Industry
Phishing
Definition
The fraudulent practice of sending emails or other electronic messages enables cybercriminals to access recipient data and computer systems. Previously, phishing attacks were broad, indiscriminate campaigns targeting large volumes of individuals simultaneously. Today, with the assistance of generative AI, these attacks have become highly targeted, with threat actors carefully researching potential victims before initiating a campaign.
Platforms like WormGPT and FraudGPT can now tailor email campaigns and generate code to spoof both websites and individuals within any organization, making these attacks even more sophisticated and challenging to detect.
Phishing Techniques
Spear phishing (Highly targeted)
Whaling (C-Suite targets)
Vishing (Voice activated)
Smishing (SMS phishing)
Phishing Websites (using logins and payment requirements)
Problem
Phishing Continues to be the Leading Cause to a Cybercrime Event
The escalating costs of cybercrime events in the United States are staggering, estimated to reach 452.3 billion U.S. dollars in 2024 and a whopping 1.82 trillion dollars by 2028 (Statista). The FBI 2023 Internet Crime Report from the Internet Crime Complaint Center (IC3) revealed a 10% increase in complaints, resulting in a 22% increase in losses. Phishing incidents, with almost 900,000 complaints, led all categories by a significant margin with 298,878 registered by the IC3. The proliferation of generative AI has significantly lowered the barrier to entry for less skilled threat actors, leading to widespread anticipation of increased cybercrime events in this category.
New Idea
The problem in the industry is that no phishing solution has been created for all users that truly takes the human factor into account… until NOW.
Market Need
Phishing Solutions Are Failing
Currently, there are no mechanisms to securely identify legitimate communications between two participants. Today, the only security software platforms available for identifying phishing and securing email communications are primarily preventative, yet they are failing to keep pace with evolving criminal tactics. In 2023, 35% of malware was delivered via email, and 94% of organizations reported email security incidents (Forbes/Egress 2024 Email Risk Security Report).
Morgan Stanley
According to their recent study, the global AI-based cybersecurity product market is projected to grow from $15 billion in 2021 to $135 billion by 2030 (September 11, 2024).
Solution: PhishFlagger™
Phishing Protection Personified
PhishFlagger™ is the revolutionary, human-compatible phishing solution that validates legitimate digital communications and highlights fraudulent phishing attempts. By incorporating the PhishCounter™—a unique sequential number added to the subject line of every email or electronic communication—PhishFlagger™ enables recipients to easily detect potentially fraudulent messages. This sequential number flags or quarantines incoming communications lacking the expected code, essentially creating a secure, coded verification between trusted entities.
The PhishFlagger™ protocol is protected by enforceable, disruptive, and easy-to-understand patents, offering broad licensing opportunities across multiple market segments.
IBM
According to IBM’s 2024 Cost of Data Breach report, phishing is the most common data breach vector, responsible for 15% of all breaches at an average cost of USD $4.88 million.
PhishFlagger™ Email - For Senders
The PhishCounter™ utilizes a starting number to initiate the incrementing sequence that will be used to number emails from the email sender to the recipient’s unique email address. For example, a simple random number between 1 and 9999 can be used. Then, the number is communicated to the receiver, confirming the sender’s intention to start numbering their emails using PhishFlagger™, ensuring that the recipient is aware of the email numbering and actively participates in the communication setup.
There are two types of senders: those who communicate general information, such as advertisers and marketers, where the starting number is automatically created, and those who need to communicate more sensitive information, such as banks and insurance companies, which will require two-step verification and PhishCounter™.
Now communicated and acknowledged, only the email sender and receiver know the secret starting PhishCounter™, the number for their email communications. The PhishCounter™ is always shown at the beginning of the email’s subject line.
In all cases, the receiver can validate the sender by going to www.phishflagger.com/validate and entering the sender’s email domain and the PhishFlagger™ sender ID, found in the footer of the email provided to the receiver upon receipt of the originating email.
PhishFlagger™ Email - For Recipients
Working together, the PhishCounter™ and PhishFlagger™ help keep email recipients’ communications safe. Once verified, and the PhishCounter™ starting number is established, the sender can begin sending emails with the up-counting email number in the subject line. The receiver will know the email is from the verified sender and is valid, as a threat actor’s phishing attempt will lack the secured numerical sequence.
At any point, the receiver can quickly review their email history from that sender and notice any out-of-sequence or missing numbers if they suspect suspicious activity, giving them an improved chance of identifying phishing attempts. PhishFlagger™ does this automatically. Emails from Microsoft, Apple, or Gmail, for example, can flag or quarantine messages with out-of-sequence or missing numbers automatically.
The protocol works by comparing the email number in the subject line to the PhishCounter™ tracked in its database. If there is no number, or if the number is incorrect, the PhishCounter™ is out of sequence, and the email should be flagged. In some implementations of PhishFlagger™, email systems may quarantine phishing emails before they reach inboxes or apply other security measures.
Receivers using PhishFlagger™ to protect their inboxes will gradually come to rely on and expect emails to be numbered for safety, rejecting emails from unverified senders. Many bulk emailers and advertisers who are not PhishFlagger™-verified will find their emails rejected. As more senders and receivers adopt the PhishFlagger™ protocol, inboxes will become increasingly protected from unwanted ads, spam, and fraudulent emails. Together, these methods create a robust defense against phishing.
PhishFlagger™ also brings a sense of order and efficiency to inboxes, making emails easier to identify and manage. In time, as the protocol becomes widely adopted, all email communications will be numbered, and phishing will become a thing of the past.
Products
PhishCounter™ and PhishFlagger™ Explained
Why Now?
Immediate Solutions Are Required to Address the Number One Point of Attack
Human error remains the leading cause and primary catalyst for cybercrime events. The PhishFlagger™ human-compatible protocol is designed as a response to the rising tide of cybercrime, which is projected to grow at 15% annually over the next five years.
With the average data breach costing $4.88 million in 2024 and climbing management teams and boards face increasing pressure to prevent cybercrime and manage its associated costs. Immediate solutions are essential to address this critical security issue effectively. PhishFlagger™ provides a proactive approach that combines robust security with user-friendly protocols, empowering organizations to safeguard their communications and mitigate risks.
Industries Most Commonly Targeted:
Technology
Healthcare
Education
Banking
Government
Infrastructure