Automated phishing site takedown with Namecheap and ThreatMark API integration

7.6.2022 TM News TM Services

Phishing is the scourge of the modern digital era. Verizon’s Data Breach Investigations Report notes that over 82% of data breaches include the human element, with phishing as the main vector. Similarly, the FBI’s IC3 report quantifies $4.2 billion of damages from cybercrime led by phishing, business email compromise, and extortion.

It is now obvious that the Covid pandemic, and the subsequently accelerated digitalization of work and businesses, have advanced digital fraud and threats in both complexity and scale.

Phishing is a prime example of the accelerated threat vector that plagues the digital world.

Why does phishing remain a prevalent problem?

Phishing continues to be a problem simply because our reliance on digital systems, platforms and technology are so abundant and critical to our daily lives.

From the tech side, phishing is relatively easy to do and it’s scalable. Especially given the fact so many different communication methods serve the phishing links – such are SMS, instant messaging, and of course private and business emails.

Previously we’ve discovered how fraudsters are abusing the Google App Engine to create and deploy phishing websites at scale.

In banking-specific phishing, we’ve seen fraudsters abusing known brands (such as a national post office) or institutions (Tax authorities, e.g.) to serve phishing pages that target multiple banks on one single page.

How ThreatMark sees phishing and how we minimize its impact

At ThreatMark we see phishing as a critical vector that fraudsters deploy to get access to users’ digital bank accounts.

Our advanced platform employs various methods to discover phishing websites and compromised users. Additionally, our technology is complemented by a Cyber Fraud Fusion Center team (previously ThreatMark SOC team) who vigilantly monitors the internet for threats and, with phishing specifically, works with leading hosting and domain providers to remove phishing websites from the internet.

Last year the CFFC team analyzed over 87 000 suspicious emails and 15 000 suspicious URLs. Their work resulted in taking down over 950 phishing pages.  

In our efforts to enable fast and scalable phishing mitigation, we joined forces with Namecheap.

Joining forces with Namecheap to take down phishing websites in 10 minutes

In the middle of 2020, our CFFC team reached out to Namecheap with a proposal to develop a direct API connection with our system to programmatically identify and remove phishing websites from their systems.

“When dealing with phishing websites, our main goal is to take them down quickly to minimize the number of potential victims. Once we report the content to the website’s hosting provider and domain registrar, it is out of our hands, and we must wait for the 3rd parties to act. The speed at which they can do so varies greatly.” said Luca Winter, Security Engineer at ThreatMark.

“Going through the regular support queue to report these websites is not ideal. I can imagine many other requests come in and need to be processed, especially at a large company like Namecheap. Despite that, the Namecheap team was always able to react in a reasonable time. We felt there may be room for improvement and proposed an idea where trusted 3rd parties would be able to report verified malicious content, such as phishing websites, more directly without going through the regular support queue.

The outcome would be a solution where everyone benefits – malicious content would be taken down faster while wasting little resources.”

The Namecheap team welcomed the idea.

“In a fast-changing world like ours, where technology gets more complicated and abuse methods become trickier, it is important to have reliable and innovative partners to help combat online fraud. I remember back in 2020 Threatmark suggested we optimize the way we receive and process their abuse reports. It was a terrific idea, but one that would take some time and effort.” said Kamila Y., Legal & Abuse Team Leader, and continued: “Undaunted we went to work, and once we had our new automated reporting system ready and tested, we reached out to ThreatMark to help roll out the revamped abuse processing system.”

From the launch of the system, its benefits, and value became very clear.

Den K., Legal & Abuse General Manager at Namecheap said: “We spend significant resources to optimize the process of receiving abuse reports to promptly take action.

Partnering with a top-notch organization like ThreatMark helps us find, identify and stop phishing threats even more quickly and efficiently.”, and continued, “Together with the help of ThreatMark cybersecurity specialists, we can increase our anti-abuse investigation efforts and effectiveness.

Because of our strong team effort, bad actors now face considerable blockers when attempting to execute phishing attacks with Namecheap services.”

“We’re thrilled we’ve made this work. The value we provide to our clients is unheard of.

Phishing mitigation – from detection to removal – under 10 minutes is a milestone for the entire industry”, said Luboš Klinko, ThreatMark’s Cyber Fraud Fusion Center Team Leader, “At the moment we’re exploring partnerships with other hosting and domain providers so we can provide and apply our solution more broadly. Hopefully, in the not-so-distant future, we’ll be able to remove phishing websites almost instantly, across all the major providers.”

Let’s work together to build a more trusted digital world

We’ll use this opportunity and call other companies to join forces and help fight the phishing scourge jointly – the same way fraudsters cooperate, we should as well.

Collaboration and information sharing are a path to a better, more trusted, digital world.

Let’s make something amazing together, reach out to with your ideas and proposals.