Domain spoofing can be difficult to detect for even sophisticated and cautious users. Most users trust the authenticity of the email address that they see in the “From” field of emails they receive. Or they scan briefly and may miss a single character in a domain or email address. If an email claims that it comes from the CEO, and the email address is correct, then the recipient trusts the email. However, this field in the email can be forged to make a phishing email appear to come from a legitimate source. INKY’s intelligent machine learning algorithms prevent spoofing by catching abnormalities in text, fonts, and domain names, even if the threat has not been seen before.
While some phishing protections products are claiming to use Machine Learning, INKY actually builds social graphs using Natural Language Processing (NLP) and other machine learning techniques to profile behavior of senders, their identities, and their patterns. Any email pretending to be from that sender and not matching the model is marked as suspicious, while INKY continues to learn from your feedback.
INKY’s algorithms are sophisticated and unique in this industry. Using Computer Vision, the email protection software uses a combination of techniques, “seeing” the email as a human would. Other times INKY detects tiny anomalies in text, characters, fonts, and logos that humans would miss. The vast database of domains used in global corporations, coupled with the machine learning behavior profiles, brings phishing protection to a highly advanced level.
The presence, absence, and content of certain email headers can be largely consistent across a user’s communications, yet dramatically different from that of another user. INKY analyzes the header information of a user’s emails to create a model of common contents and then compares this model against future emails to detect anomalies, which may be indications of domain spoofing.
The use of email signatures is the most common protection against domain spoofing attacks. Several types of email signatures exist (including DKIM, DMARC, SPF, and Sender ID), all with the purpose of verifying that the email address actually originated at the alleged sender’s domain.
Signature verification only works if the alleged sender’s domain supports it. INKY provides increased protection against domain spoofing attacks by using user behavioral profiling and email header analysis to determine if an email is stylistically and behaviorally consistent with previous emails from that sender.
Most anti-spoofing and phishing protection software is specific to a given device or email client. INKY integrates with an Office 365 or Microsoft Exchange server and requires no software installation on the client, meaning that it can be used anywhere.
A unique feature is the ability to click a “Report this Email” link in every email, which means users can report spam, phish, and other problematic emails from any device – web, phone, any email client, with no special software. Most email protection software only has the capability to work from an installed instance.
The best way to manage the email fraud crisis is to prevent it completely. Download this free guide to gain some security strategies to prevent and recover from email fraud.