Arkose Labs, the global leader in bot management and account security, today announced that its flagship platform now detects and alerts against “reverse proxy phishing” attack campaigns on customer web sites. Arkose Bot Manager is the evolution of the industry-leading Arkose platform, with phishing protection, CDN integration, and recently announced email intelligence features. Due to consistent platform innovation like this Arkose has again been ranked a leader in Bot Detection and Mitigation in G2’s Spring 2023 report, with 100 percent of users rating the solution with four or five stars.
According to the FBI Internet Crime Complaint Center (IC3), in 2022 phishing attacks were the number one internet crime, costing victims an estimated $52 million. New types of phishing attacks like Adversary-in-the-Middle (AITM) reverse proxy threaten to increase that number dramatically. Readily available tools like EvilProxy are now available to cybercriminals as a service to easily build phishing sites that steal authentication tokens and bypass multi-factor authentication (MFA).
“Cybercrime has moved from individuals lurking in the dark parts of the internet to a global business with a cybercrime-as-a-service model,” said Kevin Gosschalk, CEO of Arkose Labs. “The most effective way to beat a business is to turn the economics against them. We make it impossible to justify the cost of the fight.”
Phishing attacks have evolved, with attackers tempting users to click on malicious URLs versus attachments in 60 to 70 percent of cases. AITM reverse proxy attacks use fake websites designed to emulate legitimate sites such as a bank website. Users are driven to the fake site through a message, and asked to login. The fake site not only replicates the login process, it also includes a reverse-proxy. When a user inputs their username and password, the fake site sends that information to the real banks’ server, which triggers a one-time password (OTP) or PIN. With control of the proxy, the cyberattacker can extract credentials, including the OTP or PIN, and the cookie from the legitimate bank site, allowing them access to the user’s account.
“Phishing isn’t simply about domain block lists or analyzing website contents anymore,” said Ashish Jain, CTO of Arkose Labs. “Those methods might work against unsophisticated attacks, but new phishing attacks require a comprehensive security posture. Arkose Bot Manager beats attackers at their own game by forcing them to integrate Arkose into their fake pages with absolutely no effect on the user experience. With Arkose integrated, we can thwart a phishing attack and give the business data on the attackers—and unlike traditional phishing detection methods, Arkose Phishing Protection is able to detect and block malicious requests in real-time.”
Arkose Bot Manager
Arkose Bot Manager combines transparent detection with dynamic attack response to catch attackers early without disrupting the user experience. Arkose detection aggregates real-time device, network, and behavioral signals to spot hidden signs of bot and human-driven attacks, such as device and location spoofing. Once suspicious signals are detected, Arkose’s proprietary challenge-response technology separates the good users from the bad bots. New Arkose Bot Manager features include:
- Protection against next-generation phishing attacks, leveraging sophisticated anti-bot defense at login and non-legitimate site detection that provides businesses with visibility into traffic from non-primary domains. Arkose embeds a token in the legitimate web application or SDK. Each request dynamically verifies that the token has passed from the client to the server, causing sessions originating from a phishing website to fail.
- CDN integrations with major cloud providers and content delivery networks. These easy-to-configure integrations significantly reduce the effort and time to deploy Arkose Bot Manager on critical user flows and provide customers with several architectural options.
- Email intelligence that stops bots and bad actors from using fake or risky email addresses in attacks on online services and applications.
Arkose Bot Manager is the only bot management solution backed by two separate $1 million warranties. Building on the strength of its existing $1 million warranty against account take-over attacks, Arkose Labs today announced an additional $1 million warranty against SMS toll fraud attacks. Together, these warranties demonstrate the company’s commitment to deliver business impact, confidence, and ROI to its customers.
G2 Report Leader
Arkose Labs has been recognized for its outstanding customer support and product usability. The Spring 2023 G2 Grid® Report for Bot Detection and Mitigation rated Arkose Labs with over 98 percent customer satisfaction in every category. Arkose Bot Manager received the highest ratings among its competitors for Ease of Use, Ease of Setup, Ease of Admin, and Likelihood to Recommend.
About Arkose Labs
Arkose Labs’ mission is to create an online environment where all consumers are protected from malicious activity. Arkose Bot Manager combines powerful risk assessments with dynamic attack response that undermines the ROI behind attacks while improving good user throughput. Headquartered in San Mateo, CA with offices in Brisbane and Sydney, Australia; San Jose, Costa Rica; and London, UK; the company debuted as the 106th fastest-growing company in North America on the 2022 Deloitte Fast500 ranking. For more about Arkose Labs, including the latest bot management, account security news, and threat research, follow the company on LinkedIn.