Impersonation Is Out of Control. How Doppel Finds It Before You Even Know It’s Happening

give us that one telephone number, we can find out, hey, is there actually a LinkedIn account?

Is there actually a persona out there that's tied to that phone number?

And then very quickly flesh out that entire map of infrastructure.

So when we think about the attack surface today, we have to also think about what we call these social channels, right?

these emerging threats where folks are not just impersonating you via network infrastructure and domain infrastructure, but they may be impersonating you via telephone.

You know, all this craze around scattered spiders, shiny hunters, and how they're targeting the help desk.

>> Wow, that's crazy.

>> We're not just worried about them impersonating us to target consumers.

We're not just worried about them impersonating us to, you know, maybe target our executive team, but we're actually seeing more and more, you know, fake personas enter our job hiring pipeline.

And it's incredible to see kind of the connection between that and, you know, a lot of the job scams that we see.

We really got to hit the threat actor at their core and do things a little differently than how people have done it in the past. So, from a technology perspective, I'd say there's really three key things that we think about.

>> [music] [music] >> Welcome, Kevin, to Vigilance, my podcast.

So glad to have you here today.

>> Thank you so much for having me today, Pam.

>> Yeah. So, we're here to talk about Oh, I love this topic. Brand impersonation.

It's not just brand impersonation, it's executive impersonation.

There's a lot of different elements here.

There's a lot to talk about. Um, but before we jump in, I'll just uh hand it to you for an introduction.

>> No, absolutely. Um, well, thank you for having me here today, Pam. Uh, for for those who don't know, my name is Kevin, co-founder, CEO of Doppel. Um, we we are what we call the social engineering defense platform.

And exactly as Pam said, super excited to chat today about all things brand impersonation, VIP impersonation, and ultimately social engineering your customers, your employees, and your executive team.

much more comprehensive than what I said.

I I just went right into the impersonation piece, but thank you for clarifying.

You know what's so stunning?

I've been working with you for a while and just a very short period of time, you now have hundreds of customers, big brand name customers.

Like that's very rare. So, what's what's the secret sauce?

[laughter] >> Yeah. No, I mean it's >> yeah, you know, it's it's certainly an absolute blessing for us as a company, right, to be so young. Uh I mean, we started the company uh just for everyone's knowledge, we started the company actually in 2022 and you know, back then it was just me and Rahul in in the basement of Bernal Heights um working on software, right?

And and that's really where our background was was that Rahul and I um were software engineers at Uber who, you know, just absolutely loved building in the AI space.

um the secret sauce. I mean, it's not so secret, right? It's it's just really obsession with working with our customers and ultimately hearing their pain points, figuring out where the big problems are to solve and um you know, being really fast to respond.

I think that's something that, you know, we we pride ourselves on a lot at Doppel.

And then, you know, there there's a lot of inner details to how to make all of that happen, right?

And how to build the team to really execute on that at scale.

Um, so I'd say no secret sauce, just a lot of, you know, hard work every single day.

Pam, >> well, yes, definitely execution.

I mean, of course, is is a big part of it, but there's you've built a platform that goes with that execution that's that's novel, right?

Uh, I haven't seen it anywhere else.

So, maybe maybe give us a glimpse into that platform.

>> Yeah. So, let's so let's chat a little bit more about the platform and technology, right?

I think um you know something that we've always had the advantage of the advantage of coming into this space is just uh you know come coming in with a fresh lens how do we take you know how do we think about the space in a different way right and from a technology and from a platform perspective you know our mission at doppel is to solve for the root of whatever problem we go after right and in particular you know our view is that the root of the problem that we're trying to solve in the brand impersonation space the VIP the impersonation space uh this whole you know social engineering space is that we've really got to hit the thread actor at their core um and do things a little differently than how people have done it in the past. So from a technology perspective I'd say there's really three key things that we think about that you know maybe is a little different than how people have approach the space before.

Um, one is how do we really link together the big picture of what we're going up against, right? How do we build that threat graph across all the different sorts of impersonations are going that are going on and identify things that no other vendor in the world can identify?

Um, and then from there, how do we disrupt it really at its core, right?

Instead of playing whack-a-ole with every single, you know, impersonation instant, right? How do we really disrupt the threat actor infrastructure at the core?

So, that's, you know, to me that's number two.

And then number three is how do we take all this data right and and do more automation at scale especially with certain AI models that didn't exist let's say two three years ago or even 61 12 months ago. Um and so I'd say the combination of those three you know key technical pieces is been a big advantage for us and how we've grown so quickly.

Yeah, I know. What I like to say to my CISOs is give Doppel one tiny thread.

Just one tiny thread and they like a phone number.

It could just be like a phone number and that's it.

>> And they can pull in that thread and put an attack graph which you just mentioned together that will blow your mind.

And it it's that uh I guess the fact that you have that it's not siloed, right?

you have a single platform that will do everything >> and so you know maybe you can give us a no names of course but like a customer example of of how you do that or what when you've done that because I've watched you personally do that and it's staggering it's so fun.

>> Yeah. No. Well, I I'd say one great example that we always like to share um just because we've seen it hit so many customers recently uh give us that one telephone number.

we we can find out, hey, is there actually a LinkedIn account?

Is there actually a persona out there that's tied to that phone number?

From there, we could then tie it to any other additional, you know, social media accounts or telephone numbers or encrypted chats like WhatsApp, Telegram, etc. that are tied to that one indicator and then very quickly flesh out that entire map of infrastructure.

So, with the specific customer I'm thinking of, they did give us that one phone number.

We found we actually found that it was tied to a LinkedIn account um that was pretending to be part of their offshore team.

uh interestingly enough so it was someone who was targeting their folks in India um you know whether it's a support center whether it's a help desk whether it's your security operations right a lot of different offshore operations for a lot of our u big enterprise customers and from that LinkedIn account we saw additional LinkedIn accounts that were connected as friends and social connections right uh we saw their telephone numbers their email addresses and we we were even able to correlate one of those email addresses back to um their corporate inboxes.

Like someone had actually taken uh the email address that was tied to one of these LinkedIn accounts and um there records of those emails hitting uh their corporate inboxes.

So that's a great example, Pam, of like you said, giving us one one one thread to pull on and and you know, unraveling that whole infrastructure as a result.

>> Wow, that's crazy. Actual email address.

H >> yeah I mean it was actually something that happened very recently um in one of the recent like deep dives we did >> right and we don't always think of I I think you refer to it as telco but telephone numbers obviously you do a you know every channel but so talk about you know when we think about the tools that have kind of failed us in this space to be honest maybe because they're more siloed um >> right >> uh talk about the traditional channels versus the emerg emerging channels because I think that's what makes this even more interesting. Of course, you cover traditional very well because it's a single platform, right?

>> But you know then there's this emerging and and that's just you know >> with AI that's become even more interesting.

>> Absolutely. I mean I think you take a look at the traditional tools right and let's say even just traditional thread intelligence a lot of that operates at the network layer. So of course we got to be great at you know domain monitoring type of squatted uh attacks um domain intelligence things like that and a lot of the traditional tools will enable you to pivot off that where you know maybe you have a domain that find the IP address you can then find all the other associated domains to that IP address um and you know maybe email addresses URLs etc. Um but when we think about the attack surface today, we have to also think about what we we call these social channels, right?

These emerging threats where folks are not just impersonating you via network infrastructure and domain infrastructure um but they may be impersonating you via telephone, right?

And we we've seen a lot of that in um you know all this craze around scattered spiders, shiny hunters and how they're targeting the help desk.

Um also we see it targeting the consumer side right from Southeast Asia.

A lot of these threat actors are uh you know pretending to be part of the banks, pretending to be part of the crypto exchanges and targeting everyday regular consumers um and ultimately impersonating these brands.

So the reason why this is so critical is that we have to change our approach is what that means from a detection and takeown response perspective.

And at Doppel, how we think about it is that of course we got to cover the traditional areas like you said, Pam. Um, but we have to cover these emerging areas. We have to be able to link the threats and that uh the attack graph across all these different channels.

And then we also have to be really really effective on the disruption side and takeown side.

>> Right. It's interesting because takedown I I'm just >> there's a lot of companies doing takedowns, right?

It's also become a little bit commodity.

>> Yeah. But it's the time it it takes to do the take down and the effort required.

And so maybe you can talk a little bit about, you know, average takeown time or the fact that you h how does because you it's not just a platform but a sock team at Doppel.

How how do you always go about doing that for the customer? Because right now, you know, if you talk to any large enterprise, they're like, "Oh, well, you know, marketing is involved, legal, physical security is involved, the sock team is involved, they've siloed it, and then >> you know, totally." And then they've and then the tools are siloed. So I of course adversary is getting in because nothing's nobody's connecting the dots.

So you your platform which is collapses the silos >> and then your sock team which literally takes it off of all those four functions plate.

That's my understanding but yeah so tell me a little bit about how how how that works. Yeah, I mean I think it's I think it's super interesting, right, when you could take a look at a space that, you know, like you said, maybe historically has been commoditized um and then really solve the problem in a different way in a holistic way that can go crossf functional and really have a big business impact. Like I think for example, you know, you take a look at what crowds done in the anti virus space, right?

that you know also arguably you know historically has been commoditized to a degree but then how you know how different players recently have been able to build a platform on top of that um you know transforming into this you know now EDR world right and and make it uh much more comprehensive of a solution so um in a similar vein that's our approach to the whole take down space yes historically it's been commoditized but what really is a premium solution space is the ability to you know do exactly the things you described Pam.

One consolidate a lot of these efforts across these different channels across these different teams and um you know basically really build the big picture right of what we're what we're taking down and playing less whack-a-ole.

Um, two is just the efficacy, right?

Like you said, you you got to be able to do it significantly faster than everyone else and um and have much higher success rates.

And a lot of times we talk to customers where they they're like, there's no way anyone could take this down.

We've been trying for months if not years and then suddenly Doppel comes in and it comes down in order of minutes or hours.

So, um, that's always a huge aha moment.

And then lastly, I'd say, oh, go for it. Well, I was gonna say, >> why does it why does it come down in minutes or hours when they've been at it for months?

That's like the right there.

>> Exactly. So, I I think it's um I think it's really three things and this actually ties to what you know was going to be my last point. One is we do just cover different channels and platforms that other platforms don't. So like for example, I know one of the most common ones Pam you and I talk about is are are channels like X formerly known as Twitter, right?

Or or maybe it's Telegram or maybe it's WhatsApp, right?

Where hey, no one in the world has been able to crack this particular problem.

>> We've put in the work to, you know, either build the relationships with those platforms or experiment with different takedown methods on those platforms and that's been a huge piece of why we've been able been more effective.

Um, second, I'd say it it comes down to that whole threat graph, right?

Like that ability to then go tell a provider, hey, this is not just a impersonation attempt here, but this is actually connected to a wider social engineering campaign that's on, you know, maybe it's on Facebook ads, maybe it's on uh a YouTube deep fake, maybe there's also a connected LinkedIn account to it. And so when we're able to present all that evidence that hey look this is not just you know a one-time thing but this is really part of a broader campaign that definitely catches platforms attention right because now it's like okay we have the ability now to not just shut down this particular account but doppel's given us intel around how a threat actor is leveraging all of our platforms and uh leveraging all these different areas. So um I'd say those are you know again maybe not so secret sauce but those are the key things that's enabled us to do things differently.

>> So the the fact that you bring more evidence to the table because you can create that threat graph because you it sounds like you're just not looking at an X profile in isolation.

>> You're looking you go which is what what our you know what our our large enterprises are doing.

They're like, "Oh, that X, that profile should not be up because that's not our CEO.

" >> Um, right.

>> And and and they that's it.

That that's the whole that's the start and the end of the conversation.

[laughter] >> You're saying, "No, no, no.

What sits behind that profile is all of this stuff I've found, >> right?

>> Enough evidence to the table, they take it down quickly or in some cases, they take, you know, they they don't take it down at all if it's just an isolation, right?

If it's just >> Yeah.

I I see this all the time.

You just have to have more evidence and the only way to have more evidence is to have all the layers that sit >> exactly >> that sit behind it. Yeah. So, let's talk for a second about because it, you know, there's so much here um about executive protection because uh you know, tragically this is a hot topic, right?

>> Yeah. And uh so everybody's talking about it and you know there's the you know the white glove services where you go into the home and and do something >> um and that's good but this is really for the sock team to understand right am I correct in that?

>> Yeah.

>> Yeah that's correct. Yeah.

>> Yeah. Well, the soft team needs to understand um what sort of threats are coming in for leadership, board members, CEOs, anybody at at a at an a senior level in the in the company.

So, that's shifting a bit, but h how do you go about that and how is that different than what we've been talking about?

>> I mean, exactly what you described, Pam, right?

like executive protection is such a broad category and you know there are those services that are you know kind of more personal concier services right pentest the home Wi-Fi network monitoring you know private lives you know a lot of what do able to provide in this area is that we are able to work with the corporate teams sock teams to give them as much visibility and as much take down response capabilities as possible without being you know necessarily invasive right to to these executive personal lives. So I think a lot of the pull there of course like you said with recent events uh recent tragic events there's a lot of pull in terms of hey what can we do to better protect our VIPs and Doppel fills a great solution there for teams where um we can be immediately deployed um we can immediately solve for problems with that same platform approach that you and I were just discussing on the brand protection side um and make sure that no one's caught sleeping right in a sense like no one's or no one's um caught blind, right, in terms of where these attacks are going to emerge and um you know and how they're going to impact their their different executives and VIP members.

>> Yeah. Because this isn't you can't be reactive.

You have to be proactive in it.

>> I I think you want to be in in security anyway as much as you can, >> right?

>> Tend to be reactive because we just don't have a choice. But in this category, I think it's really critical to be proactive.

um you can't just be reactive and what's unique here I feel is the detection >> right ability to detect you know even on the brand impersonation side you're able to detect before usually before the enterprise ever knows right so it's not just oh gosh we know about this problem can you go take it down it's like I didn't even know that was happening so getting in front of it and I think in the executive perception space that's super important to be able to get in front of an alert and I guess it's not just sock I I'll correct myself and say you know it's physical security times although there's a convergence there >> there is there is I mean we're seeing the big you know convergence movement uh and you know fusion centers right between cyber physical for sure >> yeah so you know what is that you know I don't know if you have an example that you can give but what's that like to you know detect threats for exe and and have to deliver that and do you deliver it you know this is my maybe getting but do you deliver it to the executive who do you deliver it to in the enterprise >> that's a great question so um well the quick answer to that on the delivery side is however our customer wants it set up right like we actually do have the ability for example to make it more self-s served and and so those that reporting and you know those results go directly to the executive maybe their you know exec assistant right um and their personal team. We also have the ability to you know provide certain results straight to you know the admin team right which in this case maybe sock maybe physical security just in general a corporate security team. Um I think you know a concrete uh customer example u and I I want to make sure to keep this anonymous uh as much as possible.

Um but Pam you you you had a great example around like the fake ex impersonator.

Um, we've seen some interesting things on, you know, platforms like Blue Sky, interestingly enough.

And in and in this particular example, this was one where exactly as you described, we want to be proactive.

We want to help find stuff before um, you know, people even realize how big of an issue it could be.

Um, but this Blue Sky impersonator actually was saying some political things.

um saying some things, you know, on a platform that's historically, you know, had some political, you know, leaning and some political inclination and and so this impersonator that was on Blue Sky was basically starting to generate this profile over time and all this content over time of this executive saying all these things um on the political uh side.

So, um, it was one where, you know, the team maybe wasn't aware of before Doppel brought it to their attention from a detection standpoint.

Um, it was one where it immediately became priority once Doppel brought it to their intention. And, uh, especially because this business does do a lot of work, uh, on the federal side.

Uh, and and so, um, that's just a great example of why that extra visibility is so critical.

Um, and then not just and then what's great about Doppel as always is that we're not just here to give you visibility, but we will help you remediate as well.

>> Yeah. Right. Right. But that that heads up has got to be absolutely critical.

And then do you see some of this like you um you know the encrypted channels like Telegram and WhatsApp.

>> Yeah. And how do you deal with that because you can't have visibility inside >> channels?

Yeah. Yeah, I mean WhatsApp, Telegram always very very challenging.

Um because exactly what you said, they're private channels, they're encrypted.

Um there's not necessarily public APIs, right? Or even private APIs that enable you to search across all these different channels.

The way we approach it is that we look for uh we look for where those threats will be linked. We'll look we'll look for where these threats will be distributed.

And so what I mean by that for example is um one of the most common areas that we find WhatsApp chats is through uh Facebook and Instagram paid ads um or Facebook and Instagram groups or Facebook and Instagram profiles uh depending on the nature of the attack right so I I'll say for example the groups and ads are probably more common when it comes to brand impersonation and you know doing certain fraud attacks or um you know consumer scam attacks Um, but then we'll see the specific profiles be the bigger attack factor for things like executive protection where they've set up a whole persona.

They've, you know, copied the name, image, likeness, the NIL, and um, and that profile is linked to a WhatsApp account as well.

Um and so that's the key in how we find stuff is let's go find how they will distribute you know these sorts of attacks and and and that's really the advantage of having this multi-channel threat graph platform is that okay maybe we couldn't find it through telegram or maybe we couldn't find it through WhatsApp but we were able to pull the thread from a Facebook account instead or a LinkedIn account instead and that's how we found uh the impersonator >> and you see everything then connected to you see all the connections to the encrypted channel.

>> Exactly.

>> Build that attack rack out.

Super interesting.

>> Yeah, I know. I saw uh a summary um obviously no names here, but um uh with one of my financials and their CEO, and it was Yeah, it was a long list.

>> Let's just leave it at that.

>> Yeah.

So, >> I don't know if you can answer this, but I'll challenge you and say where where do you think the adversary is going next?

like you know you've got all these channels which is so covered on a single platform so you're able to connect the dots and then you've got your sock team working behind it >> right >> you are you anticipating is there areas that you anticipate is coming next >> well I think you and I have chatted a little bit about this Pam um but this insider threat problem is something that's top of mind for everyone I talked to right where uh we're not just worried about them impersonating us to target consumers we're not just worried about them impersonating us to, you know, maybe target our executive team.

But we're actually seeing more and more, you know, fake personas enter our job uh hiring framework, our our job hiring pipeline, maybe is the better term.

And um and it's incredible to see kind of the connection between that and you know, a lot of the job scams that we see, right?

Because the job scams actually help not just you know have the threat actor profit financially but actually profit in terms of collecting a lot of PII uh get information on what sort of personas we'll be applying to these sorts of companies and ultimately using that data to help construct their personas uh to get into these companies.

So, um I think that's the one that keeps me up at night, Pam, is thinking about how to solve that inside a threat problem and especially when we know that it's not just, you know, the everyday threat actor groups, but even the nation state actors at times, right, that that are targeting um you know, different businesses.

>> Yes. It's especially hard for my global companies, >> right?

Because it's not Yeah, it's not local, it's not domestic, right?

Uh very interesting. Yeah, the insider threat problem def we did we have talked about that.

So, uh you know any I know we're getting close on time. I just wanted to see if there was anything we didn't cover any you know additional thoughts or or final thoughts if that's the case.

>> Yeah. Well, I I'd say actually so one thing that we didn't cover Pam and I know um you and I are going to do a deep dive on this actually very soon is you know I think the big thing about Dopples we we want to be constantly innovating.

you want to be constantly adding new products.

Uh we actually just launched a brand new product around deep bake simulation that basically takes the data from the threat graph and enables you to then roleplay that very impersonation scheme or that very um social engineering uh attack um as a simulation for for for your company.

So for example, we actually ran an interesting um we actually ran an interesting example with a particular Fortune 500 customer and we saw 100% engagement rate with the help desk which means which is defined as the help desk actually viewing uh these deep fake AI agents as real people.

um they on average were on the phone with them for six minutes and we even had some people on the help desk talking to our deep fake AI agents for as long as 20 to 30 minutes. Um and so it just goes to show right how how how big this impersonation problem really is.

Like impersonation is not just you know the commoditized takedown problem.

at the end of the day like this is all part of larger threat actor infrastructure, larger threat actor campaigns and how do we help solve for this in a variety of different ways and so that that would be my parting note is to really think about the problem holistically and how can we you know continue to do more for our customers to solve that >> that okay so I'm learning I know we have a meeting coming up on this I know >> but so just to make sure our viewers understand it uh and and myself as well so there's two two sides to this.

One is is um expanding the understanding of your threat graph by doing a simulation for the customer >> for your customers. Uh and then there's another side that almost sounds like training showing the Is that true?

Like where you're >> Yeah.

Yeah. So I Yeah. I mean I almost I I would almost say the relationship is the other way around. It's okay from this from this threat graph we can now go run a like we actually have a click flow uh in our app where hey we saw this recent impersonator Pam let's say on WhatsApp right now click on uh click on click a button to make it actually run as a simulation and it serves as both you know maybe it's security awareness for Pam's organization um and then also a little bit of you know social engineering pen testing at the end day right like hey does our helped us actually listen to Pam for, you know, six minutes or even as long as 15 to 20 minutes thinking that it's actually Pam, right?

Does, you know, does someone actually respond to that WhatsApp message um that's, you know, similar to the WhatsApp attacks we've been seeing in our company uh for the past, you know, uh 3 to six months. So that's the sort of, you know, ideation that we're doing at Dopples like from this very threat graph, from this very data, what else can we deliver? And so yes, uh the quick answer to your question is like yes, there's a security awareness component and training component to it as well.

And do you have any thoughts on how the how the I mean I guess security and awareness training is is really critical and >> right >> required and and maybe just seeing that as sufficient but uh is there any detection possibilities there or >> yeah I mean um we're we're constantly thinking about new products Pam and you know me like I I'll keep jamming on them with you but our vision right is we want to be the one-stop shop at the end day to detect these attacks, take them down, and now we can simulate them as well.

So, um, from one platform, detection, takedown, and simulation.

>> Excellent. Yeah. Well, good. Um, I was going to see if I could share your email address with our viewers.

>> I'm I I'm happy to. So, kevin doppel.com spelled normal way, keyn and uh I'm always happy to chat with anyone who uh wants to dig deeper into this space.

Yeah, I think that people will be very curious and I there everybody's always welcome to reach out to me but I thought wow here's an opportunity for them to reach out directly to you. So um thank you Kevin.

This was a fascinating conversation and really and congratulations on all your success you know really really exciting uh solution and platform and one that you know has got the whole industry you know saying hey we finally have figured this this out you know we can actually be proactive detect and do these takedowns in a timely manner. So, um, appreciate your time and have a, uh, great rest of your day.

>> Well, I was going to say, you know, right back at you, Pam. Thank you so much for having me today and thank you for all the great advice to me personally, you know, o over the I guess it's, you know, been almost a year now, right?

um >> you can work together. Yeah. Yeah.

Exactly.

>> I mean it's my job to bring you know these in this innovation to my my Fortune 500 CES and this has been a joy.

A real joy.

>> Likewise. clockwise.