The Anti-Phishing Intelligence Platform
Stop Users from Engaging with Malicious Emails
Get PhinPoint and protect your users from Fraud, Ransomware and other Phishing attacks.
Vastly reduce the chance of employees falling for phishing attempts
Reduce the number of calls to a service desk
Raise security awareness
Decrease downtime/ reduce the amount of time restoring workstations, servers, etc...
Offer something that actually prevents malicious activity through email
What does PhinPoint look for?
Common Phishing Indicators
We collect the terms and phrases that phishers use and highlight these. Many times, the terms appear in valid emails, and that’s okay, as we always want people to be high alert when an email is talking about passwords or transferring money. We look for terms that, when combined with a sense of urgency, may indicate a possible phishing attempt. We identify when these terms are close to each other in the text.
Phishers will commonly change the name on an email to match that of an executive or other trusted person. The actual email address is never that of the trusted individual, but most email clients do not show the email address by default. We get a listing of known emails for individuals in your organization and will highlight any time an email comes from an address outside of that list.
Known Phishing URL
We integrate with a repository of known phishing URLs (updated hourly). Any links in an email are checked against this repository and if there is a match then an alert is triggered
A slightly more sophisticated attack, a domain is purchased that is a slight variation from a known good domain (TR4CESECURITY.com, or tracėsecurity.com for example). This is designed so that even if the user checks the email address, it will look to be valid. We compare the domain against a known good domain and flag any that are similar
How are your clients alerted?
Alert messages are generated at the top of flagged emails based on the type of attack method being used. There may be multiple alerts generated if more than one attack method is discovered.
Your options for handling flagged emails:
After applying filters, a score is generated, and we make a decision how to handle the email. The following options are available:
Send unmodified email to intended recipient
Send modified email (with the headers) to the intended recipient
Send modified email to intended recipient and copy a quarantine address
Send modified email to a quarantine box
Drop the email
What types of metrics are available for reporting?
For each domain, we capture the total number of emails that come in, the number that are identified as spam/virus, and the number of flagged emails (that fire on any filter)View Sample Report
How configurable is the tool?
We have a web-based form to allow for configuration of certain features. The following can be configured:
Suspicious Term List
Primary, secondary, and suspicious, as well as scores for each term (if certain terms should result in a higher score)
Any phrase that will be excluded from firing the suspicious terms filter
Trusted Name/Email Combos
Known Good Domains
For domain similarity check
Quarantine Email Address
Where to send spam of flagged emails
How is it setup?
PhinPoint relies on either a change to MX record (if in front of spam filter) or modification to spam filter to relay emails to us. Hosted in AWS.
We have the ability to also screen for spam and viruses. This is an optional setting in AWS, however, the settings are not as configurable as more complex or fully-featured spam filters. If an email is marked as spam or containing a virus there are a few options:
Send email to intended recipient
Send email to quarantine mailbox