Success is a double-edged sword for high-growth technology companies. As user bases explode and product features expand, so does the attack surface.
Nowhere is this truer than for one of the world’s leading productivity platforms.
Known for unifying documents, wikis, and project management, the company has seen exponential growth, scaling its security organization from two engineers to a robust team of over 50 in just four years. But as the company democratized productivity for millions of users, it also became a primary target for adversaries.
Here’s how this productivity giant partnered with Doppel to dismantle a persistent ‘malvertising’ campaign, protect its executives, and modernize its approach to human risk management, ultimately costing threat actors millions in wasted ad spend.
‘Malvertising’ & the Trust Deficit
“Whenever you sign up for a SaaS app, there is some level of risk that your data may be exposed or used for something malicious. We believe in doing everything that we can to prevent that from happening, this also includes securing the pathways in which current and potential customers use your product.the company’s security lead says.
External threats began to target the company, making that commitment more important than ever. The security team faced a severe and persistent ‘malvertising’ attack. Adversaries were purchasing paid ads on search engines and social media, masquerading as the productivity platform.
These ads directed unsuspecting users to download what appeared to be the company’s legitimate software installer.
The reality was far more sinister. “Attackers were injecting malware into our binary and making it look legit,” the lead recalls. Users would download infected software, leading to compromised systems, and the platform would bear the blame.
“People were eventually discovering it was malicious and then saying, ‘You have a security incident on your side. How did your binary look malicious?’”
The security team initially relied on a legacy vendor to handle these takedowns, but the results were lackluster. Takedowns would linger for weeks, allowing the attackers to continue their campaigns and damage the company’s reputation.
With the legacy vendor, the security lead realized they were fighting a losing battle.
Speed, Automation, and the ‘Build vs Buy’ Dilemma
A clear ultimatum brought the company to Doppel: Solve the problem that the previous vendor couldn’t. “This is the problem we’re having. If Doppel can solve it for us, we’ll partner with you,” the security lead recalls saying.
The results were immediate. Doppel’s social engineering defense platform took down almost all of the active malicious ads within the first day; these threats had been active for over a week under the previous provider.
AI Integration Strategy
Alongside immediate takedowns, Doppel aligned closely with the company’s forward-thinking approach to AI security.
The security lead describes the typical ‘Build vs Buy’ dilemma. While the company has the internal capability to build powerful AI agents, it recognized that the agents were only as good as the data feeding them. “We have our own AI, but we’re a productivity platform. The company wasn’t built to detect or take down impersonations, so our agents are limited by the knowledge base they have access to. Doppel has much more data supporting this effort across multiple customers,” the lead points out.
The security team created a fortified ecosystem by integrating Doppel’s threat intelligence with its internal AI agents. Now, when an alert goes off, the internal agents instantly query Doppel’s enriched data.
This integration allows the team to automate investigations, pulling IP addresses and threat actor data before a human analyst even opens the ticket.
Expanding the Scope: Executive Protection & Privacy
As the company grew, its leadership team became targets for harassment and social engineering. Executives were receiving unwanted phone calls on personal devices, a common tactic used to pressure high-value individuals.
In turn, the security team expanded Doppel’s scope to include executive protection. Doppel successfully scrubbed personal executive information from data broker sites and public repositories.
The result was a near-total halt to the harassment. By removing the publicly available data that fuels these attacks, the company significantly raised the barrier to entry for adversaries.
A New Philosophy on Phishing Simulations
Perhaps the most culturally significant shift came in how the company handles human risk management.
Historically, phishing simulations in the corporate world have been punitive; used to trick employees and punish those who click. But the security lead vehemently opposes this approach: “It’s sad to see that much of the reason phishing simulations have a bad name is that they’re used as disciplinary items creating fear.”
The productivity platform adopted Doppel’s phishing simulation capabilities to educate, specifically targeting high-risk areas of the business, such as customer support.
Unlike legacy tools that rely on generic templates, Doppel’s simulations are backed by real-time threat intelligence. “Doppel is in a unique space because it has a ton of intel,” the lead notes, pointing out that the platform stays on top of the always-changing landscape.
Doppel ensures that the company’s employees are trained against the actual tactics adversaries use today, rather than the threats of yesterday.
Millions in Damages Diverted
The productivity platform’s partnership with Doppel has delivered quantifiable ROI, not just in time saved but in financial impact. Attackers have been forced to burn through budgets without a return on investment, all because the company has automated the detection and disruption of malicious ads.
“When we consider the cost of taking out ads and how many we’ve taken down, we’ve easily cost the threat actors millions of dollars,” the security lead estimates.
Here are several key outcomes:
- Rapid Takedowns: Reduced time-to-takedown from weeks to hours, removing malicious binaries from the web instantly.
- Vendor Consolidation: Replaced ineffective vendors for deep web scans and takedowns, reducing administrative overhead.
- Executive Privacy: Successfully scrubbed executive data, stopping personal device harassment.
- Brand Integrity: Restored customer trust by eliminating the primary source of malware infections masquerading as the brand
“Don’t Be the Slowest,” Switch to Doppel
“Don’t be the slowest one in the group when getting chased by bears,” the security lead jokes.
This productivity giant transformed a lucrative target into a frustrating money pit for cybercriminals by leveraging Doppel. It moved from reactive, manual investigations to proactive, automated social engineering defense that spans the dark web, paid ads, social media, and beyond.
As the company looks to the future, it plans to deepen its investment in internal threat intelligence and further integrate custom AI agents with Doppel’s data. In a world where AI drives both productivity and cybercrime, this partnership proves that the best defense is a unified, intelligent, and automated one.
Get a demo with Doppel to discover how our AI-native threat intelligence platform achieves a 99.7% takedown success rate for the world’s top brands.