Okay, thank you everyone for joining. Um, we are going to kick this off and I will hand it to Dylan Deanda to begin. >> Hey everyone, welcome. My name is Dylan Deanda. I'm the field CTO here at Doppel and we are thrilled that you're here for our live demo on how Doppel disrupts digital impersonation at scale. Before we get started, there's a couple of quick housekeeping notes I wanted to share with you. First, today's session is being recorded, so you'll get the replay. And to keep things smooth, all of the mics will be muted. And if you have any questions during this presentation, please make sure to drop them in the Q&A function, and we'll answer them at the end. With that, let's

kick things off. All right, quick question for everyone in the chat. How many of you have had a snitching, a vishing, or a fishing incident this week that made it through to you?

Okay, I'm seeing some hands go up. All right. Now, how many of you actually worried that it was real even for just a second? Like, you had to stop and think about it.

Yep. Well, that's the problem that we're going to be solving in the next 30 minutes here today. Because if you, the security professionals out there in the industry, had to think twice, what chance does anyone else have? So, quick introduction. , I'm Dylan Deanda. I spent 11 years at Tanium deploying to the Department of Defense and before that I was at LoudCloud and before that McAfee and I began my career in cyber as a US Army signals intelligence analyst and a Korean linguist and voice interceptor. I have secured some of the most locked down networks on the planet.

All five DoD service branches, classified environments, air gap systems, and I still watch social engineering attacks succeed. It's not because the defenders weren't smart.

It's because the tools were designed for the wrong threat model. And that's why I'm here at Doppel today. So, you know, as example, you've all heard the stories about a Fortune 500 company being breached, losing millions of dollars and decades of hard-earned trust all in the blink of an eye. And it's easy to think that it could never be you. Your team does security awareness training every quarter. You have the latest email system. You have SIMs. You have EDR solutions in place. You're safe.

And that's all part of a strong security program. But none of them are linking the signals together. They don't realize that the fake email, the new domain registration, the spam call, and the fraudulent social media page, we're all part of one campaign, one attacker, and one infrastructure.

And this is why Doppel is outpacing what's next in social engineering. We take a multi-channel graph-driven approach to social engineering defense, and that's powered by agentic AI automation. So Doppel helps you detect, correlate, take down, and train against the most modern attacks across domains, social, telco, the dark web, and even more channels. And ultimately, Doppel helps you to outpace what's next in social engineering. And and here's why this matters. Because bad attackers are moving fast using generative AI. In the last 30 days alone, Doppel's detected over 2.3 million verified alerts. And that's fraudulent social pages,

malicious paid ads, impersonations of executives, and phishing attacks that would trick even the most security conscious. But we know the last thing you need is more alerts to keep you up at night, right? How many SOC engineers are out there saying, "Gosh, there's just not enough to do in the day. I wish I had more alerts." Well, in the last 30 days, Doppel had a 3.8 hour average time to first enforcement against those social engineering assets. And that means just within a few hours of detecting impersonations or frauds or scams or cyber criminals, Doppel was already taking action to disrupt that campaign.

And this month, our average time from detection to resolution was just under 2 and 1/2 days. Now, let that sink in. That's fast. Because the longer those threat assets remain resident means you're 1 second closer to a breach, to a regulatory fine, to physical harm to an executive, or worse.

So, how does it work? So, here's what I'm going to show you in the next 30 minutes. We're going to show you some real attacks out there that can pretty much bypass every traditional control that you have in place and why your current tools missed it. And it's not your fault. a completely different approach that dismantles attacker infrastructure instead of chasing symptoms. By the end, you're either going to think I'm crazy or you're going to realize your entire security stack is built for the wrong problem. But either way, I hope you remember this demo.

Let's get into it. All right, ladies and gentlemen. So what you see before you here on my screen is the Doppel vision console and this is where we process our alerts, do our analysis and more importantly we take action against all of these threats out here. So Doppel's core capability sets are around brand protection, protecting the world's most important brands from impersonation, from scams and frauds in their name, where it erodess their brand trust, where it diverts revenues from their finances.

We also have executive protection which focuses on the removal of personally identifiable information for executives as well as identifying any executive person impersonations that may be used in some type of social engineering threat to try to get an employee to give up their passwords or to sign up for a fake job scam. And we also have simulation which allows us to take any one of these alerts that you see before you and turn those in to an actual campaign, a multi- channelannel campaign that is hyperargeted and hyper realistic. But we'll jump into that in just a moment. First, I wanted to share with you our thesis here at Doppel. We

want to basically share with you, we want to understand what do you want to protect and where do you want to protect it and that what means what brands, what executives and where do you want to protect it is across all of the channels that Doppel supports here. These are the threat factors that the attackers are using today around spoof domains, typo squatting, around social media and that's not just single social media.

That's all of your global social media like Line, Weebo, WeChat, Cacao, Truth Social, Blue Sky, X, Meta, Pinterest, and the list goes on. Mobile apps across across these stores, these third party sites where they're implanting malicious logic or they're basically selling very, very exploitable versions of this software. We cover email and telco. And you say, "Well, Dylan, why is email and telco important? Those are old school."

Well, it's important for us to be able to link all of these threats together into what we call a threat graph. And I'm going to show you that in just a moment. Malicious paid ads, where they're using search engine optimization poisoning to drive traffic that would have gone to a legitimate site into a nefarious site where they're doing credential theft or fishing sites or job scams. Crypto and NFTts. These are incredibly important for financial services companies that are launching onto the web 3 markets. code repositories where we're seeing source code being left open in the wild. We're also seeing bespoke exploits being developed for specific organizations and brands. Dark web as well as dark web

marketplaces as well as being able to pull in stealer logs to identify what machines may still be infected out there in the corporate environment as well as e-commerce where we're seeing a lot of diversion of revenue from an organization, from a celebrity, from a sports team into these unauthorized channels. But as you can see here, we have what we have call a threat grid.

And this threat grid is a list of all of the alerts that we've pulled for a particular brand. And so in today's demonstration, I've pulled in a few brands here. And these are for educational purposes only. And this does not imply any type of association between Doppel and that brand. But I just want to show you what's out there on the open web that's available on the public internet. As you can see here, we have Amazon support numbers. , we have Facebook ads that are driving traffic towards illegitimate sites. We have Tik Tok pages for Amazon support. We have a an app you can install on your mobile device for Spotify and download premium content. We see Spotify tools out there.

There's so much out there to choose from. It's really easy to pick and choose and see what these social engineers are doing today. But let's go ahead and jump into a few examples that I selected that I thought might be interesting to tell a wider story. So we'll start with executive protection here and you can see that Sundar Pichai has a telegram account and this is the official account on telegram for Sundar that that gives credibility right there and so someone is out there impersonating Sundar and perhaps running scams perhaps trying to lend credibility to a wider play but ultimately this was what social engineers are doing today is making you

believe that they're someone else. We can see on Instagram here, Sundar has 41 followers. I wonder what kind of information he's putting out. Maybe corporate forecasts.

And we also see here that Sundar is on X as well. He is covering multiple channels. But what's really scary to me here is that Sundar has 1,312 followers. And he's also putting out offers out there that if you like his page and follow him, then he'll give you a fraction of a Bitcoin. And then that transitions over into a telegram channel where they give you a URL to go to to connect your wallet and then your wallet gets drained. These are the tactics, techniques, and procedures that we're seeing out there today.

Now, if I wanted to effectively, I could go in here and I could with one click take down this fake Sundar. Bad Sundar, you're coming down. And with that, that goes into our 24 by7 fully managed SOC that provides white glove service to our customers. And our engineers and our LLMs will work together to effectively compile all of the evidence and then submit that to in this case X and show how this is a violation of their terms of service. And we will continuously monitor that takedown request until it's all the way down. And that's the real value. But it doesn't stop there. If

that site ever revives, if evil Sundar comes back up, our LLMs will detect that and automatically take that down. And at Doppel, we have unlimited takedowns for our clients because we want to become a life cycle partner with you.

All right, let's dive into a few more juicy alerts here. So, as you can see, , we see applebitcoins.com. Here is the domain, and we've got the URL. And this looks like a fantastic deal for us here. I can save $100 on a MacBook Pro and all I have to do is pay in Bitcoin. Well, this is fantastic.

Now, I see that this is probably not an authorized Apple reseller here, but they are using the name. And so, through natural language processing, we were able to detect that name, the brand name, as well as optical character recognition or computer vision was able to detect their logo even though they tried to obiscate it. But now we've also got all of this evidence down here about the data was created updated the registar their IP address and their MX records which means they may also be sending out fishing emails here. But let's take a look more interestingly at what's connected at this attacker infrastructure you see here. This gets a lot bigger now. We can see here that not

only do we have the domains but we have each of the URLs for the products that they're selling. We also have an Instagram page here and we have a telegram for Apple bitcoins as well as a telephone number and a WhatsApp number.

And so this is a very complex attacker infrastructure where they are most likely using multiple methods to contact their victims and also avoiding detection on these encrypted channels.

But as you can see here, Doppel was able to actually identify those. And most importantly, in one fell swoop, we can take this entire attacker infrastructure down because you don't want to continue playing the game of whack-a-ole. You don't want to take one asset down while you miss the other five. And that's extremely important because with generative AI, it's far too easy and far too cheap for these social engineers to use things like spam GPT, Worm GPT to create malicious content, , fraud GPT, and deep fakes to be able to go after these brands and their clients more

importantly, and steal bitcoins from them. And so, as you can see here, we've got, you know, this , Apple Bitcoins, and maybe they are legitimate. Maybe there aren't authorized you know infrastructure or channel for for Apple.

But when we did a little bit of research on here, you can see that their customers are complaining that they sent in a fraction of a bitcoin for a MacBook Air, but they haven't received it. And they've tried to call and write, but no answers. They tried all the phone numbers here and gotten no response.

What is going on? And that's what we're here to defend against, ladies and gentlemen, is this type of fraud and activity here. So, let's dive into the next alert here. And you can see that this is a Telegram site for buying verified Apple ID accounts. And they'll give you fast delivery on that. What a great opportunity here. And this is important because if you're receiving stolen goods like a stolen laptop, you don't want to probably use your own credentials or your own Apple ID for this. But how do you get a legitimate one without giving up your phone number,

without giving your identity away? So in that case, you can come to buy fivestarshop.com and get legitimate Apple IDs that are verified with fast delivery as we saw.

And then importantly here we can also see the threat graph load and we can see that there's a telegram channel here and we can pivot over to that and take a look at that telegram channel and see that there's even more here. There is a domain here deviantart.com. We see the WhatsApp numbers and the telephone numbers and that WhatsApp and telephone number being matched up and correlated is important because if you just try to take down the WhatsApp number, which is extremely difficult for most organizations, I had a head of security tell me that he tried for 6 months to get a WhatsApp number down overseas.

Even went so far as to call in a personal relationship from someone over at WhatsApp and they said, "I'm sorry, we're just not going to be able to do it for you." With Doppel, we were able to get that down in just over a day. And that's the real value is allowing those services to be handled by professionals who do this day in and day out. And we've got this entire attacker infrastructure here. And now beyond just the WhatsApp account, we can match that to the telephone number and take it down. Because if you're trying to just take down the symptoms of a problem like the WhatsApps, you have to go to the root of the tree, which is the telephone number, and take it out at the roots.

All right, let's take a look at another example here. This is an example of our simulation campaign. And our simulation campaign is a multi-channel approach to security awareness training and more importantly building resilience. And we call this vibe fishing just like vibe coding. Now with a single prompt to an agent, you can develop a complete campaign or a multi- channelannel attack campaign to test your organizations.

Whether that's the customer support desk, whether that's the finance team, whether that's your executives or the server admins, we can target these and send them out on whatever periodicity you'd like to keep that campaign rolling and continuously evaluate the efficacy of your security controls and your team's human risk management. So, as you can see here, I put together a prompt for this to create a smishing campaign asking a user to reset their corporate password via octa. And this is urgent due to an emergency upgrade of octa. And this is being sent by the head of security, Kendra Kulie. So, we can also tell it to use a sense of urgency and

authority. And if that user doesn't update in the next 30 minutes, tragedy, their account will be locked out. And with that, we can also do what we call recon. And the agent will then take a target URL. So for example, this is Doppel's corporate Octa instance. You can see it matched our brand colors and looks exactly what I would normally use.

And we also have a bait path URL that they're being click being asked to click on. And then we can set a difficulty level here. So I'm setting this one to an advanced difficulty level.

And now you can see over here in the preview that urgent octo emergency upgrade in progress. Reset your corporate password. Your link will be your Here's your new link. And [snorts] now you have 30 minutes left or your account is locked. Kendra double security. Now what's also interesting is I can put this into write this in Spanish.

And let's update our preview here. And again, this is really important for multinational corporations out there and global corporations that are dealing with their staff in Brazil, they're dealing with their staff in mainland China, they're dealing with staff in Japan, or they're dealing with staff in Latin America because you want to make these hyperpersonal. And so you can see, I won't try this in Portuguese, but you can see here that we have Portuguese version or excuse me, the Spanish version. So, I'll spare you the rest here, but again,

this is the flexibility that we can achieve here. And this is why click rates are now dead and why we're seeing organizations struggle to keep up with the pace of these attackers that are going across email, SMS, Telegram, WhatsApp, fraudulent LinkedIn accounts or even, you know, going out and doing the the the visioning that we're seeing out there. And this is the struggle that we're faced with today.

Oh, excuse me one second here. I'm getting a a call. Yeah. Hello. Hello. Hello. I'm so sorry, team. Hi. This is Dylan.

>> Hey, Dylan. Thanks for picking up. This is Bobby Ford, chief strategy officer here at Do. I'm calling because we've got a critical system issue with our octa upgrade that's causing a P1 outage for our customers, and I need to get your MFA code from your authenticator right now so we can verify your access and get this resolved. , hey. , I'm so sorry. I'm on a call right now.

>> No problem at all, Dylan. So, I just need you to pull up your Octa authenticator on your phone real quick and read me the code that's showing on there right now. That'll take us about 30 seconds and we can get your access restored. No, >> I'm sorry. That goes against our security policies. I'm I'm not allowed to do that.

No, I can't do that. All right. Thank you very much. Bye-bye.

So, as you can see here, these deep fakes are far too effective. They are believable. They're hyperpersonalized and hyper realistic. And so with that, ladies and gentlemen, you've seen the Doppel capabilities here. And that was a quick look at the product in action.

Doppel also just announced today that we've raised $70 million in our series C round and puts us at a $600 million valuation. And more importantly, Doppel is trusted by some of the best brands in the world, including some of the companies that you can see here. Why?

Because we replace disconnected point tools with one unified platform. because we process over a 100 million security data points per day on your behalf. And that means less work for your SOC and giving you the true fidelity in the signal that you're receiving on actionable threat intelligence. And because we don't just detect deception, we dismantle it. Now, let's go ahead and jump into the Q&A. And as a reminder out there, please, ladies and gentlemen, please drop those questions into the Q&A function and we'll get those answered for you.

Okay, let's see what we've got. All right, Q&A. We've got two questions in here.

All right, we've got one from Sanjet. Ready? Thanks, Sanjet. Are you utilizing agentic systems and web scraping to identify threats? If so, how are you adhering to other brand security policies when doing that? Eg scrapingx.com to find fraudulent profiles. That's a great question.

Sanji appreciate you asking that and so we are using a agentic systems to go out and identify [snorts] through various sourcing methods and through basically scouring the surface web, deep web and dark web to find those infringements of brand as well as executives. And when we find those, we effectively make an argument with the provider of that platform how this violates their terms of service. And that's one of the most important things you can do is really deeply understand their terms of service. And that's where our LLMs help to build that argument and measure that for e efficacy and for speed of

takedown. Appreciate you finding that. Okay. And we've got another attendee here. Does training have to be run alongside attack simulation campaigns?

We absolutely do incorporate training as a part of the full life cycle of these simulation tests. And so since I I failed my visioning simulation here, um effectively what I'll get is an email from the security team asking me to take the required training along with a quiz.

And with that we also have the ability to show you all of the insights on where your team is achieving or succeeding, where they're needing improvement. We can basically show the number of attacks, the total campaigns that have been sent and more importantly the total link clicks and data submissions because that's really what we're guarding against is that submission of data out there. More importantly, we can also compare between organizations and within industry. So I can compare doppel and their performance and human risk factor against someone in the financial services industry. Or if I'm within the financial services

industry, I can compare myself with my peers. Great question. Thank you for that. And next question that came in, why is Doppel so much faster at attack takedowns? That's a great question. I'm I'm really glad that you asked that. And the key is number one, our ability to detect. And so we use LLMs to go out and scour hundreds of millions of URLs, domains, social media sites, and the dark web every day, all day. And so we're not throwing humans at the problem. We're showing throwing machines at the problem, as are the attackers.

Second is our speed of processing and analyzing those alerts. So we have a 24 by7 fully managed SOC that we run for our customers. Tier one of that SOC is actually an AI agent and that's where they're doing the scoring, the evaluation and the analysis of each of those alerts as well as adding additional intelligence and context around those alerts. Then we have tier two and tier three which are our human analysts in the loop and they are also validating those alerts and adding additional information and intelligence and by that time it makes it to our our customers in one of two ways. Either we conduct an automated takedown based on a predefined rubric with that customer

that says if a plus b plus c are true automatically take this down and that increases the speed dramatically. >> [snorts] >> And secondly, if we're unsure of this or if this may be shadow IT or it may be um you know an old creatives agency that's leaving up a a new version of your website on the web, then we also want to make sure we're not falsely taking those down as well. And so that's where our customers come in as the confirmation layer to make sure that those happen.

Ultimately, all of those factors put into place along with our LLMs that are helping to automatically submit these and expedite the takedowns and the monitoring of those takedowns. This is what gives us that speed and that scale, that volume and velocity. Thank you for the questions.

All right. Are there any other questions out there, ladies and gentlemen? Please don't be shy. Aha, got another one in here. I love the interaction.

Thank you. What are legacy security awareness tools lacking when it comes to cyber security training for enterprise employees? Listen, I think there's a lot of great tools out there that are doing a wonderful job in the single channel that they're focusing on. Email compromise still important, but I think all of us can smell one of those fishing simulation emails a mile away. And that's why I believe click rates are dead. But what they're not able to to really understand is when an attacker is coming at you with a multi-pronged campaign that's intended to just get it right once and play on the emotions of the human to box and play on the sense

of urgency of humans. And ultimately we all want to be helpful and therefore this is what they're lacking. And so being able to simulate exactly what these attackers are doing across multiple channels with efficacy using agentic systems and and LLMs to build these campaigns, do the reconnaissance.

This is what they're lacking. Thank you for that question. And what's next on the Doppel road map? Well, we continue to monitor everything that the social engineers are using out there and we continue to build on top of our existing capabilities, deepening and strengthening those detections. getting faster and faster takedowns and making sure that we're at the forefront of social engineering defense because at Doppel, we are here to battle all things social engineering to protect our customers. We are the defenders of truth.

How many languages does cover? Great question, Nelson. I appreciate you. , so we can detect in all languages of the world using LLMs, just like you can go into chat GPT and ask it to translate Hindi into Spanish. This is the same thing that we do here as well. Thank you, Nelson.

All right, that looks like it's it for the question and that wraps up the questions we have. So, here's what happens next. I would love to invite you to connect directly with our team. We can take a look at the impersonations and social engineering threats that are targeting your executives, your customers, your employees, and your brands. Better yet, we can start dismantling them today. So, please take a look at this QR code in order to book a personalized demo with our team to get started. I hope you do because I'd love to show you what's out there directed at your brand and your executives and your clients. But let me leave you with this, ladies and gentlemen. Your current

approach is reactive. It's fragmented. You're chasing symptoms across five different tools. The Doppel approach is proactive. It's unified. It's a platform. And that platform is dismantling attacker infrastructure before it scales. We're getting left of bang before that actor can affect that threat campaign. We've already identified it and dismantled it. And that keeps us left of bang because 98% of breaches involve social engineering.

The question isn't whether this is a problem. The question is how long can you afford to be reactive? With that, ladies and gentlemen, I want to thank you for your valuable time and for joining us here today.

Thank you.