SlideShare a Scribd company logo

Are There Any Domains Impersonating Your Company For Phishing?

NormShield
NormShield

1. Jack, an employee, receives a phishing email impersonating his company and clicks a link that takes him to a malicious phishing domain very similar to his company's real domain. This allows hackers to steal his credentials. 2. Phishing domains try to impersonate companies to steal credentials from employees and customers. They use techniques like substituting letters to make the domain look similar to the real one. It is difficult for companies to search for these domains but tools like NormShield's free phishing domain search can help. 3. NormShield's free phishing domain search allows companies to enter their domain to search for impersonating domains, check if their email accounts were breached, monitor for new phishing

Technology
1 of 11
Learn with NormShield's Free Phishing Domain Search & Monitoring Services Are there any domains impersonating your company for phishing?
1A Phishing Story Jack, a manager in a major company called example.com, receives an e-mail from his company to check out his updated salary for the next year.  He, expecting a raise, excitedly clicks the link in the e-mail. The link forwards him to the company’s employee login page and he enters his credentials (username and password) and suspects nothing.  However, Jack overlooks the domain name of the website where he enters his credentials, because it is very close to the real domain name of his company, that is example.com, but it was a phishing domain (the letter after “p” is not the letter “l” but it is a capital “i”). Now, hackers, who setup such a phishing domain, obtain Jack’s credentials to access the company’s system. Depending on Jack’s privileges in the system, they can do many malicious activities in seconds. 1
2Phishing Domains Phishing domains are exploited to target not only employees but also customers. Even though companies cannot be directly held responsible for customers deceived by phishing scams, it is a loss of reputation when a company does not take necessary measures.  Name-blending (look-alike) phishing domains often swap easily-confused letters (“u” and “v” or “t” and “f”) and/or put additional characters in the domain (ex-ample.com for example.com). These typo-squatting techniques are quite efficient for attackers. Today, phishing domains even have valid SSL or TLS certificates to lure their targets. 2 It is very difficult for a company to search the entire web and determine a phishing domain that may target its employees and customers, but there are certain tools that can be used for those purposes such as  NormShield’s  Free Phishing  Domain  Search.
3 According to a recent Rant survey of 100 UK-based senior IT security professionals, 48% of CISOs report that the biggest security incident in the last 12 months that resulted in unauthorized access to corporate applications was due to phished credentials. 3 Credentials stolen with phishing increase the breach risk 1 2 3 Almost 50% of CISOs report that the breaches was due to phished credentials Phished credentials caused breaches twice as many breaches than malware 48% Phished Credentials Number of breaches caused by phished credentials is more than breaches caused by malware and unpatched systems combined Phished Credentials (48%) Malware (22%) Unpatched Systems (19%) Other (11%) 48 22 19 11 x2 Malware
4 Recent research conducted by Venafi analyzed suspicious domains, targeting the top 20 retailers in 5 key markets – U.S., U.K., France, Germany, and Australia. The Venafi research provides interesting findings: 4 Number of phishing domains are on the rise 1 2 3 Finding 1 12,000 PHISHING DOMAINS for top 20 US retailers analyzed Finding 2 Finding 3 Number of certificates for phishing domains is double of authentic retailer domains For German top 20 retailers, the number of phishing domains is  four times more than original domains
5Use of phishing domains to cover tracks Name-blending phishing domains are exploited not only for phishing attacks to steal credentials but also for attackers to cover their tracks in malicious codes. Researchers from RiskIQ revealed that recent advanced attacks against British Airways and Newegg executed by MageCart hackers inserted malicious codes into target companies’ websites to steal customers’ payment information.  5 Attackers used only a 22-line script code to victimize 380,000 customers of British Airways where the code includes a phishing domain in line 16, namely baways[.]com to better cover their tracks. So anyone who inspects this piece of code may overlook the domain without noticing that it is a phishing domain. Attackers behind Magecart campaign used a similar approach when they targeted Newegg. In a smaller piece of code (15 lines only) injected to the website, attackers were able to stole payment information of Newegg's customers. The code included a phishing domain as neweggstats[.]com.
6Attackers evolve their techniques Phishing attacks in the past included malware inside e-mails usually as an attachment. But attackers have evolved their techniques to more malware- less phishing attacks that also use phishing domains.  6 FireEye found that 90% of e-mail attacks are actually malware-less (with 81% is phishing attacks) by analyzing over a half-a-billion e-mails sent in the first half of 2018.  Malware-less (90%) Malware (10%) 90 10 Impersonation  Whaling CEO Fraud Credential Harvesting W2 Scams Spear Phishing 65%GROWTH OF PHISHING ATTEMPTS  Same report released by FireEye also revealed that, in the last year, phishing attempts grew 65% and 30% during the 2017 holiday season alone.
7NormShield Free Phishing Domain Search & Monitoring 7 Digit count in the URL Domain-based Page-based Content For a company to search for its evil doppelgängers impersonating their domain with look-alike/name-blending phishing domains, NormShield provides a free search engine; NormShield’s Phishing Domain Search at https://services.normshield.com/phishing-domain-search URL-based Total length of URL Typosquatted? Includes a legitimate brand name? # of subdomains in URL one of the commonly used TLD? Domain name or it’s IP adress in blacklists? # of days passed since the domain was registered? Is the registrant name hidden? Pagerank (Global, Country) Est. # of visits Avg. pageviews per visit # of references from Social Networks to the given domain Category of the domain Similar websitesAvg. visit duration Page Titles Meta Tags Hidden Text Text in the body Images etc. Featurestodetermine phishingdomains NormShield generates possible words from your domain name with specific algorithms and searches these generated names among all domain name databases. Our phishing- domain detection algorithm uses many features from checking whether the URL is typo-squatted or not, the date of registration, and page rank to its contents. Natural Language Processing (NLP) and machine learning (ML) techniques are used to detect phishing domains.
8NormShield Free Phishing Domain Search Use of this powerful tool are quite easy. Below is step-by-step guide for searching phishing domains that impersonate your company. 8 Step 1. Enter your company’s domain name, hit enter or click on the search button. Step 2. If you would like to receive notification when a new phishing domain is registered that may target your company, click on Free Register button to join NormShield Community and fill out the form (note that you can see the results by simply scrolling down without registration). NormShield only needs your corporate e-mail address and privileged IP address for IP Blacklist search (that will be shown automatically). Just tick the free services about which you want to receive notification and click on Register button.
9NormShield Free Phishing Domain Search (Cont'd) 9 Step 3. Check the domain statistics. It shows how many possible phishing domains are out there, your domain name (where you can click on Breach Search to check if any of your e-mail accounts are breached), and your IP address (where you can click on Blacklist Search to check the IP reputation of your company). Step 4. Browse possible phishing domains. The table of possible phishing domains provides valuable information. Besides the name of the phishing domain, it also gives the phishing score, a parameter which shows the probability of this domain is used for phishing purposes. The other information given includes dates of creation and expiration, contact e-mail, name and organization of registrant (all masked) and registrar name (also masked). You can sort by any of these fields and search in the table by using the Search box on the top right.
Let’s Get In Touch You can reach us to receive a free demo and discuss findings with one our experienced analysts. 10 8609 Westwood Center Dr., Ste. 110, Vienna, VA 22182 info@normshield.com  www.normshield.com +1 (571) 335-0222 NormShield, trusted security rating services,  provides Cyber Risk Scorecard for companies with many categories. NormShield Cyber Risk Scorecards provide the information necessary to protect business from cyber-attacks including phishing domains. The scorecards provide a letter grade and a drill down into the data for each risk category so that remediation of vulnerabilities can be prioritized.

Recommended

Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormShield
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 
Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing SchemeChristopher Duffy
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingMuhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED
 

Recommended

Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormShield
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 
Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing SchemeChristopher Duffy
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingMuhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing- Mark - Fullbright
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
What the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for CybersecurityWhat the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for CybersecurityWhoisXML API
 
Cyber security
Cyber securityCyber security
Cyber securityJoseMerda1
 
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
[IJET V2I5P15] Authors: V.Preethi, G.VelmayilIJET - International Journal of Engineering and Techniques
 
Phishing
PhishingPhishing
PhishingSyahida
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gchiewmingli
 
PhishingandPharming
PhishingandPharmingPhishingandPharming
PhishingandPharmingDawn Hicks
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesSarim Khawaja
 
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-ThreatsThe Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats- Mark - Fullbright
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internetijtsrd
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Phishing
PhishingPhishing
PhishingMaheshwar Singh
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Entersoft Security
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013EMC
 
Phishing
PhishingPhishing
Phishingshivli0769
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016Eli Marcus
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 

More Related Content

What's hot

Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
What the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for CybersecurityWhat the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for CybersecurityWhoisXML API
 
Cyber security
Cyber securityCyber security
Cyber securityJoseMerda1
 
Phishing
PhishingPhishing
PhishingSyahida
 
PhishingandPharming
PhishingandPharmingPhishingandPharming
PhishingandPharmingDawn Hicks
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesSarim Khawaja
 
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-ThreatsThe Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats- Mark - Fullbright
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internetijtsrd
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Entersoft Security
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013EMC
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016Eli Marcus
 

What's hot (20)

Phishing
PhishingPhishing
Phishing
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
What the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for CybersecurityWhat the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for Cybersecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
 
Phishing
PhishingPhishing
Phishing
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
PhishingandPharming
PhishingandPharmingPhishingandPharming
PhishingandPharming
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategies
 
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-ThreatsThe Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internet
 
Phishing
PhishingPhishing
Phishing
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Phishing
PhishingPhishing
Phishing
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013
 
Phishing
PhishingPhishing
Phishing
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016
 

Similar to Are There Any Domains Impersonating Your Company For Phishing?

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
3rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 20183rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 2018NormShield
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...WhoisXML API
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Phishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification AlgorithmsPhishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification AlgorithmsIRJET Journal
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfanjandavid
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfarri2009av
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyFirst Atlantic Commerce
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Using Return Path Data to Protect Your Brand: Security Breakout Session - NYC
Using Return Path Data to Protect Your Brand: Security Breakout Session - NYCUsing Return Path Data to Protect Your Brand: Security Breakout Session - NYC
Using Return Path Data to Protect Your Brand: Security Breakout Session - NYCReturn Path
 
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLaticiaGrissomzz
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...IOSR Journals
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
domain names management whitepaper
domain names management whitepaperdomain names management whitepaper
domain names management whitepaperVAYTON
 

Similar to Are There Any Domains Impersonating Your Company For Phishing? (20)

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
3rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 20183rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 2018
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Phishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification AlgorithmsPhishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification Algorithms
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdf
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Using Return Path Data to Protect Your Brand: Security Breakout Session - NYC
Using Return Path Data to Protect Your Brand: Security Breakout Session - NYCUsing Return Path Data to Protect Your Brand: Security Breakout Session - NYC
Using Return Path Data to Protect Your Brand: Security Breakout Session - NYC
 
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Cyber Attacks
Cyber AttacksCyber Attacks
Cyber Attacks
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
domain names management whitepaper
domain names management whitepaperdomain names management whitepaper
domain names management whitepaper
 

More from NormShield

HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUHOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUNormShield
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018NormShield
 
NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18NormShield
 
NormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management InfographicNormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management InfographicNormShield
 
Third-Party Risk in Regulations
Third-Party Risk in RegulationsThird-Party Risk in Regulations
Third-Party Risk in RegulationsNormShield
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsNormShield
 
NormShield Crypto Currency Report 2018
NormShield Crypto Currency Report 2018NormShield Crypto Currency Report 2018
NormShield Crypto Currency Report 2018NormShield
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 

More from NormShield (8)

HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUHOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018
 
NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18
 
NormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management InfographicNormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management Infographic
 
Third-Party Risk in Regulations
Third-Party Risk in RegulationsThird-Party Risk in Regulations
Third-Party Risk in Regulations
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
 
NormShield Crypto Currency Report 2018
NormShield Crypto Currency Report 2018NormShield Crypto Currency Report 2018
NormShield Crypto Currency Report 2018
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Are There Any Domains Impersonating Your Company For Phishing?

  • 1. Learn with NormShield's Free Phishing Domain Search & Monitoring Services Are there any domains impersonating your company for phishing?
  • 2. 1A Phishing Story Jack, a manager in a major company called example.com, receives an e-mail from his company to check out his updated salary for the next year.  He, expecting a raise, excitedly clicks the link in the e-mail. The link forwards him to the company’s employee login page and he enters his credentials (username and password) and suspects nothing.  However, Jack overlooks the domain name of the website where he enters his credentials, because it is very close to the real domain name of his company, that is example.com, but it was a phishing domain (the letter after “p” is not the letter “l” but it is a capital “i”). Now, hackers, who setup such a phishing domain, obtain Jack’s credentials to access the company’s system. Depending on Jack’s privileges in the system, they can do many malicious activities in seconds. 1
  • 3. 2Phishing Domains Phishing domains are exploited to target not only employees but also customers. Even though companies cannot be directly held responsible for customers deceived by phishing scams, it is a loss of reputation when a company does not take necessary measures.  Name-blending (look-alike) phishing domains often swap easily-confused letters (“u” and “v” or “t” and “f”) and/or put additional characters in the domain (ex-ample.com for example.com). These typo-squatting techniques are quite efficient for attackers. Today, phishing domains even have valid SSL or TLS certificates to lure their targets. 2 It is very difficult for a company to search the entire web and determine a phishing domain that may target its employees and customers, but there are certain tools that can be used for those purposes such as  NormShield’s  Free Phishing  Domain  Search.
  • 4. 3 According to a recent Rant survey of 100 UK-based senior IT security professionals, 48% of CISOs report that the biggest security incident in the last 12 months that resulted in unauthorized access to corporate applications was due to phished credentials. 3 Credentials stolen with phishing increase the breach risk 1 2 3 Almost 50% of CISOs report that the breaches was due to phished credentials Phished credentials caused breaches twice as many breaches than malware 48% Phished Credentials Number of breaches caused by phished credentials is more than breaches caused by malware and unpatched systems combined Phished Credentials (48%) Malware (22%) Unpatched Systems (19%) Other (11%) 48 22 19 11 x2 Malware
  • 5. 4 Recent research conducted by Venafi analyzed suspicious domains, targeting the top 20 retailers in 5 key markets – U.S., U.K., France, Germany, and Australia. The Venafi research provides interesting findings: 4 Number of phishing domains are on the rise 1 2 3 Finding 1 12,000 PHISHING DOMAINS for top 20 US retailers analyzed Finding 2 Finding 3 Number of certificates for phishing domains is double of authentic retailer domains For German top 20 retailers, the number of phishing domains is  four times more than original domains
  • 6. 5Use of phishing domains to cover tracks Name-blending phishing domains are exploited not only for phishing attacks to steal credentials but also for attackers to cover their tracks in malicious codes. Researchers from RiskIQ revealed that recent advanced attacks against British Airways and Newegg executed by MageCart hackers inserted malicious codes into target companies’ websites to steal customers’ payment information.  5 Attackers used only a 22-line script code to victimize 380,000 customers of British Airways where the code includes a phishing domain in line 16, namely baways[.]com to better cover their tracks. So anyone who inspects this piece of code may overlook the domain without noticing that it is a phishing domain. Attackers behind Magecart campaign used a similar approach when they targeted Newegg. In a smaller piece of code (15 lines only) injected to the website, attackers were able to stole payment information of Newegg's customers. The code included a phishing domain as neweggstats[.]com.
  • 7. 6Attackers evolve their techniques Phishing attacks in the past included malware inside e-mails usually as an attachment. But attackers have evolved their techniques to more malware- less phishing attacks that also use phishing domains.  6 FireEye found that 90% of e-mail attacks are actually malware-less (with 81% is phishing attacks) by analyzing over a half-a-billion e-mails sent in the first half of 2018.  Malware-less (90%) Malware (10%) 90 10 Impersonation  Whaling CEO Fraud Credential Harvesting W2 Scams Spear Phishing 65%GROWTH OF PHISHING ATTEMPTS  Same report released by FireEye also revealed that, in the last year, phishing attempts grew 65% and 30% during the 2017 holiday season alone.
  • 8. 7NormShield Free Phishing Domain Search & Monitoring 7 Digit count in the URL Domain-based Page-based Content For a company to search for its evil doppelgängers impersonating their domain with look-alike/name-blending phishing domains, NormShield provides a free search engine; NormShield’s Phishing Domain Search at https://services.normshield.com/phishing-domain-search URL-based Total length of URL Typosquatted? Includes a legitimate brand name? # of subdomains in URL one of the commonly used TLD? Domain name or it’s IP adress in blacklists? # of days passed since the domain was registered? Is the registrant name hidden? Pagerank (Global, Country) Est. # of visits Avg. pageviews per visit # of references from Social Networks to the given domain Category of the domain Similar websitesAvg. visit duration Page Titles Meta Tags Hidden Text Text in the body Images etc. Featurestodetermine phishingdomains NormShield generates possible words from your domain name with specific algorithms and searches these generated names among all domain name databases. Our phishing- domain detection algorithm uses many features from checking whether the URL is typo-squatted or not, the date of registration, and page rank to its contents. Natural Language Processing (NLP) and machine learning (ML) techniques are used to detect phishing domains.
  • 9. 8NormShield Free Phishing Domain Search Use of this powerful tool are quite easy. Below is step-by-step guide for searching phishing domains that impersonate your company. 8 Step 1. Enter your company’s domain name, hit enter or click on the search button. Step 2. If you would like to receive notification when a new phishing domain is registered that may target your company, click on Free Register button to join NormShield Community and fill out the form (note that you can see the results by simply scrolling down without registration). NormShield only needs your corporate e-mail address and privileged IP address for IP Blacklist search (that will be shown automatically). Just tick the free services about which you want to receive notification and click on Register button.
  • 10. 9NormShield Free Phishing Domain Search (Cont'd) 9 Step 3. Check the domain statistics. It shows how many possible phishing domains are out there, your domain name (where you can click on Breach Search to check if any of your e-mail accounts are breached), and your IP address (where you can click on Blacklist Search to check the IP reputation of your company). Step 4. Browse possible phishing domains. The table of possible phishing domains provides valuable information. Besides the name of the phishing domain, it also gives the phishing score, a parameter which shows the probability of this domain is used for phishing purposes. The other information given includes dates of creation and expiration, contact e-mail, name and organization of registrant (all masked) and registrar name (also masked). You can sort by any of these fields and search in the table by using the Search box on the top right.
  • 11. Let’s Get In Touch You can reach us to receive a free demo and discuss findings with one our experienced analysts. 10 8609 Westwood Center Dr., Ste. 110, Vienna, VA 22182 info@normshield.com  www.normshield.com +1 (571) 335-0222 NormShield, trusted security rating services,  provides Cyber Risk Scorecard for companies with many categories. NormShield Cyber Risk Scorecards provide the information necessary to protect business from cyber-attacks including phishing domains. The scorecards provide a letter grade and a drill down into the data for each risk category so that remediation of vulnerabilities can be prioritized.