By Sara Miller, NoCamels -
How do you quickly stop malicious actors from hijacking your website and recreating your online identity to steal from your users and clients?
This is an issue, commonly known as phishing, that plagues reputable companies as they struggle to swiftly locate and terminate websites that copy their branding, imaging and reputation in order to lure unsuspecting users into handing over sensitive information, including financial details.
And while there are existing measures to deal with such cyber attackers, Israeli anti-fraud firm Memcyco says it is the only company whose software can do so in real time.
There are several main ways to spoof (recreate an existing website for nefarious ends) online entities, explains Memcyco co-founder, CEO and chairman Israel Mazin.
Attackers can take and replicate a website’s coding to make it a mirror image of the original, or try to do the same by reproducing its layout – primarily by stealing images and design.
The only discernible difference is often the cloned website‘s URL. But even that can be simulated with a near identical address that has only a slight – and frequently undetected – difference such as a single letter or number.
Instead of memcyco.com, Mazin says as an example, the spoofers would create an identical website with the almost indistinguishable URL of memcyc0.com.
This leads unsuspecting users to believe that they are visiting the authentic website and they then trust the decoy with their sensitive data, which is primarily used for illicit gain.
The fake websites often link back to the original at some point in order to allay suspicions and create an impression of legitimacy, but the pages where user data is requested are solely on the spoof website.
According to global data and business intelligence platform Statista, 85 percent of organizations worldwide experienced one or more phishing attacks between 2021 and 2022.
Furthermore, US multinational tech corporation IBM says, the global average cost of a data breach in 2023 was $4.45 million, while organizations that use AI security to protect their data saved an average of $1.76 million.
Memcyco’s primary goal is to identify the fake websites and notify the targeted companies and individual victims, Mazin tells NoCamels. It does this with what he calls the company’s proprietary “real-time engine,” which is embedded into official websites and uses artificial intelligence and machine learning.
“What we do is detect, protect and act,” he says.
The company protects its clients through one of two means: Firstly, it can embed a few lines of code into a website’s front end, which then recognizes any attempts to access and steal its coding. Alternatively, it can be incorporated into an existing web application firewall (WAF) such as Cloudflare, which is used by the company to secure its online presence.
When an attempt to spoof a website is detected, the targeted organization and any of its users who are affected are alerted immediately by Memcyco. The algorithms also comb the internet to locate any more subtle phishing attempts.
Just a year after its launch, Mazin says, the software is already in use by scores of websites, including those belonging to financial organizations, retailers, charities and educational institutions. Websites that use the platform have a “forge-proof authenticity watermark,” to show that they are protected against hackers.
The real-time protection is just the foremost level of defense, Mazin explains, detecting cybercrime in 8 out of 10 instances.
In the unusual event that the Memcyco platform does not detect the spoofing attempt, it uses its AI threat protection measures to track the attackers down.
“We already have 30 million devices that we are tracking,” Mazin says.
Once the fake website has been logged by the Memcyco platform, it can block access from the spoof address to the original URL, denying it the veneer of legitimacy it needs to fool visitors to the site.
And if the spoof website actually manages to obtain a person’s credit card details, the platform can scramble the card numbers on the fake site so that it is impossible to use.
One way or another, he says, “we can find all of these scam sites.”
The Ramat Gan-based company was started by Mazin and his co-founders two years ago and spent a year developing the technology. Along the way, they received investment of $15 million and secured a number of partnerships with high-level companies, including in North America, Latin America and Europe.
And just this month, Memcyco partnered with Deloitte, one of the “big four” international accounting and professional services firms.
The startup’s name is derived from one of veteran entrepreneur Mazin’s previous companies, Memco. The new name, he explains, is a portmanteau of Memco cyber corporation.
So, you’re spoofing your old name?
“Exactly.”
