Arkose Labs Introduces New Technology to Combat Advanced Phishing Attacks

  • Arkose Labs introduced new detection and alert capabilities against advanced phishing attacks.
  • The new capabilities combat an evolution in phishing called “reverse proxy phishing.”
  • Arkose Labs won Best of Show in its Finovate debut at FinovateSpring in 2019.

Bot detection specialist Arkose Labs now detects and alerts against advanced phishing attacks. The new functionality combats “reverse proxy phishing,” the latest evolution in the challenge of dealing with fraudsters and cybercriminals.

“Phishing isn’t simply about domain block lists or analyzing website contents anymore,” Arkose Labs CTO Ashish Jain said. “Those methods might work against unsophisticated attacks, but new phishing attacks require a comprehensive security posture.”

Reverse proxy attacks use fake websites to impersonate legitimate websites. Bank websites are a common target. In the process, users are encouraged to visit the fake website via a message and are asked to login. The fake website then sends the user’s information to the server of the real web site. This causes the real website to issue a one-time password (OTP) or security PIN. The fraudster can then leverage the proxy to extract user credentials, including the OTP or PIN. The attacker can also secure the cookie from the legitimate website. This enables the cybercriminal to access the user’s account.

“Arkose Bot Manager beats attackers at their own game by forcing them to integrate Arkose into their fake pages with absolutely no effect on the user experience,” Jain added. “With Arkose integrated, we can thwart a phishing attack and give the business data on the attackers – and unlike traditional phishing detection methods, Arkose Phishing Protection is able to detect and block malicious requests in real-time.”

Arkose Labs’ new advanced phishing protection comes as the company announced a new anti-fraud guarantee against SMS toll fraud attacks. The warranty covers up to one million dollars in telecom expenses if Arkose Bot Manager fails to stop an SMS toll fraud attack against one of its managed service customers.

SMS toll fraud is a type of bot attack in which large volumes of SMS messages are sent to premium rate numbers. Also known as SMS pumping or International Revenue Share Fraud (IRSF), this attack can result in sizable fraudulent SMS charges against a business. In some cases, the charges can amount to millions of dollars a month.

“This type of attack hits a company right in the wallet,” Arkose Labs CFO Frank Teruel said. “We stand confident in our platform, and Arkose already has saved customers millions in fraudulent SMS charges by stopping these attacks. Frankly, this type of warranty should be table stakes for any security vendor.”

Founded in 2017, Arkose Labs is headquartered in San Francisco, California. The company won Best of Show in its Finovate debut at FinovateSpring 2019. Arkose Labs returned to the Finovate stage two years later for FinovateFall in New York. Kevin Gosschalk is founder and CEO.


Photo by Noelle Otto