A post-pandemic world is disrupting lifestyles in unprecedented ways. With remote working becoming the norm, the definition of workplaces is changing radically. This is exposing many organizations to hackers and cyber criminals.
The various forms of cybercrime are putting data and information at risk, as work-from-home is putting the human element right in the path of hackers. Phishing is specifically a big risk. It’s just a matter of time that a person falls for that harmless looking email.
Read more: Kaspersky iHub Invites Startups to Showcase Cybersecurity Solutions
But phishing does not only put people’s devices and financials at risk, it has become a real public security threat. The recent Twitter hack, which exposed the vulnerability of some of the highest-profile people in the world, including the potential future US president, is an example of a targeted phishing attack on a handful of Twitter employees.
Phishing prevention startup, Pixm, has found a way to stop phishing at the point of click, while running completely on device.
The Tech Panda spoke to Chris Cleveland, founder of Pixm, about the rising risk of phishing and how they are countering this threat.
Chris Cleveland
As humans, we’re always going to be vulnerable to visual tricks, impulsive clicks, and temporary lapses in judgment. But AI doesn’t feel or get duped
“As humans, we’re always going to be vulnerable to visual tricks, impulsive clicks, and temporary lapses in judgment. But AI doesn’t feel or get duped. Pixm is removing the possibility of human error and stopping these attacks before they even become a threat,” he says.
Recently, the award-winning startup launched a free browser plug-in that uses computer vision AI to analyze websites and determine if they’re impersonating a legitimate company, effectively removing the risk of human error from phishing defence.
“Pixm is like an eye in the computer, watching in real-time,” he adds.
Heightened Risk from Remote Working
As more people move online for work, the risk of malicious attacks has become more urgent and more dangerous. Early in the lockdown, the number of phishing websites went up by a 350%, with COVID-themed attacks taking advantage of people’s fear and emotions, while they cleverly mimic official communications from government agencies.
Many people are working remotely, and this exposes them to attackers in more obvious ways
In the US, these kinds of hacks impact one in four households annually. However, they’re becoming more difficult to spot as they grow more advanced, using techniques to bypass email security, multi-factor authentication, and typical user common sense practically invisible to the human eye.
“Many people are working remotely, and this exposes them to attackers in more obvious ways. The risk of malicious attacks has become more urgent. Early in the lockdown we saw a steep number of phishing websites,” says Cleveland.
He adds that organizations as well as individuals must step up to the challenges this scenario presents.
“People have to be more careful while they work on their devices about who they are communicating with and what they are opening. We can’t depend on individuals to protect networks as much as we are now. AI needs to be one of our main solutions,” he says.
The Pixm Browser Extension
Pixm’s recently launched browser extension uses computer vision AI to analyze web pages from a human perspective and stop phishing attacks that other tools miss. The free browser extension is now available on Chrome, Firefox, and all Chromium browsers including Edge, Brave, and Opera.
We can’t depend on individuals to protect networks as much as we are now. AI needs to be one of our main solutions
Pixm is the first tool that guards against phishing attacks using computer vision and deep learning AI that can virtually see what we see, detecting anomalies on web pages and immediately block phishing sites pretending to be legitimate.
This means it finds attacks without any virus or malware, which is true of 85% of phishing breaches. Also, it doesn’t require any user training and picks up threats that have slipped past email or corporate network security.
Visual Analysis with Computer Vision
When a user opens a phishing link in their browser, Pixm’s software visually analyses the page. It performs computer vision object detection coupled with spatial analysis to determine if a website is pretending to be a genuine company. If it is, it shuts it down at the point of click. At the moment, it already supports over 100 brands such as Gmail and Outlook.
“While working from home, corporate cybersecurity tools cannot fully cover us on our personal devices, as these will always be used by family members to check emails or to stream movies. That’s why Pixm brings the protection directly to your endpoint device, detecting bad links regardless of where they were clicked. This covers personal email, social media, and other applications,” Cleveland explains.
Pixm is currently working on software for mobile devices too.
“Current anti-phishing tools take a reactive approach like blacklisting IP addresses associated with known phishing attacks, which is like putting yellow tape around a crime scene. It’s useful to know, but it is not protecting victims from the crime in the first place.
Read more: 4 Ways to Secure Your Remote Workforce from a Cyberattack
“While proactive text analysis approaches are emerging at the email layer, these are easy to bypass and a low bar for hackers to overcome. But visual analysis on the user device leaves hackers no options to deceive end users and are a much more effective way to block phishing attacks,” he says.
To Make Phishing Attacks Obsolete
Cleveland founded Pixm when he built a computer vision phish detection prototype in a Columbia research class and used it to win a pitch contest. The tool’s unique approach has even caught the attention of the US military. It has an SBIR contract with the Airforce to develop usage across defence agencies.
While working from home, corporate cybersecurity tools cannot fully cover us on our personal devices, as these will always be used by family members to check emails or to stream movies
The company has been supported by Ron Gula, Precursor Ventures, Chris Wysopal, Chaac Ventures, Princeton University, and new investors include Shutterstock founder Jon Oringer and Managed by Q founder Dan Teran.
The company is also backed by well-known cybersecurity investors and former intelligence community leaders. Its pedigree is rooted in accelerators, such as GSVLabs, MassChallenge, and Highland Capital’s Cybersecurity Factory.
“Pixm’s mission is to make phishing attacks obsolete,” says Cleveland.
The company is rethinking phishing protection with a fresh ground-up perspective and bringing cutting-edge computer vision technology directly in the hands of everyday users to protect from the topmost attack vector favoured by hackers.
