SOLUTION BRIEF

Stopping the Next Generation of Phishing Attacks

Account Security from Arkose Labs

The Evolution of Real-time Attack Orchestration

As security defenses have evolved, more advanced phishing scenarios have emerged. Attackers are moving away from the collection of static credentials, to the use of dynamic bots designed to break into accounts in real time and even defeat multi-factor authentication (MFA). In these scenarios, they will prompt users for an MFA code when they login to a fake site, and use automation to pass on all the credentials and the MFA token while it is still valid.

The downstream monetization of these hacked accounts varies significantly depending on the industry. Banking and fintech accounts are particularly high targets, due to the potential to access funds, and are often the first target for these more advanced phishing attempts. However, attackers have honed in on monetizing hacked accounts in all industries; for example, even online gaming accounts can be resold for thousands of dollars.

The Evolution of Real-time Attack Orchestration

Arkose Labs Against Automated Phishing Attacks

The Arkose Fraud Deterrence Platform provides multi-layered defense against advanced, persistent attacks on user accounts. It is backed by a commercial guarantee on the efficacy of the solution, with a promise to defeat the automated login attacks that advanced phishing relies on.

Sophisticated Anti-Bot Defense at Login

Arkose Labs has extensive protections against advanced bots, thwarting the automated scripts that use phished credentials in real time. Sophisticated risk decisioning detects anomalous activity using real-time signals and historical attack pattern calibration. High risk activity is presented with interactive, anti-automation challenges that are designed against the latest machine learning techniques.

Dynamic Arkose Labs Token

Integrating Arkose Labs into the login touchpoint thwarts automated phishing by embedding a token in the legitimate web application or SDK. Each request dynamically verifies that the token has passed from the client to the server, causing sessions originating from a phishing website to fail.

Detecting Phishing Sites

By requiring that all logins have a valid Arkose Labs session token, attackers are forced to integrate Arkose Labs into their phished landing pages in order to generate a session token. However, Arkose Labs is designed to detect any traffic originating from non-legitimate sites, providing businesses with visibility into traffic from non-primary domains.

Demonstrated Results

Blackhawk Networks Foils Gift Card Fraud

Blackhawk Networks Foils Gift Card Fraud

One of the world’s most prominent gift and prepaid card platforms was targeted by fraudsters seeking to access customer accounts.

Attack Impact

  • Users were tricked into entering financial and personal details on fake phishing sites
  • Loss of revenue to the company as well as damage to the customer experience

Arkose Labs Result

  • Arkose detected and blocked fake sites before credentials could be passed through
  • Good user experience vastly improved by installing Arkose on authentication endpoints
Popular Fintech Protects Users From Phishing

Popular Fintech Protects Users From Phishing

A fast-growing fintech operator was targeted by phishing attacks on its user base, with attacks increasing on a daily basis.

Attack Impact

  • Users locked out of accounts and unable to make transactions when desired
  • Significant lost revenue for the company due to compensating affected users

Arkose Labs Result

  • Arkose Labs deployed on login flow and monitored phishing attempts
  • Almost immediate reduction in user accounts targeted by phishing attacks
Insurer Keeps Fraudsters Out of Claims

Insurer Keeps Fraudsters Out of Claims

Targeted phishing attacks were carried out against customers by attackers pretending to be the client.

Attack Impact

  • Fraudsters used stolen credentials to submit false claims
  • Users experience significantly disrupted, which harmed brand reputation

Arkose Labs Result

  • Nearly all phishing attacks stopped after Arkose Labs was implemented
  • No negative effect on user experience and significant uptick in customer retention

Book a Meeting

Meet with a fraud and account security expert

Request a customized demo to learn more.