Impermium has teamed with TeleSign to bring best-of-class telephone-based validation to the site integrity process. With TeleSign, suspicious customers are routed through a simple, user-friendly verification process, ensuring legitimate users move through while fraudsters and criminals stay out. In conjunction with the Impermium real-time threat detection capabilities and global threat network, site owners can control how tightly to lock down their site, balancing a great experience for trustworthy users with an impenetrable one for the bad guys. The combined solution allows administrators to rest assured that transactions such as registration, commenting, and login are safe and secure, with a minimum of inconvenience to users and the business.
2. ABOUT US: TeleSign is the global
leader in Intelligent Authentication
Forrest Hobbs providing actionable data to
Vice President secure online transactions, reduce
TeleSign fraud, and improve the end-user
experience.
WHAT WE DO
‣ Two-Factor Authentication
‣ Phone-based Verification
(SMS/ Voice)
‣ Intelligent Data (Phone type,
Device status, etc.
3. ABOUT US: Impermium provides
robust security for web sites and
social networks, leveraging user
reputation to defend against social
spam, account compromise,
transaction fraud, and abuse.
WHAT WE DO
‣ Real-time threat analysis
‣ Behavioral anomaly detection
Mark Risher
‣ Social user reputation
CEO
‣ Malicious content protection
Impermium
4. Dear Sir or Madam:
I bid you to happiness to yourself
and to your own family in this day.
It is my ESTEEMED PLEASURE to be
presenting to you the sum total of
$1.000,40,000 UNITED STATES DOLLARS
(USD) from His Royal High Holiness,
the Esteemed Minister of Treasury
for the Oil Ministry of our country…
5. Social Media has Eclipsed Email
(for good users and bad)
Social media
email
2005 2006 2007 2008 2009 2010 2011
5
6. Agenda
Anatomy of the Attacks
Risks and Impact
Three-Step Approach to Mitigation
6
7. Wherever the Eyeballs Are
Blog posts Message board posts
Chat Messages Direct Messages
Reviews & listings Comments
URL & link submissions
Discussion forum threads
Fraudulent user signups
7
19. Block Bogus Accounts
Accept Account Creation
Registration Analysis
Capture phone Phone Type Phone Verify
number Device/Subs Status Ensure phone
Telephone Verification Flag
Past behavior number is valid &
reachable
Reject
Deny
Registration
20. Importance of Phone Type
Certain phone types are more likely to be associated with online
fraud and considered higher risk.
21. How Verification Works
TeleSign Verify is a quick and simple way to prevent online fraud
and social spam by identifying legitimate users using their phone
User enters phone User receives User logs in by
number on verification code entering the
website and clicks on cell phone or verification code
“submit” landline onto the website
24. Stop Spam & Malicious Content
Use these in conjunction to keep your house clean:
Activity Phone Signals
‣ Bullying, insults ‣ High-risk phone type
and threats ‣ Name/address tied to
‣ Suspicious signups account
‣ Repeat offenders ‣ Device or subscriber
‣ Malicious content status
‣ Signs of account ‣ Phone risk score
compromise
Allow
Flag Phone Verify User
Deny
25. Stop Spam & Malicious Content
10,000 Comments
Impermium Human Moderation
Time to process 19 seconds 2-3 days
Accuracy 99.5% 95%
False Positives 4 79
26. Prevent Account Hijacking
Protect legitimate account owners from account takeover with
two-factor authentication in the following scenarios:
Key changes to account information
Unrecognized device or IP address
Unusual activity
27. Prevent Account Hijacking
Accept Change
Risk-Based Phone Verify
Authentication Use 2FA to ensure
Two-factor auth.
Telephone Verification that account
Account changes changes are
Password resets legitimate
Reject Change
28. Special Webinar Offers
SPECIAL REPORT SPECIAL OFFER:
Complete our post-webinar survey Sign up by 12/31/12 and get 50%
and we’ll send you a copy of our off your first THREE MONTHS of
report. service.*
TAKE 50% OFF
your first 3 months of services
* Limitations apply.
Hello, I’m Forrest Hobbs and I’m the VP of Sales here at TeleSign. Let me start by telling you a little about what we do at TeleSignWhat We DO- Prevent social spam- prevent bulk registration
Hello, I’m Forrest Hobbs and I’m the VP of Sales here at TeleSign. Let me start by telling you a little about what we do at TeleSignWhat We DO- Prevent social spam- prevent bulk registration
As with malware and links, account hacking and account compromise continue to rise.While some public incidents have been limited to pranks, a few more recent one have led to true “reputation hijacking,” where malicious and dangerous acts have been conducted under the guise of someone else.
Not even the best prices; the Whitepaper has some better bargains ;)
Lost Advertising RevenueUnmonetized ImpressionsAdvertiser/Exchange PolicyPageRank and SEOGoogle Panda & PenguinRelevanceGuilt by AssociationManual Review CostsEfficiencyAccuracyConsistencyUnreliable Site Metrics
Closing the front door means the measures you can take to prevent spammers from creating bogus accounts that they use as a platform for proliferating spam. We recommend that all social media sites require a phone number at registration. Even if you don’t phone verify every new registrant, you will have their phone number on record if you want to phone verify later in the game. We will talk more about this in the Close the Door section coming up.[CONFIRM WITH MARK]: In parallel, Impermium uses a combination of past behavior of the user, content patterns within the user's output, and similarity to malicious events across other networks to determine whether to allow, flag or deny new registrants.
TeleSign Verify offers a more reliable way to authenticate new accounts and prevent account compromise.The SolutionUser provides the phone number at account registrationWe send a one-time passcode to that phoneUser enters that passcode into the website to activate the accountWhat does this accomplish?Verfies that the number provided is validVerifies that the user is in possession of that phone
TeleSign Verify offers a more reliable way to authenticate new accounts and prevent account compromise.The SolutionUser provides the phone number at account registrationWe send a one-time passcode to that phoneUser enters that passcode into the website to activate the accountWhat does this accomplish?Verfies that the number provided is validVerifies that the user is in possession of that phone
Behavioral anomaly detectionAbuse policy enforcementBusiness logic violationsContinuous user reputationBegins at signupAdjusted with every subsequent actEarned reputation is no guaranteeContent analysisFlagrant indicators do existContext mattersBad guys move in herdshttp://wickedfire.com & http://blackhatworld.comBrazenly reselling their toolsNot just English-language
Key changes to account information: Changes to passwords, payment info and email addressesIf users are posting to larger forums, have a high velocity of posts within a short timeframe or have been flagged as suspicious.
Closing the front door means the measures you can take to prevent spammers from creating bogus accounts that they use as a platform for proliferating spam. We recommend that all social media sites require a phone number at registration. Even if you don’t phone verify every new registrant, you will have their phone number on record if you want to phone verify later in the game. We will talk more about this in the Close the Door section coming up.[CONFIRM WITH MARK]: In parallel, Impermium uses a combination of past behavior of the user, content patterns within the user's output, and similarity to malicious events across other networks to determine whether to allow, flag or deny new registrants.
Hello, I’m Forrest Hobbs and I’m the VP of Sales here at TeleSign. Let me start by telling you a little about what we do at TeleSignWhat We DO- Prevent social spam- prevent bulk registration