Permutation strategies

5 min

flare applies over a dozen fuzzy match algorithms to identify potential impersonators to maintain high fidelity and reduce "noise," we generally focus on single strategy permutations, with specific high risk exceptions (such as combining a typo with a tld swap) true 220,220,221 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type short domain logic for domains of 3 characters or less (e g , abc com ), flare excludes certain strategies; insertion, omission, replacement, transposition, plural, addition, bitsquatting or vowel swaps this prevents the system from flagging thousands of legitimate, unrelated three letter businesses high risk dictionary terms one of the most common tactics in phishing is the use of keywords appended to a brand name to create a sense of legitimacy or urgency flare’s dictionary strategy specifically monitors for these additions instead of looking for random character strings, our engine matches your domain against a curated list of high risk prefixes and suffixes this helps identify "social engineering" domains designed to trick employees or customers into performing specific actions to maintain the highest detection accuracy, the dictionary list is updated periodically based on emerging threat trends observed across our global telemetry the following terms are monitored rh , hr , profile , login , account , portal , payments , admin , pages , corp formatting variations our dictionary engine is designed to catch multiple variations of how these words are attached to your identifier suffixes example login com or examplelogin com prefixes login example com or loginexample com if you would like a term to be added to the list please reach out to flare’s support team subdomain swapping & platform impersonation in addition to traditional domain registrations, attackers frequently leverage legitimate "software as a service" (saas) and hosting platforms to host phishing pages this is known as subdomain swapping because these platforms often provide free ssl certificates and carry a high reputation, malicious subdomains can easily bypass basic email filters and look legitimate to the untrained eye currently we only support cloudflare pages, pages dev , which are popular hosting sites for phishing pages we do this for the following permutation types; dictionary, addition, bitsquatting, insertion, omission, pleural, repetition, replacement, transposition, vowel swap certstream only strategies some strategies are possible to use with certstream only, since they would be prohibitively expensive to generate and check against dnstwist since we get incoming certificates, we can employ these strategies to compare with the incoming domain and produce additional matches true 220,220,221left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type