An email that appears authentic but contains a harmful link is a prevalent and effective tactic used by cybercriminals. Bolster, an AI startup, has developed an innovative method to combat this issue and has secured $14 million in funding to further its initiatives. This includes its free phishing detection service, CheckPhish, and services for its main clientele, which are brands and businesses.
The investment round was led by Microsoft’s M12, with additional funds from Thomvest Ventures, Crosslink Capital, Liberty Global Ventures, Cheyenne Ventures, Cervin Ventures, and Transform Capital. While Bolster has not revealed its current valuation, its total funding has reached approximately $40 million.
Bolster offers services that verify brands and URLs for companies that frequently communicate with customers via email, making them targets for hackers who attempt to deceive individuals or counterfeit branding to market their own products. Among Bolster’s clients are prominent companies such as Dropbox, Uber, LinkedIn, and Coinbase. The Cybersecurity Infrastructure Security Agency reports that phishing initiates over 90% of cyberattacks, which can lead to data breaches, infiltrations, or viruses.
Creating domains that closely resemble those of legitimate companies for nefarious phishing schemes has become increasingly affordable and straightforward.
Bolster’s Chief Technology Officer, Shashi Prakash, who is also a co-founder alongside CEO Abhishek Dubey, mentioned in an interview that tools for initiating phishing attacks can be acquired for as little as $10 to $20. Cybercriminals, adept in AI, are now able to swiftly set up convincing bank login pages and deploy phishing attacks in mere minutes using phishing-as-a-service platforms.
According to Prakash, these phishing schemes have evolved to become more intricate and focused. A notable incident involved WPP’s CEO, Mark Read, who was targeted in a failed extortion attempt. While it may seem unlikely, this event is indicative of the direction such scams are taking.
To combat these threats, Bolster employs machine learning and AI to monitor the internet extensively, including URLs, domain registrations, discussions on various forums, social media, and client emails, to identify and halt scam operations. This surveillance is conducted continuously, and when suspicious links are detected, Bolster neutralizes them through automated removal processes.
This method stands out as it enhances the extensive range of email security solutions currently utilized by organizations to sift through incoming emails, a critical step in preventing phishing attempts. However, should these malicious links slip through undetected, this strategy ensures that clicking on such links would lead to a dead end.
Given the complexity of managing the vast influx of emails and the elusive nature of cybercriminals, pinpointing and dismantling the source of their activities is of utmost importance.
Todd Graham, the managing partner at M12, highlighted in an interview, “Bolster’s strength lies in its capacity to autonomously eliminate the origins of these attacks, including the servers they operate from. This capability is crucial considering the magnitude of operations these cybercrime syndicates run.” While Microsoft has not established a direct partnership with Bolster, Prakash notes that their investment indicates potential collaboration in the future.
Microsoft’s engagement is multifaceted: as a prominent global entity, it runs several services that generate user-directed emails (and from personal experience, I can vouch for receiving an excessive number of dubious ‘account login’ emails purporting to be from ‘Microsoft’). Moreover, as a provider of cloud, managed, and software services to a wide array of businesses, it serves as a vital conduit to a substantial customer base. Finally, with its significant push to integrate more AI across its operations, incorporating threat protection becomes an essential component of its strategy.
Graham pointed out that although the firm primarily operates as a business-to-business (B2B) entity — with tools like CheckPhish designed for website analysis rather than individual use — its collaboration with prominent brands inherently provides a consumer perspective. This is because its core goal is to safeguard the end-users of the businesses it serves.
He explained, “Should you receive a fraudulent email masquerading as one from Microsoft, which is likely not genuine, it’s advantageous for Microsoft, Wells Fargo, or any other company involved to guarantee its detection should the email be distributed.”