Diamond Bank is a community bank with 14 branches and thousands of customers in the Southwest Arkansas region. The bank celebrated its 120th anniversary in 2024 and takes great pride in its longevity and connection to the community.
Spoof Website Takedown Efforts Prove Difficult
“You're just a little bit of rock in the ocean, you know?
We didn't have any pull at that time.”
Diamond Bank began hearing from their customers that they were receiving brand impersonation text and email messages with links to spoofed websites. Though uncommon, some of these instances were prominent and serious enough to warrant a takedown effort, but that proved more difficult than they expected. To execute a takedown, Diamond Bank had to send a takedown notice to Google or the domain registrar and hope their request would be found among the hundreds and thousands of requests these organizations receive. Kevin McKinnon, network engineer at Diamond Bank explained, “You’re just a little bit of rock in the ocean, you know? We didn’t have any pull at that time.” Takedown efforts, if successful at all, were very slow.
Federal Regulators Ask:
How Will the Bank Respond to a Brand Impersonation Attack?
The fact that their customers were becoming targets of brand impersonation attacks also posed a troubling implication. The security team at Diamond Bank was only aware of these attacks because bank customers voluntarily reported them.
How many spoofed sites go unreported? It was a question they had no means of answering.
Around the same time, Diamond Bank received a questionnaire from a federal regulator asking how the bank would respond to a brand impersonation attack. Though online brand protection services are not a requirement, the regulators wanted banks to be aware and thinking about their response.
These factors pushed Diamond Bank to seek online brand protection services to combat the threat and safeguard their customers.
“If you know something is happening and you don't have a way to turn it off or to combat it, it's bad for your brand… You just feel kind of helpless. And we definitely didn't want to experience that.”
No Substitute for True Brand Protection
Diamond Bank has a robust IT network team responsible for security. They have found that without online brand protection services, stopping these phishing attacks or even understanding their scope would be very difficult.
“I’m not going to say everybody’s just a number, but you could tell when you go into a huge store versus a small hometown store — kind of like our story as a bank.”
Kevin McKinnon,
Network Engineer
For one, brand impersonation attacks occur outside Diamond Bank’s digital footprint. The fraudster can extract login credentials or personal information without interacting with corporate network security. The authentication system of Diamond Bank’s online banking services records failed login attempts. Still, it would be difficult to pinpoint which failed attempts are user errors and which are fraudsters attempting an account takeover. Worse, if a phishing attack were successful, the fraudster would bypass these security systems altogether.
The only way to identify the spoofs out in the broader internet and respond to them quickly enough was through the online brand protection services of providers like Allure Security. Diamond Bank evaluated several vendors and solutions but chose Allure Security, because it offered a more attentive service package. McKinnon described his experience with other vendors by saying, “I’m not going to say everybody’s just a number, but you could just tell when you go into a huge store versus a small hometown store — kind of like our story as a bank.” Allure Security, by comparison, offered a partnership and personalized touch.
Results
For Diamond Bank, brand reputation is everything. They compete with the big national bank brands by forming strong connections within the local community. The bank has been in operation for 120 years, and it has sustained that longevity through their customer experience. Brand impersonation attacks pose a direct threat to the health of the bank.
Since deploying Allure Security online brand protection services, the team has executed 28 takedown campaigns of malicious actors hosting web, mobile, or social spoofs of Diamond Bank’s brand. Whether a copied app on the app store, a fake website, or a mass text message campaign, Allure Security was able to spot and respond to the threat. Our determined team of takedown specialists proved much faster at removing content than the original, manual takedown process.
“Most every website [spoof] was taken down in less than a day.”
The partnership with Allure Security also heightened security awareness across the organization. Data and instances of brand impersonation are shared and discussed in monthly meetings among the IT committee as well as the board of directors. This helps the organization respond quickly to a shifting threat landscape.
Diamond Bank has gained a true understanding of the threat facing them. And with the support of Allure Security, they are now in a position to do something about it.
Related Articles
-
Credit Union Supercharges Takedown CampaignsDo-It-Yourself Takedown Struggles A credit union based in the southern United States supports...
-
SharkBot Trojan Embedded in Mobile Banking ApplicationDuring a recent partner mobile malware scan, Allure Security identified a rogue mobile...
-
How to Remove Spoof Mobile ApplicationsTo remove rogue mobile applications (an unauthorized version of your mobile app) from...
-
Zelle Scams: How to Protect Your Customers and BrandsSince its launch, the peer-to-peer payment app Zelle has gained immense popularity. In...
-
Credit Union Reduces Security Threat from ZelleIntegrating Zelle without Putting Members at Risk Financial institutions must contend with a...
-
Damn Filters Recovers from Search Engine PoisoningPoisoned Search Engine Results Damn Filters, a leading company in Kansas, sells online...