PhinPoint

The Anti-Phishing Intelligence Platform

Stop Users from Engaging with Malicious Emails

Get PhinPoint and protect your users from Fraud, Ransomware and other Phishing attacks.

What is PhinPoint?

As I’m sure you are aware, 90% of data breaches begin with a targeted email phishing attack. Hackers have become increasingly more effective at delivering these emails and bypassing traditional anti-malware and anti-spam solutions, using tactics like CEO Fraud, Business Email Compromise, or Ransomware.

Your clients can undergo all of the testing and training, but ultimately we've identified that there needs to be something else in place that can help identify and alert users of malicious attempts through email.

So, we have developed a new anti-phishing / fraud product, called Phinpoint, that identifies, filters and alerts customers of these phishing emails. An alert is displayed as a header on the email notifying the customers of why we are alerting them and what to look out for. We believe that through these alerts, we will:

  • Vastly reduce the chance of employees falling for phishing attempts

    Vastly reduce the chance of employees falling for phishing attempts

  • Reduce the number of calls to a service desk

    Reduce the number of calls to a service desk

  • Raise security awareness

    Raise security awareness

  • Decrease downtime/ reduce the amount of time restoring workstations, servers, etc...

    Decrease downtime/ reduce the amount of time restoring workstations, servers, etc...

  • Offer something that actually prevents malicious activity through email

    Offer something that actually prevents malicious activity through email

What does PhinPoint look for?

Common Phishing Indicators

We collect the terms and phrases that phishers use and highlight these. Many times, the terms appear in valid emails, and that’s okay, as we always want people to be high alert when an email is talking about passwords or transferring money. We look for terms that, when combined with a sense of urgency, may indicate a possible phishing attempt. We identify when these terms are close to each other in the text.

Spoofed Senders

Phishers will commonly change the name on an email to match that of an executive or other trusted person. The actual email address is never that of the trusted individual, but most email clients do not show the email address by default. We get a listing of known emails for individuals in your organization and will highlight any time an email comes from an address outside of that list.

Known Phishing URL

We integrate with a repository of known phishing URLs (updated hourly). Any links in an email are checked against this repository and if there is a match then an alert is triggered

Domain Impersonation

A slightly more sophisticated attack, a domain is purchased that is a slight variation from a known good domain (TR4CESECURITY.com, or tracėsecurity.com for example). This is designed so that even if the user checks the email address, it will look to be valid. We compare the domain against a known good domain and flag any that are similar

How are your clients alerted?

Alert messages are generated at the top of flagged emails based on the type of attack method being used. There may be multiple alerts generated if more than one attack method is discovered.

Your options for handling flagged emails:

After applying filters, a score is generated, and we make a decision how to handle the email. The following options are available:

  • Send unmodified email to intended recipient

    Send unmodified email to intended recipient

  • Send modified email (with the headers) to the intended recipient

    Send modified email (with the headers) to the intended recipient

  • Send modified email to intended recipient and copy a quarantine address

    Send modified email to intended recipient and copy a quarantine address

  • Send modified email to a quarantine box

    Send modified email to a quarantine box

  • Drop the email

    Drop the email

What types of metrics are available for reporting?

For each domain, we capture the total number of emails that come in, the number that are identified as spam/virus, and the number of flagged emails (that fire on any filter)

View Sample Report

How configurable is the tool?

We have a web-based form to allow for configuration of certain features. The following can be configured:

  • Suspicious Term List

    Suspicious Term List

    Primary, secondary, and suspicious, as well as scores for each term (if certain terms should result in a higher score)

  • Excluded Phrases

    Excluded Phrases

    Any phrase that will be excluded from firing the suspicious terms filter

  • Trusted Name/Email Combos

    Trusted Name/Email Combos

  • Known Good Domains

    Known Good Domains

    For domain similarity check

  • Quarantine Email Address

    Quarantine Email Address

    Where to send spam of flagged emails

How is it setup?

PhinPoint relies on either a chance to MX record (if in front of spam filter) or modification to spam filter to relay emails to us. Hosted in AWS.

We have the ability to also screen for spam and viruses. This is an optional setting in AWS, however, the settings are not as configurable as more complex or fully-featured spam filters. If an email is marked as spam or containing a virus there are a few options:

  • Send email to intended recipient

    Send email to intended recipient

  • Send email to quarantine mailbox

    Send email to quarantine mailbox

  • Drop email

    Drop email

Contact Us

Want more information on PhinPoint? Reach out to our Business Development Team.

Contact Us