion in phishing. Just because you have a small problem today, it doesn’t mean the problem will continue to grow at the current linear pace. Plan ahead.
One scammer away.
It only takes one scamming developer to open the flood gates for your previously untargeted brand. This also means that the problem can disappear and reappear quickly. Having a long-term automated solution is critical, so that when attacks spike, your attention doesn’t have to.
What can brands do?
Bring on Bolster for industry-leading detection, automated takedown, continuous monitoring, and rich threat intelligence.
We monitor all URLs with any similarity toward your brand or brand keywords to get obvious fraud and phishing (e.g. ub3r.com, ubër.xyz, etc) across 1500+ top-level domains (.com, .xyz, etc), but that isn’t enough.
The most advanced attacks are the hardest to catch and often don’t follow any URL patterns. This is why we monitor Certstream, passive dns records, new domain registries, proprietary feeds, and many other sources to find the most recent sites before they do any harm.
Most vendors use a blacklist, where URLs are confirmed manually by people. Days to detect the site; days to make a verdict. We use a suite of AI technology to look at the page and render a verdict - how a person would. This process takes milliseconds and has a 1/100,000 false positive rate.
At a minimum, we scan every suspicious URL and confirmed scam URL daily. If a scam site comes back, then we issue a takedown to the hosting provider immediately or go straight to the domain registry and take it down there.
We provide a customizable dashboard with takedown metrics and takedown trends. We also have a timeline feature that shows daily screenshots and updated threat intelligence for every scanned site, so you can rest easy that scam sites are going down and staying down.
We issue takedowns via an API integration with domain registries or an automated evidence email. The API takedown takes minutes. The automated evidence email contains a screenshot of the site with 20+ threat intelligence data points. The volume and clarity of evidence puts clear legal responsibility on the hosting provider or domain registry to take the site down.
Our 95% and growing takedown rate is a credit to the responsible hosting providers that have built API integrations and tirelessly validated and accepted the quality of our verdicts.
Most existing solutions are either: entirely manual or automated with a high false-positive rate. Manual solutions require days for a team of analysts to detect and diagnose phishing sites – only to provide that information for you to action. Technical solutions have large false-positives, which require them to get confirmation and validation from you. In both cases, action is expensive and time-consuming. Just in the time between your vendor knowing there’s a problem and your team taking action, there are countless new customer victims.
Our high accuracy enables us to have a fully-automated approach, requiring 0 oversight. We detect a site; we issue a takedown. You won’t need to reply to middle-of-the-night emails.
Rich Threat Intelligence
Our detection AI pulls everything we can about the scammer, the scam site, and the scam site’s infrastructure. We download the phishing kit (for attack attribution) and site DOM file. We store the drop email, where the phished credentials get sent. We store IP Address, geolocation, ASN, network owner, hosting provider, abuse contact, site screenshot, past and current phishing hosted on that domain and IP, other brands being scammed by the same infrastructure (for inter-brand coordination and corrective action), SSL certificate information, and passive DNS information.
Receive a free 30-day phishing and fraud audit for your company.
We monitor the world's top brands for online phishing, counterfeiting, and brand infringement, and provide that information back to our customers. Submit your work email and we'll send you the free audit that corresponds to your domain: