Automate Online Brand Protection to Take Down More Malicious Brand Content in Less Time

Attempts to fraudulently use or impersonate a brand is an extensive and severe problem for brands. Most brands have abuse inboxes for the public to report suspicious communications. This is a complex and manual operation for global brands that require brand protection teams to sort through thousands of malicious and benign emails daily, gather forensics evidence, and send take-down requests to the domain or other organizations hosting the malicious content.

This playbook fully automates the process of reviewing the emails sent by customers and the public to online brand abuse inboxes. It detects brand impersonators and malicious URLs using deep inspection of website content and packages everything required to request a take-down (IOCs, forensics, and screenshots) into an email sent to the abuse department to simply forward to the domain registrar.

This playbook leverages SlashNext’s threat detection technology that uses mature machine learning (computer vision, NLP, and OCR) and virtual browsers to dynamically inspect page and server behavior with 99.07% accuracy. This speeds-up the process of taking down malicious sites targeting your organization right now and in the past. With this playbook, teams will save hundreds of hours spent per week managing corporate brand abuse inboxes.

Playbook’s main steps

  1. Extract URL from the reported email
  2. Take snapshot of the email
  3. Request real-time scan through SlashNext SEER Cloud (to be analyzed by a virtual browser)
  4. Download URL Scan Report including website screenshot, HTML and rendered text
  5. Log evidence
  6. Perform a deep inspection of the HTML to find If Phishing URL is targeting the Brand
  7. Forensic Analysis says Yes
  8. Get domain Whois information
  9. Prepare complete evidence to be shared with hosting providers and domains registrars (includes URLs, phishing email and website screenshots)
  10. Dispatch a take-down email to concerned abuse department
  11. Close incident

Built With

  • api
  • playbook
Share this project:

Updates