Executive Guardian
Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Case Study
Publishers Clearing House (PCH) is a leading omni-channel media company offering a broad range of products, digital entertainment, and services to consumers that power its famous free-to-play, chance-to-win prize promotions. Founded in 1953 by Harold and LuEsther Mertz, PCH’s famous Prize Patrol surprises screaming winners on their doorsteps with flowers, champagne, and their well-known oversized checks that change the lives of their winners. The company has awarded over $240 Million in prizes and has evolved to expand its offerings to include many ways to win online, through social media, and via mobile.
PCH made a significant investment in expanding their brand through gaming sites and free-to-play apps, so for them, establishing consumer trust in the mobile environment is a key business effort. But as with all leading brands, threat actors are eager to leverage the PCH brand for fraud and other nefarious purposes. That’s why PCH wanted a solution that goes beyond the capabilities of the security tools they already had in place to detect instances of rogue apps and domain infringement across the globe. PCH’s security team needed a better way to identify and manage external threats to ensure the apps customers download on their phones, and the sites they visit, are legitimate.
Managing digital assets across an enterprise is challenging, and PCH’s security team needed to find a better way to find out the magnitude of the problem facing their brand. RiskIQ ran a comprehensive discovery and found multiple instances of domain infringement and rogue apps as well as several assets the CISO thought were taken down months prior.
With RiskIQ, PCH can now monitor and fully manage their mobile presence across the world. RiskIQ Mobile Threats helps them detect unauthorized apps designed to divert users, distribute malware, and steal customer or company data. With a single click, PCH can remove unauthorized apps from all stores, globally.
With RiskIQ, PCH can discover their legitimate domain footprint as well as detect the unauthorized use of their brand within third-party registered domain names. With this data, their security team can continuously monitor their site content and behavior to prioritize infringements according to their brand impact.
At first, we weren’t aware of the scope of the underground market for rogue apps. Once we got started, we found that they could quickly erode that line of business for us. We had tools in place that we thought were sufficient but realized that there needed to be more robust effort. RiskIQ helped us identify and shut down all instances of rogue apps and domain infringement to ensure customers feel comfortable with our apps and sites and continue to do business with us.
Within the first month of using RiskIQ, PCH eradicated more than 40 rogue and blacklisted mobile apps and identified multiple instances of domain infringement and squatting. PCH can now fully protect themselves on the mobile front and have full visibility into all rogue events.
Check out the webinar we did with Sal Tripi, Mobile Threats: Is That Really Your App?
