What if the solution to credential theft was to play the same game as the attackers? After managing a major spear-phishing crisis, we developed a defense strategy called Phish-Back, designed to proactively recover stolen credentials before they can be used in attacks or disclosed on the dark web.
By using the attackers’ own tactics against them, this approach not only prevents credential abuse but also produces a new form of Cyber Threat Intelligence directly sourced from attackers themselves. It reveals insights that traditional tools cannot provide: attacker IPs not yet known as malicious, real attack frequency and timing, who within an organization is being targeted, and how much information the attackers already have.
This talk will present the technical foundations of the Phish-Back approach, lessons learned from two years of deployment, and how this intelligence could reshape collective defense across the retail and hospitality industries.
