Post
With the new ‘Previous Changes’ button, security teams can more easily track and identify spoofing pages before they are fully weaponized.
We released an enhancement to phishing alerts in our preemptive monitoring solution, DarkIQ, giving security teams full visibility into evolving phishing risks and brand impersonation attempts. With this update, analysts can now track changes between versions and identify spoofing sites before they are leveraged in full-scale attacks against your customers and people.
Key benefits
- Greater visibility into pre-weaponized sites
- Ability to go back and view previous versions
- Detect and score infrastructure changes (eg. MX record shifts) with a high probability of an imminent brand-impersonation or phishing attack
How it works
To provide full visibility into an evolving phishing threat, we’ve added a Previous Changes button to the top bar of every Phishing Action. Selecting this option takes Searchlighters to a dedicated versions page where they can access a detailed history of all past scans for that phishing domain, provided a change has occurred.
The page presents each historical scan in a collapsible format, where each row represents a previous version of the phishing record. By default, rows are collapsed and include a timestamp and a short summary of the key changes detected (e.g. “TLS Cert”). Users can then expand any version to view the complete, granular record, including the full set of metadata, DNS records, WHOIS details, and screenshots captured at that specific time. A Current Changes button is also available on the Versions page to allow for a quick return to the latest scan view.